If myorg/myimage: 1.0 is unsigned, does Docker block this command?

DCA V1 0 Comments

You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0
A . Yes
B . No

Answer: A

Explanation:

When content trust is enabled, Docker blocks any command that operates on unsigned images, such as docker service create. This is because Docker Content Trust (DCT) allows users to verify the integrity and publisher of specific image tags, using digital signatures stored on a Notary server. If an image tag is not signed, or the signature cannot be verified, Docker will refuse to pull, run, or build with that image. Therefore, if myorg/myimage:1.0 is unsigned, Docker will block the command docker service create myorg/myimage:1.0 and display an error message.

Reference: Content trust in Docker

Docker Content Trust: What It Is and How It Secures Container Images

Automation with content trust

Latest DCA Dumps Valid Version with 55 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download DCA PDF     DCA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments