efficience-it · lacatoire · Feb 8, 2026 · Feb 8, 2026
diff --git a/README.md b/README.md
@@ -83,6 +83,10 @@ The goal is to help candidates:
 * [Describe and interpret errors to troubleshoot installation issues without assistance.](data/3_installation_and_configuration/install_troubleshooting.yaml)
 * [Describe and demonstrate the steps to deploy the Docker engine, UCP (now MKE), and DTR (now MSR) on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml)
 * [Describe and demonstrate how to configure backups for UCP (now MKE) and DTR (now MSR).](data/3_installation_and_configuration/backup_ucp_dtr.yaml)
+* [Describe daemon.json configuration.](data/3_installation_and_configuration/daemon_json_config.yaml)
+* [Describe Docker editions (CE vs EE).](data/3_installation_and_configuration/docker_editions.yaml)
+* [Describe proxy configuration for Docker.](data/3_installation_and_configuration/proxy_configuration.yaml)
+* [Describe rootless Docker mode.](data/3_installation_and_configuration/rootless_docker.yaml)
 
 ### Domain 4: Networking (15% of exam)
 
@@ -98,6 +102,10 @@ The goal is to help candidates:
 * [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP (now MKE) controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml)
 * [Describe and demonstrate how to deploy a service on a Docker overlay network.](data/4_Networking/deploy_overlay_service.yaml)
 * [Describe and demonstrate how to troubleshoot container and engine logs to resolve connectivity issues between containers.](data/4_Networking/troubleshoot_container_connectivity.yaml)
+* [Describe Docker DNS resolution.](data/4_Networking/docker_dns.yaml)
+* [Describe macvlan networks.](data/4_Networking/macvlan_networks.yaml)
+* [Describe advanced network troubleshooting.](data/4_Networking/network_troubleshooting_advanced.yaml)
+* [Describe network scoping (local vs swarm).](data/4_Networking/network_scoping.yaml)
 
 ### Domain 5: Security (15% of exam)
 

diff --git a/data/3_installation_and_configuration/daemon_json_config.yaml b/data/3_installation_and_configuration/daemon_json_config.yaml
@@ -0,0 +1,72 @@
+questions:
+  - uuid: a1d3e7c4-5f28-4b91-8e6a-3c9d0f1b7a24
+    question: What is the default location of the Docker daemon configuration file on Linux?
+    answers:
+      - { value: '/var/lib/docker/config.json', correct: false }
+      - { value: '/etc/docker/daemon.json', correct: true }
+      - { value: '/usr/local/docker/daemon.conf', correct: false }
+      - { value: '/etc/default/docker.json', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: b4e6f8a2-9c13-4d75-a0b8-7e2f5d3c1a96
+    question: Which key in daemon.json is used to configure insecure registries?
+    answers:
+      - { value: 'allow-http-registries', correct: false }
+      - { value: 'registry-mirrors', correct: false }
+      - { value: 'insecure-registries', correct: true }
+      - { value: 'no-tls-registries', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#insecure-registries
+
+  - uuid: c7a9d1e5-3b46-4f82-9d0c-8a6e2f4b7c53
+    question: How do you enable debug mode in the Docker daemon using daemon.json?
+    answers:
+      - { value: 'Set "log-level": "debug"', correct: false }
+      - { value: 'Set "debug": true', correct: true }
+      - { value: 'Set "verbose": true', correct: false }
+      - { value: 'Set "mode": "debug"', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: d2f4b8c6-1e73-4a59-b6d0-5c9a3e7f2d18
+    question: What happens if the same option is set both in daemon.json and as a dockerd command-line flag?
+    answers:
+      - { value: 'The daemon.json value takes precedence', correct: false }
+      - { value: 'The command-line flag takes precedence', correct: false }
+      - { value: 'Docker fails to start and reports a configuration conflict', correct: true }
+      - { value: 'Docker merges both values together', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: e5a1c3d7-8b29-4f6e-a4c2-6d0b9e7f3a85
+    question: Which signal can be sent to the Docker daemon to reload daemon.json without restarting the daemon?
+    answers:
+      - { value: 'SIGTERM', correct: false }
+      - { value: 'SIGKILL', correct: false }
+      - { value: 'SIGHUP', correct: true }
+      - { value: 'SIGUSR1', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: f8b2d4e6-0a57-4c91-b3e5-9f1a7c6d2b48
+    question: Which key in daemon.json is used to configure custom DNS servers for all containers?
+    answers:
+      - { value: 'nameservers', correct: false }
+      - { value: 'dns', correct: true }
+      - { value: 'resolv-conf', correct: false }
+      - { value: 'dns-servers', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: 1a3c5e7b-2d49-4f80-96a1-8b0e4f6c3d72
+    question: Which daemon.json key allows you to define default subnet pools for user-defined bridge networks?
+    answers:
+      - { value: 'subnet-pools', correct: false }
+      - { value: 'bridge-subnets', correct: false }
+      - { value: 'default-address-pools', correct: true }
+      - { value: 'network-pools', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+
+  - uuid: 2b4d6f8a-3e51-4c92-a7b2-9c1f5e7d4a63
+    question: Which daemon.json options can be reloaded with SIGHUP without restarting the Docker daemon?
+    answers:
+      - { value: 'storage-driver and data-root', correct: false }
+      - { value: 'debug, labels, and insecure-registries', correct: true }
+      - { value: 'iptables and ip-forward', correct: false }
+      - { value: 'All daemon.json options can be reloaded without restart', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
diff --git a/data/3_installation_and_configuration/docker_editions.yaml b/data/3_installation_and_configuration/docker_editions.yaml
@@ -0,0 +1,54 @@
+questions:
+  - uuid: 3c5e7a9b-4f62-4d83-b8c3-0d2a6e8f5b74
+    question: What replaced Docker Enterprise Edition after Mirantis acquired it in 2019?
+    answers:
+      - { value: 'Docker Business Edition', correct: false }
+      - { value: 'Docker Pro', correct: false }
+      - { value: 'Mirantis Container Runtime', correct: true }
+      - { value: 'Docker Enterprise Community', correct: false }
+    help: https://docs.docker.com/engine/
+
+  - uuid: e915b4e4-d94a-4139-b6f8-3716c08c4191
+    question: Which release channel provides the most recent stable Docker CE builds intended for production use?
+    answers:
+      - { value: 'edge', correct: false }
+      - { value: 'nightly', correct: false }
+      - { value: 'stable', correct: true }
+      - { value: 'beta', correct: false }
+    help: https://docs.docker.com/engine/install/
+
+  - uuid: b5ee83b7-5ba4-4d4e-a3c5-ffcc33686e34
+    question: Which Docker release channel is intended for pre-release testing and includes features not yet available in the stable channel?
+    answers:
+      - { value: 'nightly', correct: false }
+      - { value: 'test', correct: true }
+      - { value: 'edge', correct: false }
+      - { value: 'dev', correct: false }
+    help: https://docs.docker.com/engine/install/
+
+  - uuid: f25cd4d9-b00d-47e6-9607-6179d5b531a9
+    question: What is Docker Desktop?
+    answers:
+      - { value: 'A lightweight Linux-only CLI tool for managing Docker images', correct: false }
+      - { value: 'An application for Mac and Windows that provides a GUI and bundled Docker Engine, CLI, Compose, and Kubernetes', correct: true }
+      - { value: 'A browser-based management console for Docker Swarm clusters', correct: false }
+      - { value: 'A Docker plugin for managing virtual machines on desktop systems', correct: false }
+    help: https://docs.docker.com/desktop/
+
+  - uuid: 5dd4a9a8-8765-4b2a-8101-040d1fe37fe7
+    question: Which component is the open-source Docker container runtime available on Linux, commonly installed via package managers?
+    answers:
+      - { value: 'Docker Desktop', correct: false }
+      - { value: 'Docker Machine', correct: false }
+      - { value: 'Docker Engine', correct: true }
+      - { value: 'Docker Toolbox', correct: false }
+    help: https://docs.docker.com/engine/
+
+  - uuid: 17c0df34-7659-4175-8a93-44810e7e8284
+    question: Docker Desktop requires a paid subscription for professional use in organizations of what size?
+    answers:
+      - { value: 'More than 10 employees', correct: false }
+      - { value: 'More than 100 employees', correct: false }
+      - { value: 'More than 250 employees or more than $10 million in annual revenue', correct: true }
+      - { value: 'All organizations regardless of size', correct: false }
+    help: https://docs.docker.com/subscription/
diff --git a/data/3_installation_and_configuration/proxy_configuration.yaml b/data/3_installation_and_configuration/proxy_configuration.yaml
@@ -0,0 +1,54 @@
+questions:
+  - uuid: ff898791-1a5f-4cf9-9272-0c8f10cee3b6
+    question: Where should you configure HTTP_PROXY and HTTPS_PROXY environment variables so that the Docker daemon uses them on a systemd-based Linux system?
+    answers:
+      - { value: '/etc/docker/daemon.json', correct: false }
+      - { value: 'A systemd drop-in file such as /etc/systemd/system/docker.service.d/http-proxy.conf', correct: true }
+      - { value: '/etc/environment', correct: false }
+      - { value: '/var/lib/docker/proxy.conf', correct: false }
+    help: https://docs.docker.com/engine/daemon/proxy/
+
+  - uuid: 7e04292f-182e-4eab-8369-c38f3514f445
+    question: Which file configures proxy settings that are automatically applied to containers during docker build and docker run?
+    answers:
+      - { value: '/etc/docker/daemon.json', correct: false }
+      - { value: '~/.docker/config.json', correct: true }
+      - { value: '/etc/default/docker', correct: false }
+      - { value: '~/.bashrc', correct: false }
+    help: https://docs.docker.com/network/proxy/
+
+  - uuid: fef6b35f-f2c1-475e-82b4-62049ba12732
+    question: Which environment variable is used to specify hosts that should bypass the proxy for the Docker daemon?
+    answers:
+      - { value: 'PROXY_BYPASS', correct: false }
+      - { value: 'DOCKER_NO_PROXY', correct: false }
+      - { value: 'NO_PROXY', correct: true }
+      - { value: 'SKIP_PROXY', correct: false }
+    help: https://docs.docker.com/engine/daemon/proxy/
+
+  - uuid: 99c5acd0-c628-4c5c-9414-131d9e329e3e
+    question: What command must be run after creating or modifying a systemd drop-in file for Docker proxy configuration?
+    answers:
+      - { value: 'systemctl restart docker', correct: false }
+      - { value: 'systemctl daemon-reload followed by systemctl restart docker', correct: true }
+      - { value: 'dockerd --reload', correct: false }
+      - { value: 'service docker reload', correct: false }
+    help: https://docs.docker.com/engine/daemon/proxy/
+
+  - uuid: 634bfe0a-1f67-4862-8bd6-b838f2899364
+    question: In ~/.docker/config.json, under which key are proxy settings for containers configured?
+    answers:
+      - { value: 'proxyConfig', correct: false }
+      - { value: 'network', correct: false }
+      - { value: 'proxies', correct: true }
+      - { value: 'httpSettings', correct: false }
+    help: https://docs.docker.com/network/proxy/
+
+  - uuid: d3f070b3-0919-4551-807c-c6a63c0fe440
+    question: When proxy settings are configured in ~/.docker/config.json, how are they passed to containers?
+    answers:
+      - { value: 'As Docker labels on the container', correct: false }
+      - { value: 'As environment variables injected automatically into the container', correct: true }
+      - { value: 'As arguments appended to the container entrypoint', correct: false }
+      - { value: 'As DNS records resolved by the Docker embedded DNS server', correct: false }
+    help: https://docs.docker.com/network/proxy/
diff --git a/data/3_installation_and_configuration/rootless_docker.yaml b/data/3_installation_and_configuration/rootless_docker.yaml
@@ -0,0 +1,54 @@
+questions:
+  - uuid: ca71052a-2e37-4568-8e90-e622eac367ec
+    question: Which script is used to install and configure Docker in rootless mode?
+    answers:
+      - { value: 'docker-rootless-install.sh', correct: false }
+      - { value: 'dockerd-rootless-setuptool.sh install', correct: true }
+      - { value: 'docker-setup --rootless', correct: false }
+      - { value: 'install-docker-rootless.sh', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
+
+  - uuid: 6d8f0b2c-7a95-4eb6-8f96-3e5bdf1a6c07
+    question: What must the DOCKER_HOST environment variable be set to when using Docker in rootless mode?
+    answers:
+      - { value: 'tcp://localhost:2375', correct: false }
+      - { value: 'unix:///var/run/docker.sock', correct: false }
+      - { value: 'unix://$XDG_RUNTIME_DIR/docker.sock', correct: true }
+      - { value: 'unix:///tmp/docker-rootless.sock', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
+
+  - uuid: 7e9a1c3d-8b06-4fc7-9a07-4f6cea2b7d18
+    question: Which of the following is a limitation of Docker rootless mode by default?
+    answers:
+      - { value: 'Containers cannot use bridge networking', correct: false }
+      - { value: 'Containers cannot use volumes', correct: false }
+      - { value: 'The --privileged flag is not allowed', correct: true }
+      - { value: 'Only one container can run at a time', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
+
+  - uuid: 62ee1613-cf07-4037-84e3-b2c2202a69eb
+    question: Which networking component does Docker rootless mode use by default instead of iptables for port forwarding?
+    answers:
+      - { value: 'nftables', correct: false }
+      - { value: 'slirp4netns', correct: true }
+      - { value: 'macvlan', correct: false }
+      - { value: 'ipvlan', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
+
+  - uuid: ece30377-a80c-4948-8071-baf6fe0e169d
+    question: Which kernel feature must be enabled for Docker rootless mode to provide UID/GID isolation between the host and containers?
+    answers:
+      - { value: 'cgroups v2', correct: false }
+      - { value: 'seccomp', correct: false }
+      - { value: 'user namespaces (unprivileged)', correct: true }
+      - { value: 'AppArmor', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
+
+  - uuid: 268277e6-27f1-4d4f-a88e-edf7942f2e4b
+    question: Which security module is not natively supported inside containers running in Docker rootless mode?
+    answers:
+      - { value: 'seccomp', correct: false }
+      - { value: 'SELinux', correct: false }
+      - { value: 'AppArmor', correct: true }
+      - { value: 'capabilities', correct: false }
+    help: https://docs.docker.com/engine/security/rootless/
diff --git a/data/4_Networking/docker_dns.yaml b/data/4_Networking/docker_dns.yaml
@@ -0,0 +1,72 @@
+questions:
+  - uuid: a3c7e1d4-5f28-4b9a-8e61-3d2f7c9a0b14
+    question: What is the IP address of the embedded DNS server that Docker provides to containers on user-defined networks?
+    answers:
+      - { value: '127.0.0.1', correct: false }
+      - { value: '127.0.0.11', correct: true }
+      - { value: '172.17.0.1', correct: false }
+      - { value: '8.8.8.8', correct: false }
+    help: https://docs.docker.com/config/containers/container-networking/#dns-services
+
+  - uuid: b8d4f2e5-6a39-4c0b-9f72-4e3a8d1b2c25
+    question: On which type of Docker network does automatic DNS-based container name resolution work?
+    answers:
+      - { value: 'The default bridge network', correct: false }
+      - { value: 'User-defined networks only', correct: true }
+      - { value: 'All networks including host mode', correct: false }
+      - { value: 'Only overlay networks', correct: false }
+    help: https://docs.docker.com/config/containers/container-networking/#dns-services
+
+  - uuid: 2d245c7f-6a3d-4723-8b78-a997a3962933
+    question: What does the --dns flag do when passed to a docker run command?
+    answers:
+      - { value: 'It changes the embedded DNS server address from 127.0.0.11', correct: false }
+      - { value: 'It sets a custom DNS server that the container uses for external name resolution', correct: true }
+      - { value: 'It disables DNS resolution entirely for the container', correct: false }
+      - { value: 'It configures DNS for the Docker daemon globally', correct: false }
+    help: https://docs.docker.com/config/containers/container-networking/#dns-services
+
+  - uuid: ad53b53d-28c7-4512-a074-45170876e547
+    question: What is the purpose of the --dns-search flag in a docker run command?
+    answers:
+      - { value: 'It searches for containers with matching DNS names', correct: false }
+      - { value: 'It enables DNS lookup logging for debugging', correct: false }
+      - { value: 'It sets the DNS search domain so unqualified hostnames are resolved under that domain', correct: true }
+      - { value: 'It restricts DNS queries to a specific network', correct: false }
+    help: https://docs.docker.com/config/containers/container-networking/#dns-services
+
+  - uuid: aa179ba0-8c07-41ae-9363-a9e918be1f48
+    question: Two containers named "web" and "api" are running on the same user-defined bridge network. How can the "web" container reach the "api" container?
+    answers:
+      - { value: 'By using the IP address of the Docker host', correct: false }
+      - { value: 'By using the container name "api" as the hostname', correct: true }
+      - { value: 'By publishing a port on the "api" container and using localhost', correct: false }
+      - { value: 'By using the container ID as the hostname on the default bridge', correct: false }
+    help: https://docs.docker.com/network/bridge/#differences-between-user-defined-bridges-and-the-default-bridge
+
+  - uuid: 9efc07d2-66ac-4556-8adf-87aa53686147
+    question: How does Docker Swarm provide DNS-based service discovery for services deployed on an overlay network?
+    answers:
+      - { value: 'Each task registers with an external Consul DNS server', correct: false }
+      - { value: 'The Swarm manager resolves service names to the virtual IP (VIP) of the service', correct: true }
+      - { value: 'Services must be configured with --dns pointing to the manager node', correct: false }
+      - { value: 'Service discovery is only available when using the host network driver', correct: false }
+    help: https://docs.docker.com/network/overlay/#service-discovery
+
+  - uuid: 77bcecab-5128-413f-bc60-d5929760a3a0
+    question: What is DNS round-robin in the context of Docker networking?
+    answers:
+      - { value: 'A method that assigns a unique DNS name to each container on a network', correct: false }
+      - { value: 'A resolution mode where a DNS lookup for a service name returns the IP addresses of all backing containers in rotation', correct: true }
+      - { value: 'A technique that forces DNS queries to alternate between internal and external DNS servers', correct: false }
+      - { value: 'A failover mechanism that redirects DNS traffic to a secondary Docker host', correct: false }
+    help: https://docs.docker.com/network/overlay/#customize-the-default-ingress-network
+
+  - uuid: 0b2a7d26-453c-433d-a3c2-ba9ef79a878e
+    question: Which docker run flag can be used to assign a network alias that other containers can use for DNS resolution?
+    answers:
+      - { value: '--hostname', correct: false }
+      - { value: '--name', correct: false }
+      - { value: '--network-alias', correct: true }
+      - { value: '--dns-alias', correct: false }
+    help: https://docs.docker.com/engine/reference/commandline/run/#network-alias