You configure a local Docker engine to enforce content trust by setting the environment v…

Question

You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.
If myorg/myimage:1.0 is unsigned, does Docker block this command? docker image build, from a Dockerfile that begins FROM myorg/myimage:1.0

Accepted Answer

Correct answer: A. A. Yes — The correct answer is Yes because when DOCKER_CONTENT_TRUST is set to 1, Docker enforces content trust and will block any operations using unsigned images. In this case, myorg/myimage:1.0 is unsigned, so the build command is not allowed. The other option, No, is incorrect because it contradicts the enforced security policy of content trust.

Docker Certified Associate (DCA) — Question 23

Answer options

Correct answer: A

Explanation