cloud Docker Inc

Docker Certified Associate: Container Orchestration and Management

Master Docker containers and orchestration. Image management, networking, volumes, Docker Swarm, security, and production container deployments at scale.

calendar_today December 29, 2025 schedule 18 min read person CertPractice Team

Docker Certified Associate Overview

The Docker Certified Associate (DCA) certification validates your expertise in Docker containerization and orchestration technologies. This certification demonstrates your ability to install, configure, and manage Docker environments in production, including container lifecycle management, image creation, networking, storage, and orchestration with Docker Swarm.

Docker has revolutionized application deployment and development workflows. The DCA certification proves you can leverage Docker's full ecosystem to build, ship, and run distributed applications.

lightbulb
Ideal for DCA Certification
  • DevOps engineers managing containerized applications
  • System administrators deploying Docker in production
  • Software engineers building cloud-native applications
  • Infrastructure engineers implementing container platforms
  • Those with 6-12 months Docker experience

Exam Format and Requirements

schedule
Duration
90 minutes
quiz
Questions
55 multiple choice
check_circle
Passing Score
65% (36/55 correct)
payments
Exam Fee
$195 (includes one free retake within 30 days)

Exam Characteristics

Question Types:

  • Multiple choice (select one answer)
  • Multiple select (select multiple correct answers)
  • Scenario-based questions requiring practical knowledge
  • Command syntax and troubleshooting questions

Exam Delivery:

  • Online proctored via Pearson VUE
  • Remote from home/office with webcam
  • Strict proctoring (clean workspace, no notes, one monitor)
  • Available 24/7 for scheduling

Exam Version:

  • Covers Docker Engine 20.10+ and Docker Swarm
  • Focus on production Docker deployments
  • Includes Docker Compose basics
  • Emphasizes security best practices

Exam Domains Breakdown

Domain 1: Orchestration

25% of exam

Docker Swarm Fundamentals:

  • Initialize and manage Swarm clusters
  • Add/remove manager and worker nodes
  • Understand Raft consensus and quorum
  • Backup and restore Swarm state
  • Configure Swarm for high availability

Service Management:

# Create service
docker service create --name web --replicas 3 -p 80:80 nginx

# Scale service
docker service scale web=5

# Update service
docker service update --image nginx:latest web

# Rolling updates
docker service update --update-parallelism 2 --update-delay 10s web

# Rollback service
docker service rollback web

Stacks and Compose:

  • Deploy multi-service applications with docker stack
  • Write docker-compose.yml for stack deployments
  • Manage stack lifecycle
  • Understand service dependencies

Networking in Swarm:

  • Overlay networks for multi-host communication
  • Ingress load balancing
  • Service discovery and DNS
  • Routing mesh

Secrets and Configs:

# Create secret
echo "mypassword" | docker secret create db_password -

# Use secret in service
docker service create --secret db_password mysql

# Create config
docker config create nginx.conf ./nginx.conf

# Use config in service
docker service create --config nginx.conf nginx

Domain 2: Image Creation, Management, and Registry

20% of exam

Dockerfile Best Practices:

# Multi-stage build
FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:16-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY package*.json ./
RUN npm ci --production
EXPOSE 3000
CMD ["node", "dist/main.js"]

Image Management:

# Build image
docker build -t myapp:v1.0 .

# Tag image
docker tag myapp:v1.0 myregistry.com/myapp:v1.0

# Push to registry
docker push myregistry.com/myapp:v1.0

# Pull from registry
docker pull nginx:alpine

# Inspect image layers
docker history myapp:v1.0

# Remove unused images
docker image prune -a

Docker Registry:

  • Deploy private Docker registry
  • Configure registry authentication
  • Use Docker Trusted Registry (DTR)
  • Implement image signing and verification
  • Configure registry garbage collection

Image Security:

  • Scan images for vulnerabilities
  • Use minimal base images (alpine, distroless)
  • Avoid running as root
  • Implement image signing with Docker Content Trust
  • Manage image layers efficiently

Domain 3: Installation and Configuration

15% of exam

Docker Engine Installation:

  • Install Docker on various Linux distributions
  • Configure Docker daemon (dockerd)
  • Set up Docker storage drivers (overlay2, devicemapper)
  • Configure logging drivers
  • Implement Docker Engine plugins

Docker Daemon Configuration:

// /etc/docker/daemon.json
{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "storage-driver": "overlay2",
  "default-address-pools": [
    {"base": "172.30.0.0/16", "size": 24}
  ],
  "insecure-registries": ["myregistry.com:5000"],
  "registry-mirrors": ["https://mirror.gcr.io"]
}

Storage Drivers:

  • overlay2 (recommended for most use cases)
  • devicemapper (older systems)
  • aufs (deprecated)
  • btrfs and zfs (special use cases)

Logging Configuration:

  • json-file (default)
  • syslog
  • journald
  • splunk, fluentd (third-party)

Domain 4: Networking

15% of exam

Docker Network Types:

Bridge Network (Default):

# Create custom bridge
docker network create --driver bridge my-bridge

# Connect container to network
docker run -d --network my-bridge --name web nginx

Host Network:

# Use host network stack
docker run -d --network host nginx

Overlay Network (Swarm):

# Create overlay network
docker network create --driver overlay --attachable my-overlay

# Use in service
docker service create --network my-overlay nginx

Macvlan Network:

# Create macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan-net

Network Commands:

# List networks
docker network ls

# Inspect network
docker network inspect bridge

# Connect running container
docker network connect my-bridge web

# Disconnect container
docker network disconnect my-bridge web

# Remove unused networks
docker network prune

Port Publishing:

# Publish single port
docker run -p 8080:80 nginx

# Publish to specific interface
docker run -p 127.0.0.1:8080:80 nginx

# Publish range of ports
docker run -p 8000-9000:8000-9000 myapp

# Publish all exposed ports
docker run -P nginx

DNS and Service Discovery:

  • Embedded DNS server in Docker
  • Container name resolution
  • Service discovery in Swarm
  • External DNS integration

Domain 5: Security

15% of exam

Docker Security Best Practices:

User Namespaces:

# Enable user namespace remapping
dockerd --userns-remap=default

# In daemon.json
{
  "userns-remap": "default"
}

Capabilities and Security Options:

# Drop all capabilities, add specific ones
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE nginx

# Security options
docker run --security-opt no-new-privileges nginx

# Read-only root filesystem
docker run --read-only nginx

Docker Content Trust:

# Enable content trust
export DOCKER_CONTENT_TRUST=1

# Push signed image
docker push myregistry.com/myapp:signed

# Verify signature on pull
docker pull myregistry.com/myapp:signed

Secrets Management:

  • Never hardcode secrets in images
  • Use Docker secrets in Swarm
  • Use environment variables securely
  • Implement secret rotation
  • Integrate with external secret managers

Security Scanning:

  • Scan images for vulnerabilities (Docker Scout, Clair, Trivy)
  • Implement admission control
  • Use minimal base images
  • Keep Docker and images updated
  • Monitor runtime security

Resource Limits:

# Memory limits
docker run -m 512m nginx

# CPU limits
docker run --cpus=2 nginx

# CPU shares (relative weight)
docker run --cpu-shares=512 nginx

# PID limit
docker run --pids-limit=100 nginx

Domain 6: Storage and Volumes

10% of exam

Volume Types:

Named Volumes:

# Create volume
docker volume create my-volume

# Use volume
docker run -v my-volume:/data nginx

# Inspect volume
docker volume inspect my-volume

# Remove volume
docker volume rm my-volume

Bind Mounts:

# Mount host directory
docker run -v /host/path:/container/path nginx

# Read-only bind mount
docker run -v /host/path:/container/path:ro nginx

Tmpfs Mounts:

# Temporary in-memory filesystem
docker run --tmpfs /tmp:rw,noexec,nosuid,size=100m nginx

Volume Drivers:

  • local (default)
  • nfs
  • Azure File Storage
  • AWS EFS
  • GlusterFS, Ceph (third-party)

Volume Commands:

# List volumes
docker volume ls

# Prune unused volumes
docker volume prune

# Copy data to volume
docker run --rm -v my-volume:/data -v $(pwd):/backup alpine \
  cp -r /backup/. /data/

Docker Fundamentals Mastery

Essential Docker Commands

Container Lifecycle:

# Run container
docker run -d --name web -p 80:80 nginx

# Start stopped container
docker start web

# Stop running container
docker stop web

# Restart container
docker restart web

# Pause container
docker pause web

# Unpause container
docker unpause web

# Remove container
docker rm web

# Remove running container (force)
docker rm -f web

Container Inspection:

# List running containers
docker ps

# List all containers
docker ps -a

# Container logs
docker logs web
docker logs -f --tail 100 web

# Inspect container
docker inspect web

# Container stats
docker stats web

# Execute command in container
docker exec -it web bash

# Copy files
docker cp web:/app/file.txt ./file.txt

Image Operations:

# List images
docker images

# Remove image
docker rmi nginx:alpine

# Save image to tar
docker save nginx:alpine -o nginx.tar

# Load image from tar
docker load -i nginx.tar

# Export container filesystem
docker export web -o web.tar

# Import filesystem as image
docker import web.tar myimage:latest

Dockerfile Instructions

Common Instructions:

# Base image
FROM ubuntu:20.04

# Metadata
LABEL maintainer="[email protected]"
LABEL version="1.0"

# Set working directory
WORKDIR /app

# Copy files
COPY package*.json ./
COPY . .

# Add files (with extraction)
ADD https://example.com/file.tar.gz /app/

# Run commands
RUN apt-get update && \
    apt-get install -y nginx && \
    rm -rf /var/lib/apt/lists/*

# Environment variables
ENV NODE_ENV=production
ENV PORT=3000

# Expose ports
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=3s \
  CMD curl -f http://localhost/ || exit 1

# Default user
USER node

# Volumes
VOLUME /data

# Entrypoint (cannot be overridden easily)
ENTRYPOINT ["node"]

# Default command (can be overridden)
CMD ["server.js"]

Build Arguments:

ARG NODE_VERSION=16
FROM node:${NODE_VERSION}

ARG BUILD_DATE
LABEL build-date=${BUILD_DATE}
# Build with arguments
docker build --build-arg NODE_VERSION=18 --build-arg BUILD_DATE=$(date) -t myapp .

Docker Compose Basics

version: '3.8'

services:
  web:
    image: nginx:alpine
    ports:
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    networks:
      - frontend
    depends_on:
      - api
    deploy:
      replicas: 3
      resources:
        limits:
          cpus: '0.5'
          memory: 512M
    
  api:
    build:
      context: ./api
      dockerfile: Dockerfile
    environment:
      - DATABASE_URL=postgres://db:5432/mydb
    secrets:
      - db_password
    networks:
      - frontend
      - backend
    
  db:
    image: postgres:14
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_password
    networks:
      - backend

networks:
  frontend:
  backend:

volumes:
  db-data:

secrets:
  db_password:
    external: true

Study Resources

Official Docker Resources

Practice Exams

  • 📝 Udemy DCA Practice Tests - Multiple practice exams
  • 📝 Whizlabs DCA Practice - Mock exams
  • quiz
    open_in_new

Hands-On Practice

  • 🔬 Local Docker - Install Docker Desktop or Docker Engine
  • 🔬 Play with Docker - Free online Docker playground
  • 🔬 Katacoda Docker Scenarios - Interactive tutorials
  • 🔬 Docker Swarm Clusters - Practice with DigitalOcean, AWS, or local VMs

6-Week Study Plan

Week 1: Docker Fundamentals

  • Install Docker locally
  • Master container lifecycle (run, stop, start, rm)
  • Practice docker exec, logs, inspect
  • Build simple Dockerfiles
  • Understand image layers
  • Lab time: 10-12 hours

Week 2: Image Management and Dockerfile

  • Master Dockerfile instructions
  • Implement multi-stage builds
  • Practice image tagging and pushing
  • Set up private registry
  • Implement image optimization
  • Lab time: 10-12 hours

Week 3: Networking and Storage

  • Create and use all network types
  • Practice port publishing
  • Master volume management
  • Implement bind mounts and tmpfs
  • Configure Docker daemon
  • Lab time: 12-15 hours

Week 4: Docker Swarm Orchestration

  • Initialize Swarm cluster
  • Create and manage services
  • Practice rolling updates
  • Implement secrets and configs
  • Deploy stacks with docker-compose
  • Lab time: 12-15 hours

Week 5: Security and Best Practices

  • Implement security best practices
  • Practice user namespaces
  • Configure resource limits
  • Implement Docker Content Trust
  • Scan images for vulnerabilities
  • Lab time: 10-12 hours

Week 6: Practice and Review

  • Take practice exams
  • Build complex multi-service applications
  • Practice troubleshooting scenarios
  • Review weak areas
  • Memorize commands and flags
  • Practice time: 15-20 hours

Practice Questions

Frequently Asked Questions

quizFrequently Asked Questions
Q
Do I need Kubernetes knowledge for DCA?

No, DCA focuses on Docker and Docker Swarm. Kubernetes is not covered.

Q
Is Docker Swarm still relevant with Kubernetes dominance?

Yes, Docker Swarm is simpler and still used in many organizations. DCA validates Docker fundamentals applicable to any orchestration platform.

Q
How much hands-on experience do I need?

Recommended 6-12 months of Docker usage. Strong fundamentals and hands-on practice are essential.

Q
Can I use Docker documentation during exam?

No, the exam is closed-book. No documentation or external resources allowed.

Q
What happens if I fail?

You get one free retake within 30 days of first attempt.

Q
Is DCA worth it with Kubernetes being more popular?

Yes, Docker skills are foundational. Most Kubernetes workloads run Docker containers. DCA validates core containerization knowledge.

Q
How long is certification valid?

2 years. Recertify by retaking the exam.

Q
What's the salary impact?

Docker certified professionals earn $95,000-$140,000 depending on location and role.


DCA Success Tips:

  1. 1 Hands-on practice is mandatory - 60+ hours minimum
  2. 2 Master Docker CLI - Know commands by heart
  3. 3 Understand Docker Swarm - 25% of exam
  4. 4 Security matters - Best practices heavily tested
  5. 5 Practice exams - Take multiple mock tests

Docker certification validates skills needed for modern application deployment. Master Docker, and you'll understand the foundation of cloud-native computing!

group

CertPractice Team

Expert certification guides and study tips

Ready to Get Docker Inc Certified?

Start practicing with our DCA question bank. Get instant feedback and track your progress.