Table of Contents
Docker Certified Associate Overview
The Docker Certified Associate (DCA) certification validates your expertise in Docker containerization and orchestration technologies. This certification demonstrates your ability to install, configure, and manage Docker environments in production, including container lifecycle management, image creation, networking, storage, and orchestration with Docker Swarm.
Docker has revolutionized application deployment and development workflows. The DCA certification proves you can leverage Docker's full ecosystem to build, ship, and run distributed applications.
- DevOps engineers managing containerized applications
- System administrators deploying Docker in production
- Software engineers building cloud-native applications
- Infrastructure engineers implementing container platforms
- Those with 6-12 months Docker experience
Exam Format and Requirements
Exam Characteristics
Question Types:
- Multiple choice (select one answer)
- Multiple select (select multiple correct answers)
- Scenario-based questions requiring practical knowledge
- Command syntax and troubleshooting questions
Exam Delivery:
- Online proctored via Pearson VUE
- Remote from home/office with webcam
- Strict proctoring (clean workspace, no notes, one monitor)
- Available 24/7 for scheduling
Exam Version:
- Covers Docker Engine 20.10+ and Docker Swarm
- Focus on production Docker deployments
- Includes Docker Compose basics
- Emphasizes security best practices
Exam Domains Breakdown
Domain 1: Orchestration
25% of exam
Docker Swarm Fundamentals:
- Initialize and manage Swarm clusters
- Add/remove manager and worker nodes
- Understand Raft consensus and quorum
- Backup and restore Swarm state
- Configure Swarm for high availability
Service Management:
# Create service
docker service create --name web --replicas 3 -p 80:80 nginx
# Scale service
docker service scale web=5
# Update service
docker service update --image nginx:latest web
# Rolling updates
docker service update --update-parallelism 2 --update-delay 10s web
# Rollback service
docker service rollback web
Stacks and Compose:
- Deploy multi-service applications with docker stack
- Write docker-compose.yml for stack deployments
- Manage stack lifecycle
- Understand service dependencies
Networking in Swarm:
- Overlay networks for multi-host communication
- Ingress load balancing
- Service discovery and DNS
- Routing mesh
Secrets and Configs:
# Create secret
echo "mypassword" | docker secret create db_password -
# Use secret in service
docker service create --secret db_password mysql
# Create config
docker config create nginx.conf ./nginx.conf
# Use config in service
docker service create --config nginx.conf nginx
Domain 2: Image Creation, Management, and Registry
20% of exam
Dockerfile Best Practices:
# Multi-stage build
FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:16-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY package*.json ./
RUN npm ci --production
EXPOSE 3000
CMD ["node", "dist/main.js"]
Image Management:
# Build image
docker build -t myapp:v1.0 .
# Tag image
docker tag myapp:v1.0 myregistry.com/myapp:v1.0
# Push to registry
docker push myregistry.com/myapp:v1.0
# Pull from registry
docker pull nginx:alpine
# Inspect image layers
docker history myapp:v1.0
# Remove unused images
docker image prune -a
Docker Registry:
- Deploy private Docker registry
- Configure registry authentication
- Use Docker Trusted Registry (DTR)
- Implement image signing and verification
- Configure registry garbage collection
Image Security:
- Scan images for vulnerabilities
- Use minimal base images (alpine, distroless)
- Avoid running as root
- Implement image signing with Docker Content Trust
- Manage image layers efficiently
Domain 3: Installation and Configuration
15% of exam
Docker Engine Installation:
- Install Docker on various Linux distributions
- Configure Docker daemon (dockerd)
- Set up Docker storage drivers (overlay2, devicemapper)
- Configure logging drivers
- Implement Docker Engine plugins
Docker Daemon Configuration:
// /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2",
"default-address-pools": [
{"base": "172.30.0.0/16", "size": 24}
],
"insecure-registries": ["myregistry.com:5000"],
"registry-mirrors": ["https://mirror.gcr.io"]
}
Storage Drivers:
- overlay2 (recommended for most use cases)
- devicemapper (older systems)
- aufs (deprecated)
- btrfs and zfs (special use cases)
Logging Configuration:
- json-file (default)
- syslog
- journald
- splunk, fluentd (third-party)
Domain 4: Networking
15% of exam
Docker Network Types:
Bridge Network (Default):
# Create custom bridge
docker network create --driver bridge my-bridge
# Connect container to network
docker run -d --network my-bridge --name web nginx
Host Network:
# Use host network stack
docker run -d --network host nginx
Overlay Network (Swarm):
# Create overlay network
docker network create --driver overlay --attachable my-overlay
# Use in service
docker service create --network my-overlay nginx
Macvlan Network:
# Create macvlan network
docker network create -d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 macvlan-net
Network Commands:
# List networks
docker network ls
# Inspect network
docker network inspect bridge
# Connect running container
docker network connect my-bridge web
# Disconnect container
docker network disconnect my-bridge web
# Remove unused networks
docker network prune
Port Publishing:
# Publish single port
docker run -p 8080:80 nginx
# Publish to specific interface
docker run -p 127.0.0.1:8080:80 nginx
# Publish range of ports
docker run -p 8000-9000:8000-9000 myapp
# Publish all exposed ports
docker run -P nginx
DNS and Service Discovery:
- Embedded DNS server in Docker
- Container name resolution
- Service discovery in Swarm
- External DNS integration
Domain 5: Security
15% of exam
Docker Security Best Practices:
User Namespaces:
# Enable user namespace remapping
dockerd --userns-remap=default
# In daemon.json
{
"userns-remap": "default"
}
Capabilities and Security Options:
# Drop all capabilities, add specific ones
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE nginx
# Security options
docker run --security-opt no-new-privileges nginx
# Read-only root filesystem
docker run --read-only nginx
Docker Content Trust:
# Enable content trust
export DOCKER_CONTENT_TRUST=1
# Push signed image
docker push myregistry.com/myapp:signed
# Verify signature on pull
docker pull myregistry.com/myapp:signed
Secrets Management:
- Never hardcode secrets in images
- Use Docker secrets in Swarm
- Use environment variables securely
- Implement secret rotation
- Integrate with external secret managers
Security Scanning:
- Scan images for vulnerabilities (Docker Scout, Clair, Trivy)
- Implement admission control
- Use minimal base images
- Keep Docker and images updated
- Monitor runtime security
Resource Limits:
# Memory limits
docker run -m 512m nginx
# CPU limits
docker run --cpus=2 nginx
# CPU shares (relative weight)
docker run --cpu-shares=512 nginx
# PID limit
docker run --pids-limit=100 nginx
Domain 6: Storage and Volumes
10% of exam
Volume Types:
Named Volumes:
# Create volume
docker volume create my-volume
# Use volume
docker run -v my-volume:/data nginx
# Inspect volume
docker volume inspect my-volume
# Remove volume
docker volume rm my-volume
Bind Mounts:
# Mount host directory
docker run -v /host/path:/container/path nginx
# Read-only bind mount
docker run -v /host/path:/container/path:ro nginx
Tmpfs Mounts:
# Temporary in-memory filesystem
docker run --tmpfs /tmp:rw,noexec,nosuid,size=100m nginx
Volume Drivers:
- local (default)
- nfs
- Azure File Storage
- AWS EFS
- GlusterFS, Ceph (third-party)
Volume Commands:
# List volumes
docker volume ls
# Prune unused volumes
docker volume prune
# Copy data to volume
docker run --rm -v my-volume:/data -v $(pwd):/backup alpine \
cp -r /backup/. /data/
Docker Fundamentals Mastery
Essential Docker Commands
Container Lifecycle:
# Run container
docker run -d --name web -p 80:80 nginx
# Start stopped container
docker start web
# Stop running container
docker stop web
# Restart container
docker restart web
# Pause container
docker pause web
# Unpause container
docker unpause web
# Remove container
docker rm web
# Remove running container (force)
docker rm -f web
Container Inspection:
# List running containers
docker ps
# List all containers
docker ps -a
# Container logs
docker logs web
docker logs -f --tail 100 web
# Inspect container
docker inspect web
# Container stats
docker stats web
# Execute command in container
docker exec -it web bash
# Copy files
docker cp web:/app/file.txt ./file.txt
Image Operations:
# List images
docker images
# Remove image
docker rmi nginx:alpine
# Save image to tar
docker save nginx:alpine -o nginx.tar
# Load image from tar
docker load -i nginx.tar
# Export container filesystem
docker export web -o web.tar
# Import filesystem as image
docker import web.tar myimage:latest
Dockerfile Instructions
Common Instructions:
# Base image
FROM ubuntu:20.04
# Metadata
LABEL maintainer="[email protected]"
LABEL version="1.0"
# Set working directory
WORKDIR /app
# Copy files
COPY package*.json ./
COPY . .
# Add files (with extraction)
ADD https://example.com/file.tar.gz /app/
# Run commands
RUN apt-get update && \
apt-get install -y nginx && \
rm -rf /var/lib/apt/lists/*
# Environment variables
ENV NODE_ENV=production
ENV PORT=3000
# Expose ports
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
# Default user
USER node
# Volumes
VOLUME /data
# Entrypoint (cannot be overridden easily)
ENTRYPOINT ["node"]
# Default command (can be overridden)
CMD ["server.js"]
Build Arguments:
ARG NODE_VERSION=16
FROM node:${NODE_VERSION}
ARG BUILD_DATE
LABEL build-date=${BUILD_DATE}
# Build with arguments
docker build --build-arg NODE_VERSION=18 --build-arg BUILD_DATE=$(date) -t myapp .
Docker Compose Basics
version: '3.8'
services:
web:
image: nginx:alpine
ports:
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
networks:
- frontend
depends_on:
- api
deploy:
replicas: 3
resources:
limits:
cpus: '0.5'
memory: 512M
api:
build:
context: ./api
dockerfile: Dockerfile
environment:
- DATABASE_URL=postgres://db:5432/mydb
secrets:
- db_password
networks:
- frontend
- backend
db:
image: postgres:14
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
networks:
- backend
networks:
frontend:
backend:
volumes:
db-data:
secrets:
db_password:
external: true
Study Resources
Official Docker Resources
Recommended Courses
Practice Exams
- 📝 Udemy DCA Practice Tests - Multiple practice exams
- 📝 Whizlabs DCA Practice - Mock exams
Hands-On Practice
- 🔬 Local Docker - Install Docker Desktop or Docker Engine
- 🔬 Play with Docker - Free online Docker playground
- 🔬 Katacoda Docker Scenarios - Interactive tutorials
- 🔬 Docker Swarm Clusters - Practice with DigitalOcean, AWS, or local VMs
6-Week Study Plan
Week 1: Docker Fundamentals
- Install Docker locally
- Master container lifecycle (run, stop, start, rm)
- Practice docker exec, logs, inspect
- Build simple Dockerfiles
- Understand image layers
- Lab time: 10-12 hours
Week 2: Image Management and Dockerfile
- Master Dockerfile instructions
- Implement multi-stage builds
- Practice image tagging and pushing
- Set up private registry
- Implement image optimization
- Lab time: 10-12 hours
Week 3: Networking and Storage
- Create and use all network types
- Practice port publishing
- Master volume management
- Implement bind mounts and tmpfs
- Configure Docker daemon
- Lab time: 12-15 hours
Week 4: Docker Swarm Orchestration
- Initialize Swarm cluster
- Create and manage services
- Practice rolling updates
- Implement secrets and configs
- Deploy stacks with docker-compose
- Lab time: 12-15 hours
Week 5: Security and Best Practices
- Implement security best practices
- Practice user namespaces
- Configure resource limits
- Implement Docker Content Trust
- Scan images for vulnerabilities
- Lab time: 10-12 hours
Week 6: Practice and Review
- Take practice exams
- Build complex multi-service applications
- Practice troubleshooting scenarios
- Review weak areas
- Memorize commands and flags
- Practice time: 15-20 hours
Practice Questions
Test your Docker knowledge with realistic exam scenarios.
Frequently Asked Questions
No, DCA focuses on Docker and Docker Swarm. Kubernetes is not covered.
Yes, Docker Swarm is simpler and still used in many organizations. DCA validates Docker fundamentals applicable to any orchestration platform.
Recommended 6-12 months of Docker usage. Strong fundamentals and hands-on practice are essential.
No, the exam is closed-book. No documentation or external resources allowed.
You get one free retake within 30 days of first attempt.
Yes, Docker skills are foundational. Most Kubernetes workloads run Docker containers. DCA validates core containerization knowledge.
2 years. Recertify by retaking the exam.
Docker certified professionals earn $95,000-$140,000 depending on location and role.
DCA Success Tips:
- 1 Hands-on practice is mandatory - 60+ hours minimum
- 2 Master Docker CLI - Know commands by heart
- 3 Understand Docker Swarm - 25% of exam
- 4 Security matters - Best practices heavily tested
- 5 Practice exams - Take multiple mock tests
Docker certification validates skills needed for modern application deployment. Master Docker, and you'll understand the foundation of cloud-native computing!
CertPractice Team
Expert certification guides and study tips