0
0
Dockerdevops~20 mins

Content trust and image signing in Docker - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Content Trust Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Enable Docker Content Trust and pull an image
What is the output when you run the following commands with Docker Content Trust enabled?

export DOCKER_CONTENT_TRUST=1
docker pull alpine:latest

Assume the image is signed and available.
Docker
export DOCKER_CONTENT_TRUST=1
docker pull alpine:latest
A
Pulling trust metadata
Error: trust data expired for alpine:latest
BError: image verification failed: no trust data for alpine:latest
C
Pulling from library/alpine
Status: Image is unsigned, cannot pull
D
Pulling trust metadata
latest: Pulling from library/alpine
Digest: sha256:... 
Status: Downloaded newer image for alpine:latest
Attempts:
2 left
💡 Hint
Docker Content Trust verifies signatures before pulling images.
🧠 Conceptual
intermediate
1:30remaining
Purpose of Docker Content Trust
Which of the following best describes the main purpose of Docker Content Trust?
ATo verify the integrity and publisher of Docker images using digital signatures
BTo automatically update Docker images to the latest version
CTo speed up Docker image downloads
DTo encrypt Docker images during transfer
Attempts:
2 left
💡 Hint
Think about what 'trust' means in software distribution.
Troubleshoot
advanced
2:00remaining
Troubleshooting image pull failure with content trust
You try to pull a signed image with Docker Content Trust enabled but get this error:

Error: remote trust data does not exist for docker.io/library/nginx:latest

What is the most likely cause?
AThe image digest has changed but the signature was not updated
BYour Docker client version is too old to support content trust
CThe image is unsigned or no trust data was published for this tag
DYour network connection is blocking Docker Hub
Attempts:
2 left
💡 Hint
The error mentions 'remote trust data does not exist'.
🔀 Workflow
advanced
2:30remaining
Steps to sign a Docker image using Notary
What is the correct order of steps to sign a Docker image using Docker Content Trust and Notary?
A3,1,2,4
B1,2,3,4
C1,3,2,4
D3,2,1,4
Attempts:
2 left
💡 Hint
You need keys before pushing signed images.
Best Practice
expert
3:00remaining
Best practice for managing Docker Content Trust keys
Which practice is the most secure and recommended way to manage Docker Content Trust signing keys in a team environment?
AShare the root signing key file among all team members via email
BStore root keys in a secure hardware security module (HSM) or vault and use delegation keys for daily signing
CKeep all keys on a shared network drive accessible to the team
DGenerate new root keys for each image push to avoid key reuse
Attempts:
2 left
💡 Hint
Think about limiting exposure of the most sensitive keys.