Your organization operates a three-node Docker Swarm cluster. A new microservice will be deployed as a replicated service and must meet these requirements:
tasks must communicate across nodes by DNS service name,
traffic between containers must be encrypted in transit, and
no additional physical-network or VLAN configuration may be performed on the hosts.
Which Docker network configuration BEST satisfies these requirements?
Use a macvlan network in bridge mode and assign VLAN tags for isolation.
Publish the service only on the built-in ingress network and rely on the routing mesh for encryption.
Run the service on the default bridge network and enable inter-container communication (ICC).
Create a user-defined overlay network with the --opt encrypted flag (and attach the service to that network).
An overlay network created with the overlay driver supports service-level DNS resolution and cross-node connectivity in Swarm. Adding the flag --opt encrypted when the network is created enables IPsec encryption of all container-to-container traffic, satisfying the requirement for in-transit protection without any host-level changes.
A user-defined bridge network works only on containers running on the same Docker daemon and offers no encryption, so it cannot meet the cross-node or security requirements. A macvlan network exposes each container directly on the physical network and therefore needs specific parent interfaces, VLANs, or switch support and still does not provide encryption by itself, violating the "no additional configuration" constraint. The built-in ingress network provides the routing mesh for published ports but does not encrypt application traffic between service tasks, so it also fails to meet the encryption requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an overlay network, and how does it work in Docker Swarm?
Open an interactive chat with Bash
How does IPsec encryption secure container-to-container communication?
Open an interactive chat with Bash
Why do other network configurations like bridge or macvlan fail in this scenario?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Automation, Orchestration, and Scripting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access