A DevOps team is experiencing inconsistent application behavior in KVM guests running on a NUMA-based host. Performance analysis indicates that VMs are frequently accessing memory from remote NUMA nodes, causing high latency. Which `virsh` subcommand should be used to inspect the current NUMA configuration and CPU pinning for a running domain named `app-vm1`?
An administrator is building a minimal, secure Docker image for a Go application. To reduce the attack surface and image size, they are using a multi-stage build. Which of the following are key benefits of this approach? (Select TWO)
A system administrator needs to convert a VMware VMDK disk image (`source.vmdk`) to a QCOW2 format for use with KVM, while also enabling compression and preallocating all metadata to improve performance. Which `qemu-img convert` command achieves this?
You are tasked with setting up a highly available LXD cluster for running critical system containers. During the initialization of the second cluster node, you are prompted for the address of an existing cluster member. After providing the address and the trust password, the join process fails with a network timeout. The nodes are on the same subnet, and basic `ping` tests between them are successful. What is the most likely cause of this failure?
True or False: When using the `libvirt` provider in Vagrant, the `Vagrantfile` must explicitly define a private network for the VM to be accessible from the host, as no default NAT network is created automatically.
A financial services company is containerizing a legacy application. For compliance reasons, they must strictly control the system calls the container can make to the host kernel. The security team has provided a JSON file (`profile.json`) defining an allowed list of syscalls. Which Docker command correctly applies this seccomp profile to a container named `legacy-app`?
A systems engineer is managing a Xen hypervisor and needs to perform maintenance on the host. Before shutting down, they want to save the exact memory state of a critical Para-Virtualized (PV) domain named `db-server-pv` to disk so it can be resumed quickly later. Which `xl` command should be used to accomplish this?
You are designing a libvirt network architecture to isolate a group of development VMs from the main production network while still allowing them to access the internet. The requirements are: the VMs should be on their own private subnet (192.168.100.0/24), they should obtain IPs via DHCP, and their outbound traffic should be NAT-ed through the host's primary network interface. Which type of libvirt virtual network should you create?
A team is using Packer to build golden images for both AWS (AMI) and local QEMU (QCOW2) environments from a single HCL template. They need to run a shell script (`setup.sh`) to configure the base OS, but this script requires environment-specific variables. For AWS, it needs the `AWS_REGION`, and for QEMU, it needs a `BUILD_TYPE` variable set to `local`. How can this be achieved within the Packer template?
Case Study: A media company is migrating its video transcoding service to a containerized architecture. The service consists of a front-end web application that accepts uploads, a RabbitMQ message queue, and multiple back-end worker containers that perform the CPU-intensive transcoding tasks. The lead architect has defined the following requirements: 1. The entire multi-container application must be definable in a single, portable configuration file for easy deployment in development and staging. 2. The worker containers must not expose any ports to the host or external network, but they must be able to connect to the RabbitMQ container. 3. The front-end container needs to be accessible from the host machine on port 8080. 4. A persistent volume is required for the RabbitMQ container to ensure message durability across restarts. Which technology and configuration strategy best satisfies all of these requirements?