Kubernetes and Cloud Native Associate Certification Exam (KCNA) Practice Test 1
Q. When using a GitOps practice, what happens when a merge request is approved to a Git repository?
Changes are automatically applied to the target system or platformThe changes are queued for deployment after an architect approves them
Any existing resources or applications are destroyed and replaced based on the new configurations
The changes are manually deployed by the architect or engineer
Q. Which of the following is NOT a valid Kubernetes SIG?
storagecertification
architecture
networking
Q. Prometheus follows what type of model for collecting metrics from target systems?
HTTP Request ModelJob-Based Query Model
Pull-Based Model
Push-Based Model
Q. In Kubernetes, what is the primary role of a "Service," and how does it achieve this role?
to manage configuration settings for pods and maintain their state.to distribute container images efficiently across the cluster by using load balancing
to expose a set of pods and provide network access to them by defining a stable endpoint
to automate the scaling of pods based on resource utilization and demand
Q. What is the name of the collective group of individuals responsible for overseeing the overall direction of the Kubernetes project in the CNCF?
Special Interest GroupKubernetes Steering Committee
Working Group
Kubernetes Enhancement Proposals
Q. You have multiple workloads running on your Kubernetes cluster and must collect logs for security and monitoring purposes. To achieve this, you need a log collector running on every node in the cluster. What Kubernetes feature will ensure a log collector pod is always running on every node in the cluster, even as nodes are added and removed from the cluster?
DaemonSetReplicaSet
Deployment
StatefulSet
Q. Which of the following is NOT a key concept in building a resilient and self-healing application?
The application is defined as code, otherwise known as a desired stateAbility to automatically adjust the resources based on demand, also known as autoscaling
Reconciliation to execute commands or tasks as needed
Updates and fixes are resolved via simple manual changes
Ongoing observability to understand the current state of the application
Q. In Kubernetes, what is a "Job"?
It's a container image stored in a Kubernetes repositoryA Kubernetes resource used to manage short-lived, batch-processing tasks
A Kubernetes resource used to define a long-running service
A high-availability configuration for a Kubernetes cluster
Q. Which of the following best describes the benefits of observability of a system or application?
Ensures that your system is invisible to potential hackers, enhancing security.Guarantees 100% uptime, even during power outages and hardware failures
The ability to understand and measure the current and/or historical state of a system based on metrics generated by the system or application
Gives an organization the ability to transform the software development lifecycle into an entirely automated process
Q. How can namespaces be used in Kubernetes to divide a cluster into virtual clusters, providing isolation and organization?
By using network segmentation to isolate cluster resourcesBy creating separate clusters using different Kubernetes installations
By physically separating nodes into distinct clusters
By partitioning the cluster into isolated namespaces
Q. What limitation is associated with using node selectors in Kubernetes for pod scheduling?
Node selectors cannot be used to schedule pods on worker nodesNode selectors require manual intervention for every pod deployment
Node selectors are unable to target specific nodes based on labels
Node selectors are not suitable for handling complex node selection criteria
Q. What is the primary purpose of using annotations in a Kubernetes definition file?
Add metadata and information to resources for documentation, monitoring, or auditing purposesConfigure network policies for pod communication
Specify resource limits for pods and containers
Categorize and identify resources based on key-value pairs
Q. In Kubernetes, what is the primary purpose of a PVC?
To specify the number of replicas for a deploymentTo request access to a specific amount of persistent storage for a pod
To configure network policies for communication between pods
To define the resource limits for a pod
Q. You have written a new Kubernetes manifest file named bk-app.yaml as shown below. What command would you use to deploy this file to your cluster?
apiVersion: apps/v1 kind: Deployment metadata: name: bk-app-deployment spec: replicas: 3 selector: matchLabels: app: bk-app template: metadata: labels: app: bk-app spec: containers: - name: bk-app-container image: nginx:latest ports: - containerPort: 80kubectl describe bk-app.yaml
kubectl get bk-app -o wide
kubelet deploy bk-app.yaml
kubectl apply -f bk-app.yaml
Q. What is a container in the context of computing and software development?
A virtual machine used to run multiple applications on a single computer to save on physical resourcesA type of programming language used to create user interfaces accessed by an organization's customers
A standardized and isolated package used to run applications that include an application and all its dependencies
A physical storage device for files and documents that are consumed by production applications
Q. What are the benefits of using Git to store and manage both infrastructure and application code?
Git enables organizations to perform frequent manual changes to an environmentGit allows you to track changes, revert to previous versions, and collaborate effectively for infrastructure resources and applications
Git ensures that all team members are working on the same version of code, as it only supports a single repository and feature branch
Git ensures code is stored locally on team member's workstations and laptops
Q. Which of the following is a cloud-native architecture that allows developers to run custom server-side code in containers that are commonly managed by a cloud service provider?
virtual machinesedge computing
bare metal servers
serverless
Q. Rather than running a container directly, what does Kubernetes use to schedule and run the container?
a serverless functiona Helm chart
a virtualized host
a Pod
Q. What is the primary function of the Kubernetes project?
an automation platform to run serverless functions on public cloud providersa monitoring solution focused on gathering metrics for containerized applications
a platform for scheduling and managing containers at scale
an orchestration platform to quickly build container images
Q. What are the benefits of implementing a plugin architecture for various Kubernetes components, including CSI, CNI, and SMI interfaces?
to introduce overhead for communications between plugins and the targeted backendto enforce vendor lock-in to ensure customers can use solutions from only supported vendors
users can select the service or solution that suits their needs without vendor or technological lock-in concerns.
eliminates security vulnerabilities within a Kubernetes environment
Q. Prometheus is an open-source monitoring tool designed to collect data from systems. From the list below, what type of data is Prometheus designed to collect?
TracesMetrics
Events
Logs
Q. In Kubernetes, what typically happens when an image specified in a pod's configuration cannot be downloaded during deployment?
The deployment fails, and Kubernetes rolls back to the previous version.Kubernetes retries the image download periodically until it succeeds.
Kubernetes automatically substitutes the missing image with a default placeholder.
The pod remains in a pending state until the image becomes available.
Q. When measuring the performance of a system, SLO/SLA/SLI are commonly used to define targets or goals. What does the acronym SLI stand for?
System Log InspectorServer Latency Index
Service Level Indicator
Software License Integration
Q. What is the primary purpose of using 'Pod Anti-Affinity' in Kubernetes scheduling?
To ensure that pods with a specific label are scheduled on the same node for enhanced performanceTo guarantee that pods always run on the node with the most available resources
To prioritize pods with the same label for scheduling on the same nodes, improving load balancing
To prevent pods from being scheduled on the same node, promoting fault tolerance and reliability
Q. What component in a Kubernetes cluster is responsible for running workloads and applications?
Schedulerkube-proxy
Control-plane
Node
Q. Which of the following statements best describes how a Kubernetes manifest uses a declarative model?
Kubernetes manifests allow you to specify the exact sequence of steps for deploying and managing containers.Kubernetes manifests define the desired state of resources and let Kubernetes reconcile the current state with the desired state.
Kubernetes manifests provide a procedural script for automating infrastructure changes.
Kubernetes manifests are used to execute imperative commands directly on the cluster nodes.
Q. Which tool would you use to simplify the installation and management of a complex web application on a Kubernetes cluster on Kubernetes?
Helmkubectl
kube-proxy
kubeconfig
Q. What is a key difference between static pods and pods created using DaemonSets?
Static pods are created by the local kubelet running on each nodeDaemonSets are created by the kube-api server
Static pods are impacted by the kube-scheduler but DaemonSets are ignored
Static pods are often used to deploy monitoring agents or log collectors across all nodes
Q. What is the term for the process of bringing the observed state of an application or system in line with the desired state?
AutoscalingMicroservices
Observability
Reconciliation
Q. You are deploying a multi-tier application that includes a frontend and backend service. You want the frontend service to automatically find and connect to only healthy backend service instances. Which cloud-native networking solution would help meet this requirement?
Service discoveryPod network
Service registration
eBPF
Q. What architecture is commonly associated with breaking up a larger, monolith application into smaller, loosely coupled services that represent a specific function or application?
Three-tierServerless
Event-driven
Microservices
Q. You are managing a Kubernetes cluster and need to see a list of all the pods. What command can you run to view all of the pods?
kubectl pods -view-allkubectl get pods
kubectl show me the pods
kubectl pods list
Q. You have an application running on a Kubernetes cluster but want to manually scale out the number of pods. What is the process to scale the number of pods without impacting existing workloads in the deployment?
Add a load balancer server to the definition file and indicate the number of targets. Deploy the updated definition using the kubectl update deployment/appCreate a new definition file that indicates the desired number of pods to add to the deployment. Apply the definition file using kubectl update -f bryan.yaml deployment/app
Run the command kubectl deploy --scale=5
Modify the definition file and update the number of replicas to the desired number. Apply the new configuration using kubectl apply -f bryan.yaml
Q. In the event that the Kubernetes control plane becomes unavailable, what happens to the existing pods that are running on a cluster?
When the control plane fails, the existing pods will immediately become unavailableAll existing pods on the cluster will immediately be rescheduled on another cluster with a surviving control plane
Existing pods will continue to run and support updates or changes as needed
Existing pods on the cluster will continue to run without interruption
Q. How can you use a selector in Kubernetes to identify and manage resources based on their labels?
By configuring ingress controllers for labeled resourcesBy setting resource quotas to limit the number of labeled resources
By defining labels for resources and using selectors in resource specifications
By creating custom metrics for labeled resources
Q. After collecting metrics, what popular tool is often integrated with Prometheus to display dashboards and present the metrics in graphical form?
Kubernetes DashboardElasticsearch and Kibana (ELK Stack)
Docker Compose
Grafana
Q. What security mechanism would you use to secure (encrypt) communication between internal Kubernetes services within a cluster?
Network PoliciesTransport Layer Security (TLS)
Ingress Controllers
Role-Based Access Control (RBAC)
Q. Which Kubernetes controller is responsible for managing workloads that require persistent data?
DeploymentData
StatefulSet
Scheduler
Q. Which organization is responsible for maintaining the Kubernetes project and serves as the governing body for any updates and changes?
GoogleCloud Native Computing Foundation (CNCF)
Linux Foundation
HashiCorp
Q. What Kubernetes feature will ensure the scheduler distributes an application across user-defined fault zones, such as physical nodes?
load balancingthe API server
network policies
pod topology spread constraints
Q. What is a common name used for the kubectl configuration file?
kubectl.ymlkubeconfig
kubeapp.json
kubecuttle
Q. You have a Kubernetes cluster with nodes that have specialized hardware accelerators (e.g., GPUs) and nodes without accelerators. You want to ensure that a specific set of pods, labeled as app=ml-app, always run on nodes with GPUs to maximize performance. Which Kubernetes feature should you use for this purpose?
Service AccountsNode Affinity
Resource Quotas
Taints and Tolerations
Q. What cloud-native architecture feature enables the ability for an application or service to adjust resources based on user demand automatically?
CI/CDmicroservices
autoscaling
containerization
Q. Why is using a static password or token file generally not recommended for authenticating users in Kubernetes?
static files increase the complexity of cluster configurationstatic files are cleartext files that can be easily shared among users, compromising security
static files require frequent updates and maintenance
static files do not support multi-factor authentication (MFA)
Q. Which is NOT a benefit of using open standards when developing or integrating different technologies?
developed through a collaborative and consensus-based processhelps lock in users to a particular vendor or product
promotes interoperability, portability, and vendor neutrality
enables different technologies and products to work together seamlessly
Q. What is a key reason for using Open Policy Agent (OPA) in a Kubernetes cluster?
monitor and log Kubernetes cluster eventsdirectly manage Kubernetes resources and configurations
create container images for Kubernetes applications
enforce custom policies and governance on Kubernetes objects
Q. What is the main purpose of using namespaces in Kubernetes?
isolate nodes within a cluster, ensuring that they do not interfere with each other's resourcessegregate pods, services, and other resources into distinct virtual clusters within a single physical cluster
distribute workloads across multiple clusters for high availability and redundancy
provide secure access control and authorization at the cluster level, enhancing cluster security
Q. What role requires experience with programming languages as well as operational tools such as deployment, monitoring, and logging?
Cloud ArchitectApplication Developer
DevOps Engineer
Platform Engineer
Q. Which of the following is NOT one of the guiding principles of GitOps?
changes are frequently done via manual changesuses declarative model
the environment is continuously reconciled
changes are made using a pull-based approach
code is versioned and immutable
Q. What does the term horizontal scaling refer to in the context of system architecture?
optimizing a single machine's performance to handle increased traffic efficientlyincreasing the capacity of a system by adding more machines or nodes
improving software code to make applications run faster and smoother
consolidating multiple virtual machines into a single, larger server to simplify management and reduce costs
Q. What is the primary purpose of using a CronJob resource in Kubernetes?
facilitate inter-service communication in a microservices architecturemanage and automate recurring batch jobs or tasks
create persistent storage volumes for applications
automatically scale pods based on CPU usage
Q. In Kubernetes, what are the two primary update strategies for managing changes to a deployment?
Immediate Update and Gradual UpdateBlue-Green and Canary Deployments
Rolling Update and Recreate Update
Incremental and Non-Incremental Updates
Q. Which best represents the definition of Continuous Integration (CI)?
Automating the building and testing of application code with the goal of identifying issues before they reach the live environment.Automating the testing of the infrastructure used to run workloads in production environments.
Automating the deployment of application code to production environments, eliminating manual changes which may reduce system stability.
Automating the deployment of application updates from dev and test environments all the way up to production.
Q. What is the primary purpose of etcd in a Kubernetes cluster?
to manage network communication between podsto execute control plane operations
to store container images for pod deployments
to maintain cluster configuration and state data
Q. Which definition offers the most precise representation of logs within the context of system observability?
a numerical record of data that indicates the state of a particular component or action taken by a userthe ability to follow a request as it flows through a system or application
a key/value pair associated with a particular metric generated by a system
records of events that have occurred which contain information about a specific event
Q. Workload-related objects, such as statefulsets and deployments, are defined in what popular API group?
workload/v1apps/v1
core/v1
storage.k8s.io
Q. In cloud-native architecture, what approach allows you to define the desired outcome of the architecture without writing a step-by-step procedure to achieve a goal?
procedural approachsimplified approach
imperative approach
declarative approach
Q. What component of Kubernetes is responsible for downloading the image and starting the container?
API servercontainer runtime
kube-proxy
scheduler
Q. You're managing a Kubernetes cluster with different user groups, each with its own resource allocation and scheduling needs. To address this, you've started using Kubernetes Scheduler Profiles. What is the purpose of Scheduler Profiles?
limit the total number of pods that can be scheduled in the clustercontrol the access and permissions of users within the cluster
automate the scaling of worker nodes based on resource demands
define custom scheduling rules and configure the different stages of scheduling in the kube-scheduler
Q. Why might you use multiple custom schedulers alongside the default scheduler in Kubernetes?
to accommodate different workload requirements and policiesreduce the number of nodes in the cluster
improve the performance of containerized applications
to simplify resource management within the cluster