Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Linux Foundation > Kubernetes and Cloud Native > KCNA

KCNA Kubernetes and Cloud Native Associate Question and Answers

Question # 4

Which of these is a valid container restart policy?

A.

On login

B.

On update

C.

On start

D.

On failure

Full Access
Question # 5

What is an important consideration when choosing a base image for a container in a Kubernetes deployment?

A.

It should be minimal and purpose-built for the application to reduce attack surface and improve performance.

B.

It should always be the latest version to ensure access to the newest features.

C.

It should be the largest available image to ensure all dependencies are included.

D.

It can be any existing image from the public repository without consideration of its contents.

Full Access
Question # 6

What default level of protection is applied to the data in Secrets in the Kubernetes API?

A.

The values use AES symmetric encryption

B.

The values are stored in plain text

C.

The values are encoded with SHA256 hashes

D.

The values are base64 encoded

Full Access
Question # 7

What edge and service proxy tool is designed to be integrated with cloud native applications?

A.

CoreDNS

B.

CNI

C.

gRPC

D.

Envoy

Full Access
Question # 8

Which group of container runtimes provides additional sandboxed isolation and elevated security?

A.

rune, cgroups

B.

docker, containerd

C.

runsc, kata

D.

crun, cri-o

Full Access
Question # 9

The Container Runtime Interface (CRI) defines the protocol for the communication between:

A.

The kubelet and the container runtime.

B.

The container runtime and etcd.

C.

The kube-apiserver and the kubelet.

D.

The container runtime and the image registry.

Full Access
Question # 10

At which layer would distributed tracing be implemented in a cloud native deployment?

A.

Network

B.

Application

C.

Database

D.

Infrastructure

Full Access
Question # 11

What is the telemetry component that represents a series of related distributed events that encode the end-to-end request flow through a distributed system?

A.

Metrics

B.

Logs

C.

Spans

D.

Traces

Full Access
Question # 12

What is the resource type used to package sets of containers for scheduling in a cluster?

A.

Pod

B.

ContainerSet

C.

ReplicaSet

D.

Deployment

Full Access
Question # 13

What Kubernetes component handles network communications inside and outside of a cluster, using operating system packet filtering if available?

A.

kube-proxy

B.

kubelet

C.

etcd

D.

kube-controller-manager

Full Access
Question # 14

What is the purpose of the kube-proxy?

A.

The kube-proxy balances network requests to Pods.

B.

The kube-proxy maintains network rules on nodes.

C.

The kube-proxy ensures the cluster connectivity with the internet.

D.

The kube-proxy maintains the DNS rules of the cluster.

Full Access
Question # 15

What is a Kubernetes Service Endpoint?

A.

It is the API endpoint of our Kubernetes cluster.

B.

It is a name of special Pod in kube-system namespace.

C.

It is an IP address that we can access from the Internet.

D.

It is an object that gets IP addresses of individual Pods assigned to it.

Full Access
Question # 16

Which kubectl command is useful for collecting information about any type of resource that is active in a Kubernetes cluster?

A.

describe

B.

list

C.

expose

D.

explain

Full Access
Question # 17

Which API object is the recommended way to run a scalable, stateless application on your cluster?

A.

ReplicaSet

B.

Deployment

C.

DaemonSet

D.

Pod

Full Access
Question # 18

What is the minimum number of etcd members that are required for a highly available Kubernetes cluster?

A.

Two etcd members.

B.

Five etcd members.

C.

Six etcd members.

D.

Three etcd members.

Full Access
Question # 19

What does “continuous” mean in the context of CI/CD?

A.

Frequent releases, manual processes, repeatable, fast processing

B.

Periodic releases, manual processes, repeatable, automated processing

C.

Frequent releases, automated processes, repeatable, fast processing

D.

Periodic releases, automated processes, repeatable, automated processing

Full Access
Question # 20

In a cloud native environment, how do containerization and virtualization differ in terms of resource management?

A.

Containerization uses hypervisors to manage resources, while virtualization does not.

B.

Containerization shares the host OS, while virtualization runs a full OS for each instance.

C.

Containerization consumes more memory than virtualization by default.

D.

Containerization allocates resources per container, virtualization does not isolate them.

Full Access
Question # 21

Imagine there is a requirement to run a database backup every day. Which Kubernetes resource could be used to achieve that?

A.

kube-scheduler

B.

CronJob

C.

Task

D.

Job

Full Access
Question # 22

Which of the following capabilities are you allowed to add to a container using the Restricted policy?

A.

CHOWN

B.

SYS_CHROOT

C.

SETUID

D.

NET_BIND_SERVICE

Full Access
Question # 23

A platform engineer wants to ensure that a new microservice is automatically deployed to every cluster registered in Argo CD. Which configuration best achieves this goal?

A.

Set up a Kubernetes CronJob that redeploys the microservice to all registered clusters on a schedule.

B.

Manually configure every registered cluster with the deployment YAML for installing the microservice.

C.

Create an Argo CD ApplicationSet that uses a Git repository containing the microservice manifests.

D.

Use a Helm chart to package the microservice and manage it with a single Application defined in Argo CD.

Full Access
Question # 24

What is the main purpose of the Ingress in Kubernetes?

A.

Access HTTP and HTTPS services running in the cluster based on their IP address.

B.

Access services different from HTTP or HTTPS running in the cluster based on their IP address.

C.

Access services different from HTTP or HTTPS running in the cluster based on their path.

D.

Access HTTP and HTTPS services running in the cluster based on their path.

Full Access
Question # 25

What is the primary purpose of a Horizontal Pod Autoscaler (HPA) in Kubernetes?

A.

To automatically scale the number of Pod replicas based on resource utilization.

B.

To track performance metrics and report health status for nodes and Pods.

C.

To coordinate rolling updates of Pods when deploying new application versions.

D.

To allocate and manage persistent volumes required by stateful applications.

Full Access
Question # 26

In the DevOps framework and culture, who builds, automates, and offers continuous delivery tools for developer teams?

A.

Application Users

B.

Application Developers

C.

Platform Engineers

D.

Cluster Operators

Full Access
Question # 27

Which of the following is a good habit for cloud native cost efficiency?

A.

Follow an automated approach to cost optimization, including visibility and forecasting.

B.

Follow manual processes for cost analysis, including visibility and forecasting.

C.

Use only one cloud provider to simplify the cost analysis.

D.

Keep your legacy workloads unchanged, to avoid cloud costs.

Full Access
Question # 28

In a cloud native world, what does the IaC abbreviation stand for?

A.

Infrastructure and Code

B.

Infrastructure as Code

C.

Infrastructure above Code

D.

Infrastructure across Code

Full Access
Question # 29

What feature must a CNI support to control specific traffic flows for workloads running in Kubernetes?

A.

Border Gateway Protocol

B.

IP Address Management

C.

Pod Security Policy

D.

Network Policies

Full Access
Question # 30

Which of the following would fall under the responsibilities of an SRE?

A.

Developing a new application feature.

B.

Creating a monitoring baseline for an application.

C.

Submitting a budget for running an application in a cloud.

D.

Writing policy on how to submit a code change.

Full Access
Question # 31

In Kubernetes, what is the primary function of a RoleBinding?

A.

To provide a user or group with permissions across all resources at the cluster level.

B.

To assign the permissions of a Role to a user, group, or service account within a namespace.

C.

To enforce namespace network rules by binding policies to Pods running in the namespace.

D.

To create and define a new Role object that contains a specific set of permissions.

Full Access
Question # 32

Which of the following is a challenge derived from running cloud native applications?

A.

The operational costs of maintaining the data center of the company.

B.

Cost optimization is complex to maintain across different public cloud environments.

C.

The lack of different container images available in public image repositories.

D.

The lack of services provided by the most common public clouds.

Full Access
Question # 33

What fields must exist in any Kubernetes object (e.g. YAML) file?

A.

apiVersion, kind, metadata

B.

kind, namespace, data

C.

apiVersion, metadata, namespace

D.

kind, metadata, data

Full Access
Question # 34

What is the reference implementation of the OCI runtime specification?

A.

lxc

B.

CRI-O

C.

runc

D.

Docker

Full Access
Question # 35

What can be used to create a job that will run at specified times/dates or on a repeating schedule?

A.

Job

B.

CalendarJob

C.

BatchJob

D.

CronJob

Full Access
Question # 36

In the Kubernetes platform, which component is responsible for running containers?

A.

etcd

B.

CRI-O

C.

cloud-controller-manager

D.

kube-controller-manager

Full Access
Question # 37

Which of the following resources helps in managing a stateless application workload on a Kubernetes cluster?

A.

DaemonSet

B.

StatefulSet

C.

kubectl

D.

Deployment

Full Access
Question # 38

What is the role of the ingressClassName field in a Kubernetes Ingress resource?

A.

It defines the type of protocol (HTTP or HTTPS) that the Ingress Controller should process.

B.

It specifies the backend Service used by the Ingress Controller to route external requests.

C.

It determines how routing rules are prioritized when multiple Ingress objects are applied.

D.

It indicates which Ingress Controller should implement the rules defined in the Ingress resource.

Full Access
Question # 39

What is a best practice to minimize the container image size?

A.

Use a DockerFile.

B.

Use multistage builds.

C.

Build images with different tags.

D.

Add a build.sh script.

Full Access
Question # 40

How long should a stable API element in Kubernetes be supported (at minimum) after deprecation?

A.

9 months

B.

24 months

C.

12 months

D.

6 months

Full Access
Question # 41

Which of the following is a recommended security habit in Kubernetes?

A.

Run the containers as the user with group ID 0 (root) and any user ID.

B.

Disallow privilege escalation from within a container as the default option.

C.

Run the containers as the user with user ID 0 (root) and any group ID.

D.

Allow privilege escalation from within a container as the default option.

Full Access
Question # 42

Which of the following is a valid PromQL query?

A.

SELECT * from http_requests_total WHERE job=apiserver

B.

http_requests_total WHERE (job="apiserver")

C.

SELECT * from http_requests_total

D.

http_requests_total(job="apiserver")

Full Access
Question # 43

Which statement about Secrets is correct?

A.

A Secret is part of a Pod specification.

B.

Secret data is encrypted with the cluster private key by default.

C.

Secret data is base64 encoded and stored unencrypted by default.

D.

A Secret can only be used for confidential data.

Full Access
Question # 44

Which command will list the resource types that exist within a cluster?

A.

kubectl api-resources

B.

kubectl get namespaces

C.

kubectl api-versions

D.

curl https://kubectrl/namespaces

Full Access
Question # 45

What does the livenessProbe in Kubernetes help detect?

A.

When a container is ready to serve traffic.

B.

When a container has started successfully.

C.

When a container exceeds resource limits.

D.

When a container is unresponsive.

Full Access
Question # 46

Which are the two primary modes for Service discovery within a Kubernetes cluster?

A.

Environment variables and DNS

B.

API calls and LDAP

C.

Labels and RADIUS

D.

Selectors and DHCP

Full Access
Question # 47

What is a Service?

A.

A static network mapping from a Pod to a port.

B.

A way to expose an application running on a set of Pods.

C.

The network configuration for a group of Pods.

D.

An NGINX load balancer that gets deployed for an application.

Full Access
Question # 48

What is the default deployment strategy in Kubernetes?

A.

Rolling update

B.

Blue/Green deployment

C.

Canary deployment

D.

Recreate deployment

Full Access
Question # 49

What is the default value for authorization-mode in Kubernetes API server?

A.

--authorization-mode=RBAC

B.

--authorization-mode=AlwaysAllow

C.

--authorization-mode=AlwaysDeny

D.

--authorization-mode=ABAC

Full Access
Question # 50

What is the main role of the Kubernetes DNS within a cluster?

A.

Acts as a DNS server for virtual machines that are running outside the cluster.

B.

Provides a DNS as a Service, allowing users to create zones and registries for domains that they own.

C.

Allows Pods running in dual stack to convert IPv6 calls into IPv4 calls.

D.

Provides consistent DNS names for Pods and Services for workloads that need to communicate with each other.

Full Access
Question # 51

In a cloud native environment, who is usually responsible for maintaining the workloads running across the different platforms?

A.

The cloud provider.

B.

The Site Reliability Engineering (SRE) team.

C.

The team of developers.

D.

The Support Engineering team (SE).

Full Access
Question # 52

Which Kubernetes Service type exposes a service only within the cluster?

A.

ClusterIP

B.

NodePort

C.

LoadBalancer

D.

ExternalName

Full Access
Question # 53

Which of the following characteristics is associated with container orchestration?

A.

Application message distribution

B.

Dynamic scheduling

C.

Deploying application JAR files

D.

Virtual machine distribution

Full Access
Question # 54

What is the core functionality of GitOps tools like Argo CD and Flux?

A.

They track production changes made by a human in a Git repository and generate a human-readable audit trail.

B.

They replace human operations with an agent that tracks Git commands.

C.

They automatically create pull requests when dependencies are outdated.

D.

They continuously compare the desired state in Git with the actual production state and notify or act upon differences.

Full Access
Question # 55

If a Pod was waiting for container images to download on the scheduled node, what state would it be in?

A.

Failed

B.

Succeeded

C.

Unknown

D.

Pending

Full Access
Question # 56

Which resource do you use to attach a volume in a Pod?

A.

StorageVolume

B.

PersistentVolume

C.

StorageClass

D.

PersistentVolumeClaim

Full Access
Question # 57

Why do administrators need a container orchestration tool?

A.

To manage the lifecycle of an elevated number of containers.

B.

To assess the security risks of the container images used in production.

C.

To learn how to transform monolithic applications into microservices.

D.

Container orchestration tools such as Kubernetes are the future.

Full Access
Question # 58

How can you monitor the progress for an updated Deployment/DaemonSets/StatefulSets?

A.

kubectl rollout watch

B.

kubectl rollout progress

C.

kubectl rollout state

D.

kubectl rollout status

Full Access
Question # 59

Which field in a Pod or Deployment manifest ensures that Pods are scheduled only on nodes with specific labels?

A.

resources:

disktype: ssd

B.

labels:

disktype: ssd

C.

nodeSelector:

disktype: ssd

D.

annotations:

disktype: ssd

Full Access
Question # 60

What best describes cloud native service discovery?

A.

It's a mechanism for applications and microservices to locate each other on a network.

B.

It's a procedure for discovering a MAC address, associated with a given IP address.

C.

It's used for automatically assigning IP addresses to devices connected to the network.

D.

It's a protocol that turns human-readable domain names into IP addresses on the Internet.

Full Access
Question # 61

What component enables end users, different parts of the Kubernetes cluster, and external components to communicate with one another?

A.

kubectl

B.

AWS Management Console

C.

Kubernetes API

D.

Google Cloud SDK

Full Access
Question # 62

What sentence is true about CronJobs in Kubernetes?

A.

A CronJob creates one or multiple Jobs on a repeating schedule.

B.

A CronJob creates one container on a repeating schedule.

C.

CronJobs are useful on Linux but are obsolete in Kubernetes.

D.

The CronJob schedule format is different in Kubernetes and Linux.

Full Access
Question # 63

Which Kubernetes feature would you use to guard against split brain scenarios with your distributed application?

A.

Replication controllers

B.

Consensus protocols

C.

Rolling updates

D.

StatefulSet

Full Access
Question # 64

What is a key feature of a container network?

A.

Proxying REST requests across a set of containers.

B.

Allowing containers running on separate hosts to communicate.

C.

Allowing containers on the same host to communicate.

D.

Caching remote disk access.

Full Access
Question # 65

What is a cloud native application?

A.

It is a monolithic application that has been containerized and is running now on the cloud.

B.

It is an application designed to be scalable and take advantage of services running on the cloud.

C.

It is an application designed to run all its functions in separate containers.

D.

It is any application that runs in a cloud provider and uses its services.

Full Access
Question # 66

What is Flux constructed with?

A.

GitLab Environment Toolkit

B.

GitOps Toolkit

C.

Helm Toolkit

D.

GitHub Actions Toolkit

Full Access
Question # 67

In Kubernetes, which command is the most efficient way to check the progress of a Deployment rollout and confirm if it has completed successfully?

A.

kubectl get deployments --show-labels -o wide

B.

kubectl describe deployment my-deployment --namespace=default

C.

kubectl logs deployment/my-deployment --all-containers=true

D.

kubectl rollout status deployment/my-deployment

Full Access
Question # 68

Which Kubernetes resource workload ensures that all (or some) nodes run a copy of a Pod?

A.

DaemonSet

B.

StatefulSet

C.

kubectl

D.

Deployment

Full Access
Question # 69

What is the main purpose of etcd in Kubernetes?

A.

etcd stores all cluster data in a key value store.

B.

etcd stores the containers running in the cluster for disaster recovery.

C.

etcd stores copies of the Kubernetes config files that live /etc/.

D.

etcd stores the YAML definitions for all the cluster components.

Full Access
Question # 70

Which of the following is the correct command to run an nginx deployment with 2 replicas?

A.

kubectl run deploy nginx --image=nginx --replicas=2

B.

kubectl create deploy nginx --image=nginx --replicas=2

C.

kubectl create nginx deployment --image=nginx --replicas=2

D.

kubectl create deploy nginx --image=nginx --count=2

Full Access
Question # 71

Which of these events will cause the kube-scheduler to assign a Pod to a node?

A.

When the Pod crashes because of an error.

B.

When a new node is added to the Kubernetes cluster.

C.

When the CPU load on the node becomes too high.

D.

When a new Pod is created and has no assigned node.

Full Access