Kubernetes and Cloud Native Associate Certification Exam (KCNA) Practice Test 2

Q. What is the primary purpose that the Open GitOps project aims to solve?

To increase the interoperability of the Kubernetes project with existing and future GitOps tools available in the market today
Define and standardize best practices for GitOps and create a common language and understanding of GitOps that can be used by everyone
Develop new GitOps tools that can be widely adopted by organizations that will help simplify the way applications are deployed and managed
Simplify the Kubernetes project and reduce the number of components required to successfully orchestrate containerized applications

Q. What component of a Kubernetes cluster is made up of a collection of independent services that are essentially the "brains" of a cluster?

control plane
kubelet
API server
etcd

Q. What makes a role a "full stack" developer?

a full-stack developer can eat a full stack of pancakes
a full-stack engineer is one that understands both IPv4 and IPv6, making them skilled in multiple TCP stacks
a full-stack engineer understands how to architect and secure large databases that support dual-stack applications
a full-stack developer understands and can develop solutions for the front-end and back-end components of a system

Q. In your Kubernetes cluster, you have a pod (web) that runs two containers: an app and a sidecar container. How can you get detailed information about the pod to view the container names?

kubectl -f get web
kubectl get pod web --describe
kubectl pod info web
kubectl describe pod web

Q. In the context of container security, what is a recommended best practice regarding containers running as the root user?

allow containers to run as root without any restrictions
run containers as root only when using privileged containers
run all containers as the root user to simplify access control
run containers as non-root users whenever possible to enhance security

Q. Which of the following components are typically found on worker nodes in a Kubernetes cluster?

Kubelet
Kubernetes API Server
kube-proxy
etcd

Q. Based on the code below, which of the following is NOT a label that can be used to filter the object that will be created on the Kubernetes cluster?

apiVersion: v1
kind: Pod
metadata:
  name: krausen-app
  labels:
    application: web-app
    training: kcna
    course: practice exam
spec:
  containers:
...

application: web-app
course: practice exam
training: kcna
name: krausen-app

Q. Which of the following is NOT a valid container runtime that can be used with Kubernetes?

Containerd
Docker Engine
CRI-O
Amazon Lambda

Q. When considering the security of credentials for a platform, which type of deployment is more secure?

pull-based deployments
neither push-based nor pull-based deployments are secure
both push-based and pull-based deployments are equally secure
push-based deployments

Q. What is the role of gVisor in a Kubernetes environment?

gVisor is a monitoring and logging solution for collecting performance data in Kubernetes clusters
gVisor is the default container runtime that Kubernetes uses to run containerized applications
gVisor is a Kubernetes distribution that simplifies the installation of Kubernetes clusters
gVisor is a security-focused container runtime that provides an additional layer of isolation for containers running in Kubernetes

Q. You have created a namespace with default limits of 1 CPU and 256Gi of memory. What are the default resources assigned to a pod if the definition file doesn't specify any requirements?

0.5 CPU, 256Gi memory
1 CPU, 256Gi memory
10 CPU, 256Gi memory
5 CPU, 512Gi memory

Q. Which of the following is NOT a way to create new pods on a worker node with a definition file?

by placing the definition file on the etcd cluster where it will be picked up automatically by the kube-api server
by uploading the definition file to the scheduler's default directory
through the Kubernetes HTTP API endpoint
create a definition file and place it in the static pod directory of /etc/kubernetes/manifests

Q. You have a single Kubernetes cluster that you want to run multiple workloads managed by different teams. Therefore, you need to isolate the users and workloads. What Kubernetes feature can be used to safely and easily meet these requirements?

ingress controllers
pods
namespaces
helm charts

Q. What is NOT a benefit of using a pull-based system like Prometheus for the observability of a system or application?

Reduces the chances that the metrics server could become overloaded by too many incoming connections
Using a pull-based approach makes it easier for the system to tell if a target is down
Creates a central source of truth by allowing you to define a definitive list of targets to monitor
Simplifies the configuration of an event-based system for monitoring events

Q. What is the primary purpose of using spread constraints in Kubernetes?

To define affinity rules that require pods with specific labels to run together on the same node for performance optimization
To ensure that all pods have the same resource requests and limits for consistent performance
To specify that certain pods should never be scheduled on the same node, enhancing fault tolerance
To distribute pods of a specific service evenly across all nodes in the cluster to improve load balancing

Q. Which of the following is one of the three crucial Kubernetes services that operate on worker nodes?

Container runtime
Control plane
Kube-proxy
Kubelet

Q. Knative and OpenFaas are examples of what kind of platform commonly used to deploy and execute functions on Kubernetes clusters?

serverless
container runtimes
service mesh interfaces (SMI)
autoscaling

Q. You see a resource request for 5 CPU units in a resource definition file. What is a CPU unit equivalent to?

one physical processor on the underlying host
1/10th of a processor core
one physical CPU core or one virtual core
the entire processing capacity of the host

Q. How can you manually assign a pod to a specific node in a Kubernetes cluster?

specify the node's IP address in the nodeNameIP field
add the pod's name as the podName value on the cluster node configuration
use a label selector in the node field on the node configuration
provide the name of the target node in the nodeName field in the pod definition file

Q. What are some advantages of using a hosted Kubernetes service, such as AWS EKS or Google Kubernetes Engine (GKE), compared to managing your own Kubernetes cluster?

Hosted Kubernetes services offer greater customization options.
Hosted Kubernetes services simplify cluster management and maintenance
Hosted Kubernetes services are typically more cost-effective
Hosted Kubernetes services provide more control over infrastructure

Q. You want to use taints and tolerations in your Kubernetes environment and need to apply the settings. Which statement is correct regarding taints and tolerations?

taints are set on nodes using the kubectl command
tolerations are added to the pod definition file to define the key, value, operator, and effect
tolerations are applied directly on the nodes using the kubectl apply command
taints are set on the pod using the pod definition file under global.spec.taint

Q. What term best describes the process of automating container deployment and management, which includes managing connectivity and scaling based on user demand?

docker runtime
container load balancing
container virtualization
container orchestration

Q. In the context of service mesh, what does "east-west traffic" refer to?

traffic that exits a data center and travels to external services
traffic between a user's device and a service within the data center
traffic flowing between services within the same data center or cluster
traffic that originates from external sources and enters the data center

Q. By default, Kubernetes implements a flat network to enable communication and networking between pods. What is this network called?

node network
container network
pod network
service network

Q. Which key component of Kubernetes is the cluster store built on and is responsible for storing configuration data and maintaining cluster state?

scheduler
kubelet
etcd
pods

Q. What is the primary purpose of annotations in Kubernetes?

to determine the access control policies for pods and services
to define the network policies for pods within a cluster
to define and specify the desired state of a pod
to provide additional metadata or information about Kubernetes resources

Q. When scheduling a pod, what phases are used to determine the best node to assign the pod?

Prioritization and Image Availability
Filtering and Scoring
Sharding and Certification
Security Awareness and Lowest Networking Port Number

Q. What feature does Kubernetes use to implement the pod network to create a large, flat open network that pods can use to communicate on?

load balancers
DNS
static IP addresses
third-party Container Network Interface (CNI) plugins

Q. What type of deployment approach involves the creation of step-by-step instructions to provision an application or infrastructure?

declarative
procedural
imperative
process-oriented

Q. What happens when the ArgoCD operator detects changes in the repo used to store Kubernetes manifests?

rolls back to the previous stable version of the application
waits for manual approval before applying the changes
approves the pull request and applies the changes
reconciles the desired state with the actual state of the cluster

Q. How do controllers operate within the Kubernetes ecosystem to maintain the desired state of resources in a cluster?

Controllers enforce resource state by directly modifying the resource definitions in manifests.
Controllers periodically query resource states and manually adjust them as needed.
Controllers use a declarative approach, reconciling the current state with the desired state as defined in resource manifests.
Controllers primarily focus on monitoring and reporting, leaving resource management to the Kubernetes API server.

Q. You have a Kubernetes Deployment managing an application workload that has changing demand throughout the day. What feature of Kubernetes can be used to automatically scale the number of pods in the Deployment as load increases and delete pods when demand decreases?

cluster scaling
horizontal pod autoscaler
vertical pod autoscaler
container advisor (cAdvisor)

Q. In a cloud-native architecture, which solution is typically used to connect thousands of services across different clusters, providing features like load balancing, traffic management, and observability?

Ingress Controllers
StatefulSets
Service Mesh
Kubernetes Deployments

Q. Which of the following is NOT a requirement for autoscaling to be cloud native?

the application must provide an API to query
the application AND infrastructure need to be able to scale independently
scaling has to include scaling up and scaling down
scaling has to be automatic

Q. What platform was the first to standardize the distribution of container images and comply with the OCI distribution specification?

Azure Container Registry
Docker Hub
Google Container Registry
Amazon Elastic Container Registry (ECR)

Q. When deploying a cloud-native application, which of the following is a key factor to consider for using autoscaling?

The application itself must be designed to scale
Autoscaling must be able to scale up to meet user's demand but scale down to ensure cost savings and efficient use of resources
The application should support vertical scaling for high availability
The underlying infrastructure should be designed to scale effectively

Q. What year did Google initially develop Kubernetes?

2000
2023
2010
2014

Q. Which of the following CLI commands allows you to create objects in Kubernetes?

kubectl diff
kubectl get
kubectl apply
kubectl create

Q. What declarative GitOps tool was developed by Intuit and is a graduated CNCF project?

Kubernetes
Flux
Argo
Jenkins

Q. You are a Kubernetes administrator frequently working in multiple namespaces. What is the most efficient way for you to configure the desired namespace so you don't have to specify the namespace each time you run a kubectl command?

use the kubectl switch-namespace command to switch namespaces temporarily
use environment variables to set the current namespace in your shell session
add the --namespace flag to every kubectl command you run
define a Kubernetes context for the target namespace using kubectl config set-context

Q. You have been tasked with refactoring an existing application to make it cloud-native. What benefit can the organization expect after completion?

increased resiliency for the application resulting in high availability
on-demand based scaling to ensure availability and increased cost savings
more secure application architectures as a result of few vulnerabilities
increased human interaction with application scaling and availability

Q. Which of the following strategies can be used to help reduce costs in a public cloud platform?

Use autoscaling to automatically scale resources down when the user load has decreased
Keep development and QA resources running throughout the weekend
Deleting unneeded resources from your accounts
Choosing the proper infrastructure or services to run your application, such as using reserved or spot instances where applicable

Q. What is a key benefit of Special Interest Groups in managing the Kubernetes project?

Allows them to focus on particular areas of the project
Enables a faster pace of innovation
Allows for faster development of features and bug fixes
Allows individual groups to oversee the entire Kubernetes project at once

Q. What group did the CNCF create to oversee and define GitOps in a vendor-neutral manner?

CNCF Community Group
Technical Oversight Board
Argo Project
GitOps Working Group

Q. Which component represents the smallest deployable unit of computing that you can create and manage in Kubernetes?

Node
API
Kubelet
Pod

Q. How often are new versions of Kubernetes released?

one a week (weekly)
every four months (3x yearly)
twice a month (bi-monthly)
every month (monthly)

Q. You are managing user access in a Kubernetes cluster. You've noticed that Kubernetes lacks objects to represent normal user accounts, and you cannot add normal users to the cluster through an API call. What mechanism is typically used to manage user authentication and access to a Kubernetes cluster?

use the Kubernetes API server to manually add user accounts to the cluster
leverage Kubernetes ServiceAccounts to grant access to normal users
implement an external identity provider (e.g., LDAP or OIDC) to authenticate and manage user access
create Kubernetes User objects to represent normal users and use them for authentication

Q. What is a Kubernetes cluster?

a collection of containers that share the same IP address
set of nodes (computers) that work together to run containerized applications orchestrated by Kubernetes
a group of interconnected servers used for hosting websites
a type of software-defined storage system for managing data in a cloud environment

Q. When operating a managed service, it's common to have a contract between a vendor and a user that guarantees a specific Service Level Objective (SLO). What are these agreements often called?

Reliability Commitment Contracts (RCC)
Service Level Agreement (SLA)
Super Lucrative Agreement (SLA)
Performance Assurance Arrangements (PAA)

Q. What OCI standard defines the structure, format, and metadata of container images used in containerization technologies like Docker and Kubernetes?

image spec
runtime-spec
distribution-spec
container-spec

Q. When creating a resource definition file, what section would you define labels that apply to the resource itself?

metadata
spec
selectors
containers

Q. Which fundamental data storage concept does Prometheus rely on to effectively organize and manage collected metric data?

time-based database
relational database
distributed key-value store
wide-column store database

Q. You need to examine the logs for a pod named prd-nginx-app. What command would you use to display these logs to the CLI?

kubectl logs prd-nginx-app
kubectl get pod prd-nginx-app
kubectl describe -l prd-nginx-app
kubectl debug prd-nginx-app

Q. How do you specify resource limits for CPU and memory in a Kubernetes resource definition file, such as a pod manifest?

using the limits field within the spec section
using the resources field within the containers section
using the containers field within the metadata section
using the resources field within the metadata section

Q. You've created a new Kubernetes manifest to run five instances of your production application in a deployment. Once applied, what Kubernetes component is responsible for changing the actual state to the desired state and ensuring the desired number of pods is always running?

deployment controller
API server
cluster autoscaler
kubelet

Q. When it comes to downloading or searching for containerized versions of applications, where are the images typically stored?

Kubernetes Application Marketplace
Container Registry, such as Docker Hub or Amazon ECR
Google Resource Center
GitHub

Q. You are a Kubernetes administrator managing a production cluster. You need to perform a rolling update of a deployment using kubectl. What is a critical requirement for successfully executing this command?

the Kubernetes API server must be available
the availability of worker nodes for pod rescheduling
the Docker container runtime must be running on worker nodes
the cluster's control plane nodes must be scaled up

Q. Once an API is updated to version 1, (v1) what is the term used to refer to this stage of the API's development?

stable
alpha
production
beta

Q. What is the well-known local directory that kubelet periodically checks to deploy and manage static pods?

/usr/bin
/etc/kubernetes/manifests
/kubernetes/pods
/etcd/shared/manifests

Q. What command line (CLI) utility is used for interacting and managing a Kubernetes cluster?

kube-proxy
kubelet
kubectl
etcd

Search Tutorials