Search Tutorials


Kubernetes and Cloud Native Associate Certification Exam (KCNA) Practice Test 4 (2025) | JavaInUse

Kubernetes and Cloud Native Associate Certification Exam (KCNA) Practice Test 4

Q. Your containerized application requires additional resources (memory) to increase performance. What type of scaling is this referred to as?

horizontal scaling
resource pooling
load balancing
vertical scaling

Q. How do controllers operate in Kubernetes to maintain cluster stability and desired configurations?

independently making decisions without considering the desired state
continuously updating the observed state to match the desired state
monitoring the desired state and reconciling it with the observed state
executing actions randomly to test cluster resilience

Q. Which of the following statements accurately describes Linkerd in the context of Kubernetes?

Linkerd is a tool for managing containerized applications on Kubernetes, similar to Helm
Linkerd is a Kubernetes distribution designed to replace the default kube-proxy networking component
Linkerd is a Kubernetes dashboard for visualizing cluster health and resource usage
Linkerd is a service mesh option for Kubernetes that provides observability, security, and traffic management for microservices

Q. Which of the following are valid types of nodes found in a Kubernetes cluster?

worker nodes
control-plane nodes
primary nodes
virtual nodes

Q. What command is used to view information about all pods across all namespaces running on a Kubernetes cluster?

kubectl get pods --all-namespaces
kubectl view pods
kubectl describe pod all
kubectl describe pods-namespace all

Q. Which Kubernetes components will you find running on a control plane node?

controllers
kubelet
etcd
application pods
scheduler
API server

Q. You have created a ReplicaSet and want to deploy it to your cluster. There are already 2 pods running on the cluster that match the selector label. What parameter in the ReplicaSet is used to specify the data needed to create the remaining pod?

apiVersion
kind
metadata
template

Q. What is another term commonly used to describe the serverless cloud-native development model?

Microservices
Infrastructure as a Service (IaaS)
High-performance computing (HPC)
Functions as a Service (FaaS)

Q. After Prometheus has successfully collected metrics from servers, what language is used to query and visualize the data into dashboards and charts?

GranfanaQL
GraphQL
SQL
PromQL

Q. Collecting metrics in a containerized environment can be challenging since many workloads are short-lived. What options can be used to successfully collect metrics in this environment using Prometheus?

collect metrics directly at the platform level using node-exporter
configure the containers to automatically push all metrics directly to Prometheus
provision Prometheus as another container in each pod alongside of your application
use Container Advisor (cAdvisor) to export container-based metrics

Q. In a Kubernetes cluster, what is the default communication behavior between pods when no explicit network policy is applied?

all incoming and outgoing network traffic is denied for all pods
incoming network traffic is denied, but outgoing network traffic is allowed for all pods
all incoming and outgoing network traffic is allowed for all pods
incoming network traffic is allowed, but outgoing network traffic is denied for all pods

Q. Which of the following is true regarding the design of cloud-native applications and systems?

cloud-native applications and systems are being phased out as it is no longer a viable architecture for modern applications
cloud-native applications and systems are extremely hard to support and therefore require an entire team of DevOps Engineers, Site Reliability Engineers, and Cloud Architects
cloud-native applications and systems should only consider a public cloud provider as the underlying provider for high availability
cloud-native applications and systems should be designed to expect and handle failures at any point within the system

Q. What is the correlation between a Service Level Indicator (SLI) and a Service Level Objective (SLO)?

SLI and SLO are entirely unrelated concepts in performance and service management, with no interaction between them
SLO is a target or goal that defines an acceptable level of performance for one or more SLIs over a certain period of time
SLO is the specific metric that is measured and is summarized by the SLI as a key indicator of the performance of a system
SLO is the agreement between a vendor and customer while using one or more SLIs as part of the defining criteria of the agreement

Q. Why are open standards critical for developing and consuming cloud-native tools?

ensures that tools and services will provide lock-in without providing interoperability
gives organizations the ability to hire the correct skillsets needed to manage its application stack
ensure that all products and services support self-healing
give developers confidence that the products will work as expected and will integrate well with other tools

Q. Which of the following are true regarding kubeconfig files?

it is commonly stored in the $HOME/.kube directory
kubectl command-line tool uses kubeconfig files to find the information it needs to communicate with the API server of a cluster
to organize information about clusters, users, namespaces, and authentication mechanisms
it defines the kube-proxy configuration to determine the networking configuration of a host

Q. In a Kubernetes cluster, what is the purpose of using multiple schedulers?

to improve the security of the cluster by isolating workloads
to reduce the number of worker nodes required in the cluster
to allow different users or teams to define their own scheduling policies and rules for pods
to increase the overall compute capacity of the cluster

Q. You are responsible for monitoring an application from which you want to obtain metrics. However, the application cannot be queried directly by Prometheus. What can you use to scrape these metrics and convert them into a format that Prometheus supports?

Prometheus Exporter
Pushgateway
PromQL
Prometheus Job

Q. What is the default container runtime on most modern Kubernetes clusters?

mirantis
CRI-O
docker
containerd

Q. You have a high-performing app you want to schedule on the same node to minimize latency between an application container and the data processing container. What scheduler feature can you use so the containers will be scheduled on the same node?

load balancing
affinity
config maps
anti-affinity

Q. You have a Kubernetes cluster with multiple worker nodes with different resource capacities. You've just created a new pod with specific resource requirements. What is the role of the Kubernetes scheduler in this situation?

to schedule a time when the pod will be deployed on a worker node
to monitor the performance of the pod once it is running on the node
to ensure the pod is scheduled on a node with sufficient resources
to execute the commands inside of the pod

Q. What does the acronym "CNI" stand for in the context of Kubernetes, and what role does it play in the container orchestration environment?

CNI stands for Container Networking Interface. It is a specification and set of plugins that define how network connectivity is established and managed for containers in a Kubernetes cluster.
CNI stands for Centralized Network Infrastructure, handling the centralization of network resources within a Kubernetes environment.
CNI stands for Cloud Native Integration, ensuring seamless integration of cloud-native services into Kubernetes applications.
CNI stands for Cluster Network Interconnect, providing interconnection between different Kubernetes clusters for communication.

Q. What is the primary responsibility of the Kubernetes scheduler when it comes to pod placement on nodes in a cluster?

ensure that pods are scheduled on the same node for high availability and low latency
enforce resource limits and requests for each pod, ensuring efficient resource utilization
select an appropriate node based on resource requirements, node conditions, and other constraints
monitor pod performance and automatically adjust node assignments for optimal load balancing

Q. Which of the following is NOT a benefit of adopting a GitOps approach for application deployment and management?

increased productivity
higher reliability
increased time to market
faster development
consistent and standardized deployments
improved audibility

Q. If you need to run a container as a root user due to specific application requirements, what is a recommended practice to enhance security?

run the container in the default namespace without any additional configuration
deploy the container in a separate namespace dedicated to root user containers
use Kubernetes RBAC to grant cluster-wide root user privileges
disable security features for the container to accommodate root user access

Q. Which of the following is NOT one of the major control plane services that run on every control plane node?

scheduler
cluster store (etcd)
API server
kubelet

Q. Containers are designed to be stateless and typically local data is considered ephemeral. What does this mean for any data that is stored in a container?

Containers should never store any data locally, and all data must be persisted externally in a distributed file system
Containers should store long-term data and state locally within the container filesystem for optimal performance
Containers should prioritize data storage on the host node for fast access and reliability and can be accessed by containers in other pods
Containers should not rely on the local filesystem for persistent data storage, and data will be destroyed when the container is terminated

Q. Your organization uses Kubernetes for its production workloads. As a DevOps Engineer, you must ensure that the Kubernetes cluster has sufficient resources (nodes) to handle all application workloads but minimize costs when the workload is reduced. What feature can you use to meet these requirements?

kube scheduler
cluster autoscaler
container storage interface (CSI)
vertical pod autoscaler

Q. In Kubernetes, what is the primary purpose of using labels and selectors?

categorizing and identifying resources, which enables grouping and querying
specifying the desired number of replicas for a deployment
defining resource limits for pods
configuring network policies for pod communication

Q. You are managing a Kubernetes cluster with multiple worker nodes. You need to deploy a monitoring agent pod on each node for monitoring purposes. Which Kubernetes resource type is most suitable for this task?

Deployment
StatefulSet
ReplicaSet
DaemonSet

Q. You have a definition file named production.yaml for your workload but you have recently made changes to the file and need to apply the changes to the existing objects. How can you apply these changes to the Kubernetes cluster?

run the command kubectl apply -f production.yaml to apply the changes
upload the file to the worker node where the existing workload is running. The file will be retrieved and the changes will be implemented automatically
you cannot make changes to an existing workload that is already running on a Kubernetes cluster
run the command kubectl update deployment/production to update the configuration

Q. In the provided ReplicaSet definition file, what is the purpose of defining a selector even though the pod definition is included?

to identify pods that might have been created before the ReplicaSet was created
to maintain compatibility with legacy Kubernetes versions
to identify which nodes are eligible for pod placement
to specify the desired number of replicas for the pod

Q. What is a Kubernetes Service?

a Kubernetes resource for managing storage volumes for pods
a Kubernetes resource for load balancing and providing a stable network endpoint for pods
a tool for creating container images quickly and easily
a command-line interface (CLI) for interacting and managing Kubernetes clusters

Q. Which job role is typically responsible for designing infrastructure and applications to be cloud-native?

Cloud Engineer
Cloud Architect
DevOps Engineer
Application Developer

Q. Rather than storing sensitive data, such as API keys or passwords, directly in a resource definition file, where should you securely store this information?

in a secret resource
in environment variables within the resource definition file
in a ConfigMap resource
in the resource's annotations

Q. What is one of the main obstacles that organizations encounter before implementing a CI/CD process for deploying applications?

Lack of automation to provision and manage infrastructure where application workloads will run
The absence of standardization and reliance on manual deployments that are prone to errors
Lack of skills to develop applications internally
No way to test applications before they are provisioned into a production environment

Q. Which of the following metrics can be monitored and collected by Prometheus?

disk latency
custom-application error rates
per-request billing
CPU and memory utilization

Q. You are managing a Kubernetes cluster for a web application. The application requires periodic tasks, such as database backups and log rotation. What is the primary reason for using a CronJob resource in Kubernetes to manage these tasks?

ensure high availability and fault tolerance for critical services
schedule and automate recurring batch jobs or tasks
manage containerized microservices in a distributed architecture
create long-running background processes within the cluster

Q. What is the definition of a static pod in Kubernetes?

a pod that can scale automatically based on resource demand
a pod that is managed directly by kubectl
a pod that is managed directly by the kubelet on an individual node
a pod that is created and managed by the Kubernetes API server

Q. What is the primary purpose of the kubectl proxy command?

to establish a direct connection to individual pods for debugging purposes
to launch a web-based dashboard for monitoring cluster resources
to set up a proxy server for managing external traffic to Kubernetes services
to create a secure tunnel for accessing the Kubernetes cluster's internal API server

Q. The kubelet service on every worker node performs several functions. Which of the following is not one of them?

downloads images needed to start containers
makes container logs available
watches the API server for new jobs
tells the container runtime what containers to start and stop

Q. What is a microservices architecture?

components engineered to automate and streamline container orchestration and management tasks
cloud-based data repositories tailored for specific file storage requirements
independent services built to work together to create an application
cloud computing service that provides a ready-to-use platform for developing, deploying, and managing applications

Q. You need to restrict the default communication between pods in a cluster. What feature can you use to accomplish this?

ingress controller
load balancer
service
network policies

Q. Which of the following Kubernetes components are found on worker nodes?

kube-proxy
etcd
kubelet
container runtime

Q. You have many application workloads running on your Kubernetes cluster. You decide that the resources on Node1 and Node2 need to be dedicated to production workloads, so you apply a taint to the node using the NoSchedule effect. However, the existing non-production workloads continue to run on Node1 and Node2. What can you change to ensure non-production workloads are rescheduled on other nodes?

apply a tolerance to the other nodes in the cluster to ensure any existing non-production workloads will be scheduled on the remaining nodes
you need to apply a tolerance to the node, not a taint
apply the taint to the node before any workloads are scheduled since taints applied after pods are running will not impact existing workloads
change the effect to NoExecute to ensure the non-production workloads will be evicted immediately

Q. When creating a namespace, what resource types are included within a namespace?

pods
deployments
control plane
service accounts

Q. In the unfortunate event of a security incident, what benefits does a GitOps approach offer organizations as they attempt to recover?

The system is defined as immutable code in a single source of truth, which can help recreate a new independent system.
A GitOps operator can use the imperative set of commands to create the system and applications
Committed code in a Git repository is fully auditable, which can help identify the attacker.
Applications running on Kubernetes are less likely to incur security events due to strong cryptography and a smaller attack surface

Q. Which of the following is true regarding containers running in the same pod?

the containers will have access to the same volumes and can share data
the containers will always be scheduled on the same node
the containers will use the same image when scheduled
the containers will perform the same functions

Q. You are managing a Kubernetes cluster for a company's microservices-based application. One of the development teams is deploying a new pod in the default namespace, but they haven't specified any resource requirements in the pod's definition file. What will be the result regarding resource limits for this pod?

Kubernetes will reject the pod deployment, requiring the team to specify resource requirements
Kubernetes assigns default resource limits of 0.5 CPU and 256 MiB memory to the pod
a pod in Kubernetes will run with no limits on CPU and memory in a default namespace
the pod will inherit the resource limits of the node it is scheduled on

Q. When running a sidecar, what is the benefit of using a shared execution environment like the one found in a Kubernetes Pod?

reduces network latency between the main application container and the host
coordination and resource sharing between containers
reduced storage and resource consumption for the Pod
increases the performance of the primary application container

Q. What are the benefits of using higher-level controllers rather than deploying pods directly on a node?

controllers guarantee that workloads running in pods never go down
controllers add additional functionality such as scaling, resiliency, and rolling updates
controllers allow you to run a wider range of applications, including web servers, databases, batching processing, and more as compared to running containers directly
controllers ensure application updates can be applied directly to existing containers

Q. When using a GitOps approach for continuous deployment and integration, what is the single source of truth for applications, configurations, and the system's desired state?

Kubernetes manifest
An imperative set of explicit commands
ArgoCD configuration
A Git version control system (GitHub, GitLab, BitBucket, etc.)

Q. You have created a Kubernetes definition file named web.yaml to deploy a fleet of web servers for your organization. What command would you use to apply this new definition file to your cluster?

kubectl apply -f web.yaml
kubectl application -f web.yaml
kubectl execute -f web.yaml
kubectl deploy -f web.yaml

Q. What format or file type is used to create the manifest for defining a Kubernetes Pod?

XML
YAML
HCL
Python

Q. What Kubernetes resource should you use to ensure that database pods have access to reliable and persistent storage?

Persistent Volume Claim (PVC)
ConfigMap
DaemonSet
Service

Q. What is the primary purpose of the Container Runtime Interface (CRI) in Kubernetes?

automate the scaling of Kubernetes pods based on resource utilization
manage networking and load balancing within a Kubernetes cluster
define container images and their dependencies
provide a standardized interface for container runtimes to interact with the Kubernetes control plane

Q. What happens to the data stored in a container when the container is destroyed?

the data is deleted when the container is destroyed
the data will be copied to a cloud-based storage solution
data is migrated to a persistent volume which can be accessed by other containers
the data is moved to the underlying host where the container was running

Q. What are the benefits of using a GitOps tool to continuously reconcile the state of the infrastructure?

to ensure the system state matches the desired state as defined by code
to reduce the number of containers required to deploy your application
to create merge requests on committed code by developers
to reduce the security footprint of the infrastructure and application managed by GitOps processes

Q. When was Kubernetes accepted to the Cloud Native Computing Foundation (CNCF)?

1981
2016
2009
2020

Q. As an experienced Kubernetes administrator, you have an idea for a new feature of Kubernetes that you think others will find useful. What is the proper workflow to propose this idea and get it added to a future release?

submit a GitHub issue
write and submit a KEP and submit it to the proper SIG
develop the feature and submit a PR against the Kubernetes repository
join the Kubernetes slack workspace and post your idea in the feature request channel

Q. In the Kubernetes architecture, where are all the Kubernetes objects defined?

the etcd cluster store
Kubernetes API
within a Kubernetes manifest
helm charts