Certified DevOps Architect Certification Exam Guide, Exams of Technology

This certification exam guide focuses on designing and implementing DevOps architectures. Topics include CI/CD pipelines, cloud infrastructure, automation, security integration, and scalability. Candidates gain expertise in building resilient and efficient DevOps ecosystems.

Typology: Exams

2025/2026

Available from 02/10/2026

shilpi-jain-3
shilpi-jain-3 🇮🇳

2.5

(11)

80K documents

1 / 105

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified DevOps Architect Certification Exam
Guide
**Question 1.** Which AWS WellArchitected Pillar primarily addresses designing for fault
tolerance and disaster recovery?
A) Operational Excellence
B) Security
C) Reliability
D) Cost Optimization
Answer: C
Explanation: The Reliability pillar focuses on system’s ability to recover from failures, handle
disruptions, and meet availability requirements, which directly relates to fault tolerance and
disaster recovery.
**Question 2.** In Terraform, what is the purpose of a “backend”?
A) To define resource dependencies
B) To store the state file remotely
C) To generate variable values automatically
D) To enforce module versioning
Answer: B
Explanation: A backend configures where Terraform stores its state (e.g., S3, Azure Blob).
Remote backends enable state sharing and locking for team collaboration.
**Question 3.** Which of the following is NOT a characteristic of immutable infrastructure?
A) Deploying new instances instead of patching existing ones
B) Using configuration management tools to apply changes in place
C) Ensuring consistency across environments
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Certified DevOps Architect Certification Exam Guide and more Exams Technology in PDF only on Docsity!

Guide

Question 1. Which AWS Well‑Architected Pillar primarily addresses designing for fault tolerance and disaster recovery? A) Operational Excellence B) Security C) Reliability D) Cost Optimization Answer: C Explanation: The Reliability pillar focuses on system’s ability to recover from failures, handle disruptions, and meet availability requirements, which directly relates to fault tolerance and disaster recovery. Question 2. In Terraform, what is the purpose of a “backend”? A) To define resource dependencies B) To store the state file remotely C) To generate variable values automatically D) To enforce module versioning Answer: B Explanation: A backend configures where Terraform stores its state (e.g., S3, Azure Blob). Remote backends enable state sharing and locking for team collaboration. Question 3. Which of the following is NOT a characteristic of immutable infrastructure? A) Deploying new instances instead of patching existing ones B) Using configuration management tools to apply changes in place C) Ensuring consistency across environments

Guide

D) Reducing configuration drift Answer: B Explanation: Immutable infrastructure avoids in‑place changes; applying updates via configuration management contradicts immutability. Question 4. In Kubernetes, what does the CNI plugin manage? A) Persistent storage provisioning B) Container networking and IP address allocation C) Service discovery via DNS D) Secrets encryption Answer: B Explanation: CNI (Container Network Interface) plugins are responsible for setting up networking for pods, including IP address assignment and connectivity. Question 5. Which service mesh provides automatic mutual TLS encryption for service‑to‑service traffic? A) Helm B) Istio C) Kustomize D) Prometheus Answer: B Explanation: Istio includes a sidecar proxy (Envoy) that can automatically enable mTLS between services, securing intra‑cluster communication.

Guide

C) SonarQube D) Nexus Answer: B Explanation: ArgoCD monitors Git repositories and automatically applies any drift between the declared manifests and the actual Kubernetes state. Question 9. In a blue/green deployment, what determines when traffic is switched from blue to green? A) Completion of a canary analysis report B) Manual approval or automated health check C) Deployment of a new Docker image D) Scaling the green environment to zero Answer: B Explanation: Traffic is switched after the new (green) environment passes health checks or receives manual approval, ensuring zero‑downtime cutover. Question 10. Which deployment strategy gradually rolls out changes to a small percentage of users before full rollout? A) Rolling update B) Blue/Green C) Canary release D) Recreate Answer: C

Guide

Explanation: Canary releases expose a new version to a limited subset of traffic, allowing monitoring before expanding to all users. Question 11. What is the primary purpose of an artifact repository like Nexus or Artifactory? A) To host source code B) To store compiled binaries, Docker images, and other build outputs securely C) To run automated tests D) To manage infrastructure as code Answer: B Explanation: Artifact repositories act as a central, versioned storage for build artifacts, enabling reproducible deployments and dependency management. Question 12. Which of the following best describes “Shift‑Left” in DevSecOps? A) Moving deployment responsibilities to the operations team B) Integrating security testing earlier in the development lifecycle C) Delaying compliance checks until after production release D) Outsourcing security to third‑party vendors Answer: B Explanation: Shift‑Left means incorporating security activities (e.g., SAST, SCA) early, such as during coding and CI, to catch issues sooner. Question 13. Which type of testing analyzes the application’s runtime behavior for security vulnerabilities? A) SAST (Static Application Security Testing)

Guide

Explanation: Vault provides secure storage, dynamic secrets, and fine‑grained access controls for credentials, API keys, etc. Question 16. In AWS IAM, what does the Principle of Least Privilege (PoLP) enforce? A) All users must have AdministratorAccess B) Users receive only the permissions required to perform their job functions C) Permissions are granted automatically based on tags D) Root account is used for daily tasks Answer: B Explanation: PoLP restricts each identity to the minimal set of permissions needed, reducing attack surface. Question 17. Open Policy Agent (OPA) is used to implement which DevSecOps practice? A) Continuous integration B) Policy as Code for automated compliance enforcement C) Container orchestration D) Artifact versioning Answer: B Explanation: OPA evaluates policies written in Rego, enabling automated compliance checks across CI/CD pipelines and runtime environments. Question 18. Which of the following is NOT one of the three pillars of observability? A) Metrics B) Logs

Guide

C) Traces D) Dashboards Answer: D Explanation: Dashboards are a consumption layer; the core pillars are Metrics, Logs, and Traces. Question 19. A Service Level Indicator (SLI) is: A) A contractual agreement between provider and customer B) A metric used to measure the performance of a service (e.g., latency) C) The budget allocated for incident response D) A tool for automated testing Answer: B Explanation: An SLI quantifies a specific aspect of service reliability, such as request latency or error rate. Question 20. What does an “Error Budget” represent in SRE? A) The total amount of money allocated for fixing bugs B) The allowable threshold of service unreliability (e.g., 99.9% uptime → 0.1% error budget) C) The number of incidents a team can ignore per month D) The time spent on post‑mortems Answer: B Explanation: Error budget is the difference between 100% and the SLO target, allowing controlled risk for changes.

Guide

Answer: A Explanation: VSM creates a visual representation of the end‑to‑end process, highlighting waste and delays. Question 24. In Team Topologies, which team type is responsible for building and maintaining shared platform services? A) Stream‑aligned team B) Enabling team C) Platform team D) Complicated‑subsystem team Answer: C Explanation: Platform teams provide self‑service APIs, tooling, and infrastructure that other teams consume. Question 25. Which practice replaces a traditional Change Advisory Board (CAB) with automated, peer‑reviewed deployments? A) Manual change request forms B) Shift‑Left testing C) Git‑based pull‑request workflow with CI/CD gates D) Scheduled maintenance windows Answer: C Explanation: Using pull‑requests and automated pipelines provides rapid, auditable change approval, reducing reliance on CABs.

Guide

Question 26. The “5 Ideals” in DevOps culture include all EXCEPT: A) Locality & Simplicity B) Focus, Flow & Joy C) Continuous Monitoring D) Psychological Safety Answer: C Explanation: Continuous Monitoring is an engineering practice, not one of the five cultural ideals (Locality, Focus/Flow/Joy, Improvement, Psychological Safety, Customer Focus). Question 27. Which AWS service provides a managed Kubernetes offering? A) Amazon ECS B) Amazon EKS C) AWS Fargate D) AWS Lambda Answer: B Explanation: Amazon Elastic Kubernetes Service (EKS) delivers a fully managed K8s control plane. Question 28. In Terraform, what does the “taint” command do? A) Marks a resource for recreation on the next apply B) Deletes the state file C) Locks the state for exclusive access D) Generates a plan file

Guide

A) Jenkins B) GitLab CI C) TeamCity D) Bamboo Answer: B Explanation: GitLab CI defines pipelines in a .gitlab-ci.yml file, enabling declarative pipeline configuration. Question 32. In Docker, what is the purpose of a “multi‑stage build”? A) To run containers in parallel B) To reduce final image size by separating build and runtime layers C) To enable automatic scaling of services D) To create a swarm cluster Answer: B Explanation: Multi‑stage builds allow you to compile artifacts in one stage and copy only the needed binaries to a lightweight final image. Question 33. Which of the following is a common metric used to define an SLO for latency? A) 99th percentile request latency ≤ 200 ms B) Average CPU usage ≤ 80% C) Disk I/O operations per second ≥ 1000 D) Number of pods ≥ 5 Answer: A

Guide

Explanation: Latency SLOs often target a high percentile (e.g., 99th) to ensure most requests meet a response time threshold. Question 34. What does the “OPA Gatekeeper” provide for Kubernetes clusters? A) Automatic scaling of pods B) Policy‑as‑Code enforcement on admissions (e.g., validating manifests) C) Secret rotation D) Service discovery Answer: B Explanation: Gatekeeper integrates OPA policies as admission controllers, preventing non‑compliant resources from being created. Question 35. Which principle encourages teams to own the full lifecycle of a service, from development to operation? A) Separation of duties B) “You build it, you run it” C) DevSecOps D) Centralized operations Answer: B Explanation: “You build it, you run it” promotes end‑to‑end ownership, reducing hand‑offs and increasing accountability. Question 36. In the context of IaC, what does “drift detection” refer to? A) Detecting network latency spikes

Guide

Answer: B Explanation: GitOps treats Git as the single source of truth, allowing automated reconciliation and traceability of changes. Question 39. Which of the following is a common security risk when hard‑coding credentials in source code? A) Increased build speed B) Credential leakage through version control history C) Faster container startup D) Better code readability Answer: B Explanation: Hard‑coded secrets become part of the repository history, potentially exposing credentials to anyone with access. Question 40. In a Kubernetes cluster, which component is responsible for scheduling Pods onto Nodes? A) kube‑apiserver B) kube‑controller‑manager C) kube‑scheduler D) kube‑proxy Answer: C Explanation: The kube‑scheduler watches unscheduled Pods and assigns them to suitable Nodes based on constraints and resources.

Guide

Question 41. Which of the following best describes “Chaos Engineering”? A) Writing unit tests for edge cases B) Intentionally injecting failures to verify system resilience C) Automating database migrations D) Encrypting data at rest Answer: B Explanation: Chaos Engineering deliberately introduces faults (e.g., killing pods) to validate that the system can recover gracefully. Question 42. What is the main purpose of “Feature Flags” in continuous delivery? A) To enable A/B testing and gradual rollout without deploying new code B) To encrypt configuration files C) To define IAM policies D) To monitor network latency Answer: A Explanation: Feature flags allow toggling functionality at runtime, facilitating controlled releases and rollbacks. Question 43. Which tool is primarily used for container image scanning to detect vulnerabilities? A) Terraform B) Trivy C) Ansible D) Consul

Guide

Question 46. Which AWS service can be used to store and version Terraform state securely? A) AWS S3 with DynamoDB locking B) AWS Lambda C) Amazon RDS D) AWS CloudWatch Answer: A Explanation: S3 stores the state file, while DynamoDB provides state locking to prevent concurrent modifications. Question 47. What does the “principle of least astonishment” advise when designing APIs? A) APIs should be as complex as possible B) APIs should behave in a way that minimizes surprise for developers C) APIs must always be backward compatible D) APIs should require authentication for every call Answer: B Explanation: The principle encourages intuitive, predictable behavior to reduce learning curves and errors. Question 48. In a CI/CD pipeline, which step is most appropriate for running a “dependency‑check” scan? A) After deployment to production B) During the build stage, before packaging artifacts C) During the linting stage

Guide

D) After unit tests have passed Answer: B Explanation: Scanning dependencies for known vulnerabilities is best done early, right after code is compiled and before creating final artifacts. Question 49. Which of the following is NOT a typical responsibility of a DevOps Architect? A) Designing CI/CD workflows B) Writing all application business logic C) Defining infrastructure standards D) Establishing observability strategies Answer: B Explanation: While a DevOps Architect may influence code quality, writing all business logic is outside the role’s scope. Question 50. Which open‑source tool provides a unified view of logs, metrics, and traces? A) Grafana Loki (logs) + Prometheus (metrics) + Tempo (traces) integrated in Grafana UI B) Docker Compose C) Terraform D) SonarQube Answer: A Explanation: Grafana’s ecosystem (Loki, Prometheus, Tempo) can be combined to give a single observability dashboard.