Certified DevOps Professional Certification Exam Guide, Exams of Technology

This certification exam guide delivers advanced coverage of end-to-end DevOps implementation. Topics include CI/CD pipeline design, infrastructure as code, containerization, cloud orchestration, performance optimization, and DevOps governance. The guide emphasizes strategic decision-making, cross-functional collaboration, and applied DevOps case studies aligned with professional-level certification standards.

Typology: Exams

2025/2026

Available from 02/10/2026

shilpi-jain-3
shilpi-jain-3 🇮🇳

2.5

(11)

80K documents

1 / 93

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified DevOps Professional Certification
Exam Guide
**Question 1. Which of the following best describes the “Three Ways” philosophy in DevOps?**
A) Planning, Coding, Deploying
B) Flow, Feedback, Continual Learning
C) Build, Test, Release
D) Design, Implement, Operate
Answer: B
Explanation: The Three Ways are the foundational principles of DevOps: improving flow of work,
creating feedback loops, and fostering a culture of continual learning and experimentation.
**Question 2. In the context of Agile integration with DevOps, which practice most directly
aligns Scrum sprints with continuous delivery pipelines?**
A) Daily standup meetings
B) Sprint retrospectives after each release
C) “Definition of Done” that includes automated tests and deployment scripts
D) Product backlog grooming
Answer: C
Explanation: Embedding automated testing and deployment in the Definition of Done ensures
that each increment is potentially shippable, linking Scrum’s sprint cadence to continuous
delivery.
**Question 3. Site Reliability Engineering (SRE) uses an “error budget.” What does an error
budget represent?**
A) The total number of bugs a team can fix per month
B) The amount of allowed downtime or SLO breach within a measurement period
C) The budget allocated for security tools
D) The number of incidents a team can resolve without escalation
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d

Partial preview of the text

Download Certified DevOps Professional Certification Exam Guide and more Exams Technology in PDF only on Docsity!

Exam Guide

Question 1. Which of the following best describes the “Three Ways” philosophy in DevOps? A) Planning, Coding, Deploying B) Flow, Feedback, Continual Learning C) Build, Test, Release D) Design, Implement, Operate Answer: B Explanation: The Three Ways are the foundational principles of DevOps: improving flow of work, creating feedback loops, and fostering a culture of continual learning and experimentation. Question 2. In the context of Agile integration with DevOps, which practice most directly aligns Scrum sprints with continuous delivery pipelines? A) Daily stand‑up meetings B) Sprint retrospectives after each release C) “Definition of Done” that includes automated tests and deployment scripts D) Product backlog grooming Answer: C Explanation: Embedding automated testing and deployment in the Definition of Done ensures that each increment is potentially shippable, linking Scrum’s sprint cadence to continuous delivery. Question 3. Site Reliability Engineering (SRE) uses an “error budget.” What does an error budget represent? A) The total number of bugs a team can fix per month B) The amount of allowed downtime or SLO breach within a measurement period C) The budget allocated for security tools D) The number of incidents a team can resolve without escalation Answer: B

Exam Guide

Explanation: An error budget quantifies the permissible deviation from a Service Level Objective (SLO), balancing reliability with the speed of change. Question 4. Which change‑management approach is most consistent with DevOps principles? A) Large, infrequent “big bang” releases B) Manual change‑approval boards for every deployment C) Frequent, low‑risk incremental deployments using feature flags D) Post‑deployment hot‑fixes only after production failures Answer: C Explanation: DevOps promotes small, reversible changes that reduce risk and enable rapid feedback, often implemented with feature toggles. Question 5. In a CI pipeline, which stage should logically occur immediately after source code checkout? A) Deployment to production B) Linting and static code analysis C) Load testing D) Artifact promotion Answer: B Explanation: Linting and static analysis catch syntax and style issues early, preventing downstream failures before compilation or testing. Question 6. Which of the following deployment strategies minimizes impact on users by routing traffic between two identical environments? A) Canary release B) Blue/Green deployment

Exam Guide

A) JFrog Artifactory B) Apache Maven Central C) PyPI D) npm Registry Answer: A Explanation: Artifactory supports Docker registries, allowing storage, versioning, and promotion of container images. Question 10. Test‑Driven Development (TDD) primarily emphasizes which sequence of activities? A) Write code → Write tests → Refactor B) Write tests → Write code → Refactor C) Write code → Deploy → Test D) Write tests → Deploy → Monitor Answer: B Explanation: TDD starts with a failing test, then code to pass the test, followed by refactoring for clean design. Question 11. Behavior‑Driven Development (BDD) differs from TDD mainly in its focus on: A) Unit test coverage metrics B) Business‑level specifications written in a readable language C) Performance testing of APIs D) Security scanning of code Answer: B Explanation: BDD uses human‑readable scenarios (e.g., Gherkin) to capture expected behavior from a stakeholder perspective.

Exam Guide

Question 12. Declarative IaC defines: A) The exact steps to provision resources B) The desired end state of infrastructure C) The programming language used for scripts D) The order of execution for commands Answer: B Explanation: Declarative IaC describes what the infrastructure should look like, leaving the tool to determine how to achieve it. Question 13. Imperative IaC is characterized by: A) Describing the final state only B. Using a high‑level DSL that abstracts cloud APIs C. Specifying explicit commands to create, modify, and delete resources D. Relying on a GUI for resource provisioning Answer: C Explanation: Imperative IaC provides step‑by‑step instructions, similar to traditional scripting. Question 14. Which language is native to Terraform for defining infrastructure? A) YAML B) JSON C) HCL (HashiCorp Configuration Language) D) Python Answer: C Explanation: Terraform’s primary DSL is HCL, which offers readable syntax for declaring resources.

Exam Guide

Explanation: Immutable infrastructure treats servers as disposable; any change triggers a new image deployment rather than in‑place updates. Question 18. Which Git branching model encourages short‑lived feature branches merged directly into the mainline? A) GitFlow B) Trunk‑Based Development C) Release Branching D) Fork‑and‑Pull Model Answer: B Explanation: Trunk‑Based Development uses a single main branch (trunk) with frequent merges, supporting continuous integration. Question 19. In GitFlow, which branch is typically used for preparing a production release? A) develop B) master C) release/* D) hotfix/* Answer: C Explanation: The release/* branch allows final testing and bug fixes before merging into master (production) and develop. Question 20. Dockerfiles should specify the base image using which instruction? A) FROM B) RUN C) CMD

Exam Guide

D) ENTRYPOINT

Answer: A Explanation: The FROM instruction defines the parent image upon which subsequent layers are built. Question 21. To reduce image size, which Dockerfile best practice is recommended? A) Install development tools in the final image B) Use a multi‑stage build to copy only needed artifacts C) Combine all RUN commands into separate layers D) Use the latest tag for the base image Answer: B Explanation: Multi‑stage builds allow compilation in a builder stage and copy only the final binaries, minimizing the runtime image. Question 22. In Kubernetes, which component is responsible for maintaining the desired state of the cluster? A) kubelet B) kube‑proxy C) etcd D) controller‑manager Answer: D Explanation: The controller‑manager runs controllers (e.g., Deployment, ReplicaSet) that continuously reconcile the actual state with the desired state. Question 23. A Kubernetes Service of type LoadBalancer provides: A) Internal cluster DNS only

Exam Guide

Question 26. Service Mesh technologies like Istio add which capability to microservice communication? A) Automatic code generation B) Transparent traffic encryption, retries, and observability without code changes C) Database migration tools D) Serverless function execution Answer: B Explanation: Service meshes provide a sidecar‑based data plane for secure, resilient, and observable service‑to‑service traffic. Question 27. Which serverless platform executes code in response to events without provisioning servers? A) Docker Swarm B) AWS Lambda C) Kubernetes DaemonSet D) Terraform Answer: B Explanation: AWS Lambda runs functions triggered by events (e.g., S3 uploads) and abstracts away server management. Question 28. “Shift‑Left” security primarily aims to: A) Perform penetration testing after production release B) Integrate security checks early in the development lifecycle C) Move security responsibilities to the operations team only D) Delay compliance audits until the end of the year Answer: B

Exam Guide

Explanation: Shift‑Left embeds security testing (e.g., SAST, secret scanning) early, reducing remediation cost and time. Question 29. Which type of security testing analyzes source code without executing it? A) DAST (Dynamic Application Security Testing) B) SAST (Static Application Security Testing) C) Penetration testing D) Fuzz testing Answer: B Explanation: SAST inspects code for vulnerabilities statically, enabling detection before runtime. Question 30. Which tool is commonly used for secret management in Kubernetes clusters? A) Jenkins B) HashiCorp Vault C) SonarQube D) Prometheus Answer: B Explanation: Vault can store and inject secrets into pods, integrating with Kubernetes via the secret‑injector or CSI driver. Question 31. Open Policy Agent (OPA) is primarily used for: A) Container image building B) Defining and enforcing policy as code across CI/CD and runtime C) Managing DNS records D) Automating database backups Answer: B

Exam Guide

D. Monitoring Answer: D Explanation: CALMS stands for Culture, Automation, Lean, Measurement, and Sharing. Monitoring is part of Measurement, but “Monitoring” alone is not a separate CALMS component. Question 35. A “Feature Flag” in a deployment pipeline is used to: A) Encrypt network traffic between services B) Toggle functionality on/off without redeploying code C. Manage DNS entries for services D. Scale pods automatically based on load Answer: B Explanation: Feature flags allow developers to control feature exposure at runtime, facilitating safe rollouts and quick rollbacks. Question 36. Which of the following best defines “Mean Time To Detect” (MTTD) in SRE? A) Average time to resolve an incident after detection B. Time between successive incidents C. Average time from incident occurrence to its detection D. Time required to deploy a new release Answer: C Explanation: MTTD measures how quickly a monitoring system alerts teams to an issue, critical for rapid response. Question 37. In a CI/CD pipeline, which tool is most commonly used for container image scanning for vulnerabilities? A. SonarQube

Exam Guide

B. Trivy C. JUnit D. Selenium Answer: B Explanation: Trivy is a lightweight scanner that detects known CVEs in container images, integrating easily into pipelines. Question 38. Which of the following statements about “Infrastructure as Code” versioning is true? A. Only binary artifacts need version control, not IaC files B. Storing IaC in Git enables rollbacks, peer review, and auditability C. IaC files should be stored in a separate, non‑Git repository for security D. Versioning is unnecessary because cloud providers maintain history Answer: B Explanation: Placing IaC in Git provides the same benefits as application code: history, collaboration, and traceability. Question 39. What is the primary advantage of using a “GitOps” workflow for Kubernetes deployments? A. Manual approval of each pod creation B. Declarative, version‑controlled state applied automatically by an operator C. Direct SSH access to nodes for configuration changes D. Using Git branches to store container logs Answer: B Explanation: GitOps treats Git as the source of truth; a controller continuously reconciles the cluster to match the declared state.

Exam Guide

Explanation: Placing stable instructions first maximizes reuse of cached layers, speeding up rebuilds. Question 43. In Terraform, the command terraform plan does what? A. Applies changes directly to the infrastructure B. Shows a preview of actions Terraform will take without making changes C. Destroys all managed resources D. Initializes the working directory Answer: B Explanation: terraform plan computes the execution plan and displays it, allowing review before applying. Question 44. Which AWS service provides a managed Kubernetes control plane? A. Amazon EC B. Amazon EKS C. Amazon ECS D. AWS Lambda Answer: B Explanation: Amazon Elastic Kubernetes Service (EKS) offers a fully managed control plane for Kubernetes clusters. Question 45. What is the purpose of a “Service Level Indicator” (SLI) in SRE? A. To define the budget for a project B. To measure a specific aspect of service performance (e.g., latency) C. To enforce security policies D. To schedule deployments

Exam Guide

Answer: B Explanation: An SLI is a quantitative measure of a service attribute, forming the basis for SLO calculations. Question 46. Which of the following is an example of a “golden image” in immutable infrastructure? A. A VM snapshot that is patched weekly B. A pre‑built Docker image containing the application and its runtime dependencies C. A configuration file stored in a Git repository D. A manual checklist for server setup Answer: B Explanation: A golden image is a versioned, immutable artifact (e.g., Docker image) used to spin up identical instances. Question 47. In the context of CI/CD, what does “artifact promotion” refer to? A. Deleting old build artifacts automatically B. Moving a built artifact from a development repository to a staging or production repository after validation C. Converting a binary into source code D. Scaling the number of build agents Answer: B Explanation: Promotion moves vetted artifacts through environments, ensuring the same binary is deployed throughout. Question 48. Which of the following best describes “Blue‑Green” vs. “Canary” deployment? A. Blue‑Green switches all traffic at once; Canary shifts traffic gradually

Exam Guide

A. Automatic retries and circuit breaking B. Centralized configuration of traffic policies C. Direct access to underlying hardware resources D. Observability via metrics and tracing Answer: C Explanation: Service meshes operate at the application layer; they do not provide direct hardware access. Question 52. Which of the following is a common security scanning tool for detecting secrets in code repositories? A. Checkmarx B. TruffleHog C. JMeter D. Grafana Answer: B Explanation: TruffleHog scans Git history for high‑entropy strings that may represent credentials. Question 53. In Git, what does the command git rebase - i allow you to do? A. Merge two branches automatically B. Interactively edit, reorder, squash, or drop commits in a branch’s history C. Create a new remote repository D. Push changes to a protected branch Answer: B Explanation: Interactive rebase lets developers rewrite commit history for cleaner, linear logs.

Exam Guide

Question 54. Which of the following best defines “Continuous Deployment” (CD) as opposed to “Continuous Delivery”? A. CD includes automated testing; Continuous Delivery does not B. CD automatically pushes every successful build to production; Continuous Delivery requires manual approval before production release C. CD is only for containerized applications D. CD does not involve version control Answer: B Explanation: Continuous Deployment removes the manual gate, deploying validated changes directly to production. Question 55. Which of the following is a primary reason to use “Rolling Updates” in Kubernetes? A. To keep the entire cluster offline during upgrades B. To replace pods incrementally, ensuring service availability throughout the update C. To delete all pods and recreate them simultaneously D. To automatically scale down the cluster to zero nodes Answer: B Explanation: Rolling updates replace pods gradually, maintaining the desired number of replicas and minimizing downtime. Question 56. What is the main purpose of a “PodDisruptionBudget” (PDB) in Kubernetes? A. To limit the number of pods that can be created per node B. To specify the minimum number or percentage of pods that must remain available during voluntary disruptions (e.g., upgrades) C. To define storage quotas for pods D. To enforce network policies for pods