















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CERTIFIED KUBERNETES APPLICATION DEVELOPER (CKAD) CERTIFICATION EXAM COMPLETE PRACTICE TEST BANK QUESTIONS AND ANSWERS | VERIFIED SOLUTIONS | UPDATED 2026/2027 STUDY GUIDE
Typology: Exams
1 / 55
This page cannot be seen from the preview
Don't miss anything!
















































Examiner/Administrator: Linux Foundation in partnership with the Cloud Native Computing Foundation (CNCF)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CERTIFIED KUBERNETES APPLICATION DEVELOPER (CKAD) 2026/2027 EDITION ━━━━━━━━━━━━━━━━━━━━━━━━━━━━ COMPLETE PRACTICE EXAM
120 MULTIPLE-CHOICE QUESTIONS
PASSING SCORE: 66%
TESTING TIME: 120 MINUTES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━
TABLE OF CONTENTS
**_1. Kubernetes Application Design and Build
LINUX FOUNDATION & CNCF CERTIFICATION PREPARATION || ALIGNED WITH CURRENT CKAD EXAM BLUEPRINTS || CLOUD-NATIVE APPLICATION DEVELOPMENT || PROFESSIONAL STUDY GUIDE || 100% VERIFIED PRACTICE QUESTIONS ||
Q1. A development team needs a Pod containing a web application and a helper container that continuously updates shared content. Both containers must access the same files. Which Kubernetes design best satisfies this requirement?
A. Deploy two separate Pods and expose them through a Service B. Deploy a multi-container Pod with a shared volume C. Use a Deployment and StatefulSet combination D. Deploy containers in different namespaces
Correct Answer: 🔴 B. Deploy a multi-container Pod with a shared volume
Explanation: 🔹 Multi-container Pods share the same network namespace and can share storage volumes. A shared volume enables both containers to access the same files efficiently. Separate Pods do not naturally share local storage, while namespaces and StatefulSets do not directly address intra-Pod file sharing requirements.
Q2. An application image requires environment-specific configuration values without rebuilding the image. What is the most maintainable solution?
A. Embed configuration in the Docker image B. Store configuration in a ConfigMap and consume it at runtime C. Hard-code values in Deployment YAML D. Store values in container labels
Correct Answer: 🔴 B. Store configuration in a ConfigMap and consume it at runtime
Explanation: 🔹 ConfigMaps separate configuration from application code, allowing updates without rebuilding images. Hard-coded values reduce portability and maintainability. Labels are intended for metadata, not configuration management.
C. Failed containers are not restarted by Kubernetes within the Pod D. Deployment recreates containers automatically regardless
Correct Answer: 🔴 C. Failed containers are not restarted by Kubernetes within the Pod
Explanation: 🔹 The Never restart policy instructs Kubernetes not to restart failed containers within the Pod. This is common for batch workloads. Continuous restart behavior occurs with the Always policy.
Q6. Which command creates a Deployment named frontend using the nginx image?
A. kubectl create pod frontend --image=nginx B. kubectl run frontend nginx C. kubectl create deployment frontend --image=nginx D. kubectl deployment create frontend nginx
Correct Answer: 🔴 C. kubectl create deployment frontend --image=nginx
Explanation: 🔹 The command explicitly creates a Deployment resource using the specified image. Other commands are invalid or do not guarantee Deployment creation.
Q7. An architect wants to reduce container startup times and improve consistency across environments. Which practice is recommended?
A. Build immutable container images B. Install dependencies during Pod startup C. Use hostPath volumes for binaries D. Use privileged containers
Correct Answer: 🔴 A. Build immutable container images
Explanation: 🔹 Immutable images contain all required dependencies and ensure consistent behavior across environments. Installing dependencies at startup increases
deployment time and introduces variability.
Q8. What is the primary purpose of labels in Kubernetes?
A. Encrypt secrets B. Schedule Pods automatically C. Organize and select resources logically D. Create storage volumes
Correct Answer: 🔴 C. Organize and select resources logically
Explanation: 🔹 Labels provide key-value metadata used for grouping, filtering, and selecting resources. Services, Deployments, and many controllers depend on label selectors for operation.
Q9. A logging agent must collect application logs from the same Pod and forward them externally. Which pattern should be implemented?
A. Ambassador Pattern B. Sidecar Pattern C. Leader Election Pattern D. Replica Pattern
Correct Answer: 🔴 B. Sidecar Pattern
Explanation: 🔹 Sidecar containers run alongside application containers and provide auxiliary services such as logging, monitoring, or proxying. This is the standard Kubernetes pattern for log collection.
Q10. Which resource is shared by default among containers within the same Pod?
Explanation: 🔹 Logging and monitoring sidecars are common because they extend application functionality without modifying application code.
Q13. A container must proxy requests to an external service on behalf of the application. Which pattern fits best?
A. Adapter Pattern B. Ambassador Pattern C. DaemonSet Pattern D. Scheduler Pattern
Correct Answer: 🔴 B. Ambassador Pattern
Explanation: 🔹 Ambassador containers act as local proxies for external services, simplifying connectivity and configuration for the application container.
Q14. Which statement about Pods is accurate?
A. Pods can span multiple nodes B. Pods always contain one container only C. All containers in a Pod are scheduled onto the same node D. Containers within a Pod have isolated networking
Correct Answer: 🔴 C. All containers in a Pod are scheduled onto the same node
Explanation: 🔹 A Pod is the smallest deployable unit and is always scheduled as a single entity on one node. Its containers share networking resources.
Q15. What is a key benefit of using multi-container Pods?
A. Automatic cluster scaling B. Tight coupling of cooperating processes C. Reduced node requirements only D. Elimination of networking configuration
Correct Answer: 🔴 B. Tight coupling of cooperating processes
Explanation: 🔹 Multi-container Pods are ideal for processes that must work closely together and share networking or storage resources.
Q16. Which Kubernetes object should store sensitive database credentials?
A. ConfigMap B. Namespace C. Secret D. Service
Correct Answer: 🔴 C. Secret
Explanation: 🔹 Secrets are specifically designed to store sensitive information such as passwords, tokens, and certificates. ConfigMaps are intended for non-sensitive configuration.
Q17. A Pod must run as a non-root user. Which setting helps enforce this?
A. hostNetwork: true B. runAsUser in SecurityContext C. nodeSelector D. serviceName
Correct Answer: 🔴 B. runAsUser in SecurityContext
Explanation: 🔹 SecurityContext allows administrators and developers to define user and group IDs, helping enforce least-privilege security principles.
Q18. Which command displays Pod YAML for review without creating the resource?
Q21. Why should containers generally avoid running in privileged mode?
A. It reduces application performance B. It prevents networking functionality C. It increases security risks by granting elevated host access D. It disables logging
Correct Answer: 🔴 C. It increases security risks by granting elevated host access
Explanation: 🔹 Privileged containers receive broad host-level capabilities, increasing attack surface and violating least-privilege principles.
Q22. Which command displays detailed information about a Pod, including events?
A. kubectl describe pod POD_NAME B. kubectl logs POD_NAME C. kubectl get namespaces D. kubectl config current-context
Correct Answer: 🔴 A. kubectl describe pod POD_NAME
Explanation: 🔹 The describe command provides extensive troubleshooting details including status, events, scheduling information, volumes, and container states.
Q23. Which controller ensures a specified number of Pod replicas remain running?
A. Service B. Deployment C. ConfigMap D. Endpoint
Correct Answer: 🔴 B. Deployment
Explanation: 🔹 Deployments continuously reconcile desired state and ensure the required number of replicas remain available.
Q24. A team requires Pods to run only on nodes labeled disk=ssd. Which feature
should be used?
A. ResourceQuota B. NodeSelector C. ClusterRole D. Ingress
Correct Answer: 🔴 B. NodeSelector
Explanation: 🔹 Node selectors constrain Pod placement based on node labels and provide a simple scheduling mechanism.
Q25. Which workload type is best for scheduled recurring tasks?
A. Deployment B. StatefulSet C. CronJob D. ReplicaSet
Correct Answer: 🔴 C. CronJob
Explanation: 🔹 CronJobs create Jobs according to a defined schedule and are ideal for backups, reports, and recurring maintenance operations.
Q26. What happens during a rolling update Deployment strategy?
A. All Pods terminate simultaneously B. New Pods gradually replace old Pods
Q29. Which scheduling constraint requires Pods to run on nodes matching specific label expressions?
A. Node Affinity B. ConfigMap C. EndpointSlice D. ServiceAccount
Correct Answer: 🔴 A. Node Affinity
Explanation: 🔹 Node affinity provides advanced scheduling controls beyond node selectors, including preferred and required placement rules.
Q30. A Deployment currently runs five replicas. The desired state is increased to eight replicas. What action does Kubernetes take?
A. Deletes three Pods B. Creates three additional Pods C. Recreates the entire Deployment D. Creates a new namespace
Correct Answer: 🔴 B. Creates three additional Pods
Explanation: 🔹 Kubernetes reconciliation compares current and desired states. When replicas increase from five to eight, three new Pods are created to satisfy the desired configuration while maintaining availability.
A. Recreate Strategy B. Rolling Update Strategy C. Blue-Green with manual switch D. Static Pod deployment
Correct Answer: 🔴 B. Rolling Update Strategy
Explanation: 🔹 Rolling updates replace Pods incrementally, ensuring continuous availability. The Recreate strategy causes downtime, while Blue-Green requires external traffic switching mechanisms and is not native to Deployment controllers.
A. Use initContainers with a readiness check loop B. Increase replica count C. Use node affinity rules D. Add labels to the service
Correct Answer: 🔴 A. Use initContainers with a readiness check loop
Explanation: 🔹 Init containers can include scripts that block startup until external dependencies (like databases) are reachable. This ensures application stability before main container execution.
Correct Answer: 🔴 C. Traffic continues to route only to ready Pods from the previous version
Explanation: 🔹 Kubernetes ensures only Pods passing readiness probes receive traffic. Failed new Pods are excluded, preserving service stability.
A. Horizontal Pod Autoscaler B. Vertical Pod Autoscaler C. Cluster Autoscaler D. ReplicaSet controller
Correct Answer: 🔴 A. Horizontal Pod Autoscaler
Explanation: 🔹 HPA adjusts the number of Pod replicas based on observed CPU or custom metrics. VPA adjusts resource limits, not replica counts.
A. Deployment B. StatefulSet C. DaemonSet D. ReplicaSet
Correct Answer: 🔴 C. DaemonSet
Explanation: 🔹 DaemonSets ensure one Pod runs on each node, commonly used for logging, monitoring, or node-level agents.
A. resources B. limitsOnly C. quota D. allocation
Correct Answer: 🔴 A. resources
Explanation: 🔹 The resources field defines CPU and memory requests and limits, enabling proper scheduling and resource enforcement.
A. readinessProbe B. livenessProbe C. startupProbe D. execProbe
Correct Answer: 🔴 B. livenessProbe
Explanation: 🔹 Liveness probes detect unhealthy containers and trigger restarts. Readiness probes only control traffic routing, not restarts.
A. Restart unhealthy containers B. Determine if a Pod is ready to receive traffic
A. ClusterIP B. NodePort C. LoadBalancer D. ExternalName
Correct Answer: 🔴 C. LoadBalancer
Explanation: 🔹 LoadBalancer services provision external IPs through cloud providers, enabling external access to applications.
A. Schedule Pods B. Manage container images C. Handle Service networking and routing rules D. Store cluster state
Correct Answer: 🔴 C. Handle Service networking and routing rules
Explanation: 🔹 kube-proxy manages network rules that route traffic to appropriate backend Pods for Services.
A. Service B. Ingress
C. ConfigMap D. Endpoint
Correct Answer: 🔴 B. Ingress
Explanation: 🔹 Ingress provides HTTP/HTTPS routing rules and can support path- based and host-based routing.
A. NodePort B. LoadBalancer C. ClusterIP D. ExternalName
Correct Answer: 🔴 C. ClusterIP
Explanation: 🔹 ClusterIP Services expose applications internally within the cluster only.
A. Store configuration data B. Map Services to Pod IPs C. Schedule Pods D. Encrypt traffic
Correct Answer: 🔴 B. Map Services to Pod IPs
Explanation: 🔹 Endpoints maintain a list of Pod IPs that back a Service, enabling traffic routing.