




















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive simulation of the Linux Foundation’s cloud engineering bootcamp assessments. It evaluates multi-disciplinary knowledge across Linux systems, Kubernetes fundamentals, cloud architecture, CI/CD, DevOps workflows, containers, Git operations, cloud automation, and infrastructure-as-code. Hands-on tasks include deploying containerized apps, configuring cloud networks, monitoring cloud resources, securing workloads, and troubleshooting distributed systems.
Typology: Exams
1 / 92
This page cannot be seen from the preview
Don't miss anything!





















































































Question 1. Which cloud deployment model provides resources owned and operated by a third‑party provider but shared among multiple customers? A) Private cloud B) Public cloud C) Hybrid cloud D) Community cloud Answer: B Explanation: A public cloud is owned by a provider and delivered over the Internet to many tenants, offering shared resources. Question 2. In the context of cloud service models, which layer abstracts the underlying hardware and provides a runtime environment for developers to build applications without managing servers? A) IaaS B) PaaS C) SaaS D) DaaS Answer: B Explanation: Platform as a Service (PaaS) offers a managed runtime, allowing developers to focus on code while the provider handles servers, storage, and networking. Question 3. Which cost model best describes the shift from capital expenditures (CapEx) to operating expenditures (OpEx) when adopting cloud services? A) Pay‑as‑you‑go B) Fixed‑price licensing C) Perpetual licensing D) Up‑front hardware purchase
Answer: A Explanation: Pay‑as‑you‑go charges for actual usage, converting traditional CapEx (hardware purchase) into OpEx (ongoing service fees). Question 4. Which AWS compute service runs code in response to events without provisioning or managing servers? A) EC B) Elastic Beanstalk C) Lambda D) ECS Answer: C Explanation: AWS Lambda is a serverless offering that executes functions triggered by events, eliminating server management. Question 5. What is the primary difference between block storage and object storage? A) Block storage is accessed via HTTP, object storage via iSCSI. B) Block storage presents raw volumes, object storage stores data as discrete objects with metadata. C) Object storage requires a file system, block storage does not. D) Block storage is only for archival, object storage is for hot data. Answer: B Explanation: Block storage provides raw disks for file systems, while object storage manages data as self‑contained objects with metadata, accessed via APIs. Question 6. Which Azure networking component isolates resources at the subnet level and provides a virtualized private network? A) Azure Firewall
Question 9. When designing a multi‑region architecture for high availability, which metric primarily determines the maximum tolerable data loss? A) RTO (Recovery Time Objective) B) RPO (Recovery Point Objective) C) SLA (Service Level Agreement) D) MTTR (Mean Time to Repair) Answer: B Explanation: RPO defines the acceptable amount of data loss measured in time; a lower RPO means less data can be lost. Question 10. Which Terraform construct allows you to reuse a set of resources across multiple environments? A) Provider block B) Variable C) Module D) Data source Answer: C Explanation: Modules encapsulate resource configurations, enabling reuse and consistent deployment across environments. Question 11. In AWS IAM, what is the primary purpose of an IAM Role? A) To store user passwords securely. B) To grant temporary permissions to AWS services or federated users. C) To enforce MFA for all users. D) To group users for billing purposes. Answer: B
Explanation: IAM Roles provide a set of permissions that can be assumed by services, applications, or federated identities without needing long‑term credentials. Question 12. Which principle ensures that a user or service is granted only the permissions required to perform its tasks? A) Defense in depth B) Principle of least privilege C) Zero trust D) Shared responsibility Answer: B Explanation: The principle of least privilege limits access to the minimum necessary, reducing the attack surface. Question 13. Which AWS service provides a centralized audit log of API calls made in an account? A) CloudWatch Logs B) CloudTrail C) Config D) GuardDuty Answer: B Explanation: AWS CloudTrail records API actions, enabling security analysis, compliance, and troubleshooting. Question 14. Which encryption method protects data at rest in Amazon S3 by default? A) Server‑Side Encryption with Customer‑Provided Keys (SSE‑C) B) Server‑Side Encryption with AWS‑Managed Keys (SSE‑S3) C) Client‑Side Encryption only
A) Service B) Deployment C) ConfigMap D) Ingress Answer: B Explanation: A Deployment declaratively manages replica sets, ensuring the desired number of pod instances are maintained. Question 18. Which networking concept defines a range of IP addresses using CIDR notation? A) Subnet mask only B) IPv6 address space C) Prefix length (e.g., /24) D) MAC address range Answer: C Explanation: CIDR notation combines an IP address with a prefix length, indicating how many bits constitute the network portion. Question 19. Which GCP storage class is optimized for data that is accessed less than once a year and offers the lowest cost? A) Standard B) Nearline C) Coldline D) Archive Answer: D Explanation: Archive storage is designed for long‑term retention with infrequent access, providing the cheapest per‑GB pricing.
Question 20. Which AWS service automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses? A) Route 53 B) Elastic Load Balancing (ELB) C) CloudFront D) API Gateway Answer: B Explanation: ELB (including Application, Network, and Classic load balancers) balances traffic across registered targets to improve availability and scalability. Question 21. What does the term “immutable infrastructure” refer to? A) Updating servers in place with patches. B) Replacing entire resources rather than modifying them. C) Using read‑only storage for all data. D) Disallowing any changes to IAM policies. Answer: B Explanation: Immutable infrastructure treats resources as disposable; changes are made by provisioning new instances and decommissioning old ones, enhancing consistency. Question 22. Which Azure feature allows you to enforce tagging policies across all resources in a subscription? A) Azure Policy B) Role‑Based Access Control (RBAC) C) Management Groups D) Azure Blueprints
B) Direct Connect C) VPC Peering D) Transit Gateway Answer: B Explanation: AWS Direct Connect establishes a dedicated Ethernet link, providing lower latency and more consistent throughput than internet‑based VPNs. Question 26. What is the purpose of a “Lifecycle Policy” in object storage services? A) To encrypt objects automatically. B) To define rules for transitioning objects between storage classes or deleting them. C) To replicate objects across regions. D) To enforce IAM permissions on objects. Answer: B Explanation: Lifecycle policies automate actions such as moving data to cheaper storage tiers or deleting old versions, optimizing cost. Question 27. Which GCP service provides managed, serverless execution of code in response to events? A) Compute Engine B) App Engine C) Cloud Functions D) Cloud Run Answer: C Explanation: Cloud Functions is GCP’s serverless offering that runs single‑purpose functions triggered by events.
Question 28. Which Azure resource type is used to group related resources for unified management, billing, and access control? A) Resource Group B) Subscription C) Management Group D) Tenant Answer: A Explanation: A Resource Group is a logical container for resources that share the same lifecycle, enabling collective operations. Question 29. In Kubernetes, which object provides a stable IP address and DNS name for a set of pods? A) Deployment B) Service C) DaemonSet D) StatefulSet Answer: B Explanation: A Service abstracts pod networking, offering a consistent endpoint irrespective of pod IP changes. Question 30. Which AWS monitoring service can create alarms based on custom metrics and trigger automated actions? A) CloudTrail B) CloudWatch C) Config D) GuardDuty Answer: B
D) Azure Table Storage Answer: B Explanation: Cosmos DB offers globally distributed, low‑latency NoSQL storage with multiple APIs (SQL, MongoDB, Cassandra, etc.). Question 34. Which AWS feature helps you enforce compliance by automatically checking resource configurations against best‑practice rules? A) GuardDuty B) Config Rules C) Security Hub D) Trusted Advisor Answer: B Explanation: AWS Config Rules evaluate resource configurations continuously and flag non‑compliant resources. Question 35. In a VPC, which component enables communication between instances in different subnets without traversing the internet? A) Internet Gateway B) NAT Gateway C) Route Table D) VPC Peering Answer: C Explanation: Route tables define internal routes that allow traffic to flow between subnets within the same VPC. Question 36. Which cloud‑native CI/CD tool is tightly integrated with AWS CodeCommit, CodeBuild, and CodeDeploy?
A) Jenkins B) GitLab CI C) AWS CodePipeline D) Azure DevOps Pipelines Answer: C Explanation: CodePipeline orchestrates source, build, test, and deployment stages using other AWS developer services. Question 37. Which GCP service is designed for large‑scale data warehousing and supports ANSI SQL queries? A) Cloud Datastore B) BigQuery C) Cloud Spanner D) Cloud SQL Answer: B Explanation: BigQuery is a fully managed, petabyte‑scale analytics data warehouse with fast, SQL‑based querying. Question 38. Which of the following best describes “serverless containers” such as AWS Fargate? A) Containers that run on dedicated EC2 instances you manage. B. Containers that automatically scale without managing underlying servers. C. Containers that require manual patching of the host OS. D. Containers that can only run batch jobs. Answer: B Explanation: Fargate abstracts the underlying compute, allowing containers to run and scale without provisioning EC2 instances.
Answer: B Explanation: Azure Traffic Manager routes client requests to the most appropriate endpoint using DNS‑based policies. Question 42. In Kubernetes, what is a “StatefulSet” primarily used for? A) Running stateless web servers. B) Managing pods that require stable network identities and persistent storage. C) Deploying Daemon processes on every node. D) Providing load balancing across services. Answer: B Explanation: StatefulSets guarantee ordered deployment and stable identifiers, making them ideal for databases and other stateful applications. Question 43. Which AWS mechanism allows you to enforce “read‑only” access to an S bucket for a specific IAM role? A) Bucket Policy B) VPC Endpoint C) IAM Access Analyzer D) CloudTrail Answer: A Explanation: A bucket policy can specify actions (e.g., s3:GetObject) allowed for a particular IAM principal, implementing read‑only permissions. Question 44. What is the purpose of “AWS Organizations” in a multi‑account environment? A) Provide a single sign‑on portal for all users. B) Consolidate billing and apply policies across member accounts.
C) Host container images centrally. D) Replace IAM roles. Answer: B Explanation: Organizations enables hierarchical account management, centralized billing, and policy enforcement across linked accounts. Question 45. Which Azure service offers a serverless, event‑driven compute platform that can also run container images? A) Azure Functions B) Azure Container Apps C) Azure Batch D) Azure Logic Apps Answer: B Explanation: Azure Container Apps provides a serverless environment for running containers with built‑in scaling and event triggers. Question 46. Which GCP feature allows you to define and enforce organization‑wide constraints such as “no public IPs allowed”? A) Organization Policy Service B) Cloud IAM C) VPC Service Controls D) Cloud Armor Answer: A Explanation: Organization Policy lets administrators set guardrails (constraints) that apply to all projects under the organization. Question 47. What does “RTO” stand for, and what does it measure?
Question 50. Which GCP tool helps you visualize and manage your cloud resources as a graph of dependencies? A) Cloud Deployment Manager B) Cloud Console C) Cloud Asset Inventory D) Cloud Graph Explorer (formerly Cloud Resource Manager) Answer: A Explanation: Deployment Manager uses configuration files to define resources and their relationships, enabling visual and programmatic management. Question 51. Which AWS feature can be used to restrict API calls to specific AWS Regions? A) Service Control Policies (SCP) in AWS Organizations B) IAM Inline Policies C) VPC Endpoint Policies D) CloudWatch Alarms Answer: A Explanation: SCPs allow organization administrators to whitelist or blacklist actions, including region‑specific API calls. Question 52. What is the main advantage of using “spot instances” in a cloud environment? A) Guaranteed uptime B) Lower cost by utilizing unused capacity C) Higher network bandwidth D) Built‑in encryption at rest
Answer: B Explanation: Spot instances are offered at discounted rates because they use excess capacity; they can be terminated when the provider needs the resources back. Question 53. Which Azure service provides a managed, distributed message queue with support for publish/subscribe patterns? A) Service Bus B) Event Grid C) Queue Storage D) Event Hubs Answer: A Explanation: Azure Service Bus offers queues and topics for reliable messaging and pub/sub scenarios. Question 54. In Kubernetes, what is the purpose of a “Ingress” resource? A) To store container images. B) To expose HTTP/HTTPS routes to services inside the cluster. C) To define persistent volumes. D) To schedule pods on specific nodes. Answer: B Explanation: Ingress defines external access rules (e.g., host/path routing) for HTTP/HTTPS traffic to internal services. Question 55. Which AWS service helps you detect anomalous behavior and potential security threats using machine learning? A) GuardDuty B) Inspector