




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Tests readiness in cloud-native development using Kubernetes, containerization, microservices patterns, CI/CD, GitOps, API design, Helm, security basics, and cloud-native troubleshooting. Scenario-driven activities replicate production-grade development tasks, deployments, and debugging under realistic conditions.
Typology: Exams
1 / 106
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which of the following best describes the “Codebase” factor in the 12‑Factor App methodology? A) Store all configuration in environment variables B) Use a single repository for the entire application code C) Keep the database schema versioned with the code D) Deploy each service as an independent container Answer: B Explanation: The Codebase factor states that an app should have one codebase tracked in version control, which may be deployed to many environments. Question 2. In the CAP theorem, which combination is guaranteed for a distributed system that prioritizes availability and partition tolerance? A) Consistency and Availability B) Consistency and Partition tolerance C) Availability and Partition tolerance D) None of the above Answer: C Explanation: When a system chooses Availability and Partition tolerance, it may sacrifice strong consistency, providing eventual consistency instead. Question 3. Which cloud service model provides the most control over the operating system and runtime environment? A) SaaS B) PaaS
C) IaaS D) FaaS Answer: C Explanation: Infrastructure as a Service (IaaS) gives users control over OS, networking, and storage, while higher-level services abstract these details. Question 4. In Docker, which instruction is used to copy files from the build context into the image while preserving permissions? A) ADD B) COPY C) RUN D) WORKDIR Answer: B Explanation: The COPY instruction copies files/directories from the context into the image and retains file permissions. Question 5. What is the primary benefit of using a multi‑stage Docker build? A) Enables automatic container scaling B) Reduces final image size by discarding build‑time dependencies C) Allows multiple containers to share the same network namespace D) Provides built‑in health checks Answer: B
A) Service B) Deployment C) ConfigMap D) Ingress Answer: B Explanation: A Deployment manages ReplicaSets, which in turn maintain the specified number of pod replicas. Question 9. Which Service type exposes a workload on a static port of each node’s IP address? A) ClusterIP B) NodePort C) LoadBalancer D) ExternalName Answer: B Explanation: NodePort allocates a port on every node, forwarding traffic to the underlying Pods. Question 10. What is the purpose of an Ingress controller in a Kubernetes cluster? A) Provide internal DNS resolution for Services B) Persist data across Pod restarts C) Route external HTTP/HTTPS traffic to Services based on rules D) Automatically scale Deployments
Answer: C Explanation: An Ingress controller implements the Ingress resource, directing incoming HTTP/HTTPS requests to appropriate Services. Question 11. Which Kubernetes object is best suited for storing non‑confidential configuration data as key‑value pairs? A) Secret B) ConfigMap C) PersistentVolume D) ServiceAccount Answer: B Explanation: ConfigMaps hold plain‑text configuration data, while Secrets are intended for sensitive information. Question 12. How does a Kubernetes Secret differ from a ConfigMap? A) Secrets are stored in etcd unencrypted, ConfigMaps are encrypted B) Secrets are base64‑encoded and can be mounted as files with restricted permissions C) Secrets can only be used by Pods in the default namespace D) Secrets automatically rotate their values every hour Answer: B Explanation: Secrets are base64‑encoded (and can be encrypted at rest) and are typically mounted with read‑only permissions for security.
D) priorityClassName Answer: B Explanation: resources.requests.cpu specifies the guaranteed CPU share for the container. Question 16. In Prometheus, which metric type is appropriate for tracking the total number of HTTP requests received? A) Gauge B) Counter C) Histogram D) Summary Answer: B Explanation: Counters only increase, making them ideal for counting events like total requests. Question 17. Which Grafana feature allows you to visualize the same Prometheus query across multiple dashboards with a single edit? A) Data source templating B) Dashboard provisioning C) Variables D) Alerting rules Answer: C Explanation: Variables let you parameterize queries; updating the variable definition propagates changes across all panels that use it.
Question 18. What does the OpenTelemetry Collector do in a distributed tracing setup? A) Stores trace data directly in a relational database B) Converts trace data between different vendor formats and forwards it to back‑ends C) Generates synthetic traffic for load testing D) Encrypts all inbound HTTP requests Answer: B Explanation: The OpenTelemetry Collector receives telemetry, optionally processes it, and exports it to tracing back‑ends like Jaeger. Question 19. Which HTTP status code is most appropriate for a readiness probe that determines a pod is not yet ready to serve traffic? A) 200 OK B) 404 Not Found C) 500 Internal Server Error D) 503 Service Unavailable Answer: D Explanation: A 503 signals that the service is temporarily unavailable, causing the endpoint to be marked NotReady. Question 20. In a CI pipeline, which stage should run after unit tests but before building a Docker image? A) Linting B) Integration testing C) Deployment
Question 23. Which deployment strategy creates a complete duplicate environment before switching traffic? A) Rolling update B) Canary release C) Blue‑Green deployment D) Recreate strategy Answer: C Explanation: Blue‑Green deploys a full new version (green) alongside the current one (blue) and then redirects traffic. Question 24. What is the primary purpose of a Helm chart’s values.yaml file? A) Define the Kubernetes API version used by the chart B) Store default configuration values that can be overridden at install time C) List all container images required by the chart D) Provide a README for chart users Answer: B Explanation: values.yaml contains default values for templated fields; users can supply their own overrides. Question 25. Which GitOps tool continuously reconciles the desired state stored in a Git repository with the actual state in a Kubernetes cluster? A) Jenkins B) Argo CD
C) Docker Compose D) Terraform Answer: B Explanation: Argo CD monitors Git for changes and applies them to the cluster, embodying GitOps principles. Question 26. In Kubernetes RBAC, which resource grants a ServiceAccount permission to list Pods in a namespace? A) RoleBinding B) ClusterRoleBinding C) Service D) ConfigMap Answer: A Explanation: A Role defines namespace‑scoped permissions; a RoleBinding attaches that Role to a ServiceAccount. Question 27. Which NetworkPolicy rule would block all inbound traffic to pods labeled app=frontend from any other namespace? A) Allow from all pods in the same namespace B) Deny all ingress traffic (default deny) C) Allow from pods with label app=frontend in any namespace D) Allow from CIDR 0.0.0.0/ Answer: B
A) Deletes all existing Pods before creating new ones, causing downtime B) Performs a rolling update with zero downtime C) Creates a new ReplicaSet without deleting the old one D) Automatically scales the Deployment based on CPU usage Answer: A Explanation: The Recreate strategy terminates all existing Pods before starting replacements, leading to a brief outage. Question 31. Which of the following is a characteristic of a stateless microservice? A) Stores session data in local memory B) Relies on external backing services for persistence C) Requires sticky sessions at the load balancer D) Maintains in‑process caches that survive pod restarts Answer: B Explanation: Stateless services keep no client‑specific state; any required data is stored in external services like databases or caches. Question 32. In the 12‑Factor App, which factor recommends that config should never be stored in the code repository? A) Config B) Dependencies C) Backing services D) Processes
Answer: A Explanation: The Config factor dictates that configuration be stored in environment variables, not in the codebase. Question 33. What does the term “bounded context” refer to in microservices design? A) A single database schema shared by all services B) The set of APIs exposed to external clients C) A logical boundary within which a particular domain model is consistent D) The maximum number of containers a service can run Answer: C Explanation: Bounded context isolates domain models so each service has its own consistent language and rules. Question 34. Which of the following best illustrates eventual consistency? A) A read after write always returns the latest value B) All replicas are synchronized instantaneously after an update C) A system may return stale data for a short period after a write, but will converge eventually D) Transactions are ACID compliant across all nodes Answer: C Explanation: Eventual consistency accepts temporary divergence, guaranteeing convergence over time. Question 35. Which Kubernetes object can be used to expose a Service outside the cluster without a cloud load balancer?
Answer: C Explanation: The last FROM statement defines the final stage; naming it (e.g., AS final) allows referencing earlier stages. Question 38. Which Kubernetes feature automatically replaces a failed Pod to maintain the desired replica count? A) Horizontal Pod Autoscaler B) ReplicaSet controller C) PodDisruptionBudget D) DaemonSet Answer: B Explanation: The ReplicaSet controller monitors Pods and creates new ones when any replica fails. Question 39. What is the purpose of a ServiceAccount token mounted into a Pod? A) To provide the Pod with network bandwidth limits B) To authenticate the Pod to the Kubernetes API server for in‑cluster operations C) To encrypt all traffic leaving the Pod D) To store application logs persistently Answer: B Explanation: ServiceAccount tokens allow Pods to securely call the Kubernetes API using the associated permissions.
Question 40. Which of the following is a primary advantage of using Serverless (FaaS) over traditional containers for short‑lived tasks? A) Full control over the underlying OS B) Predictable cold‑start latency for all workloads C) Automatic scaling to zero when idle, reducing cost D) Ability to run stateful workloads with local storage Answer: C Explanation: FaaS platforms scale functions to zero when not in use, eliminating idle resource costs. Question 41. In Prometheus, what does the rate() function compute? A) The average value of a gauge over a time window B) The per‑second increase of a counter over a specified interval C) The total sum of a histogram bucket D) The percentile of a summary metric Answer: B Explanation: rate() calculates the per‑second increase of a counter, useful for deriving request rates. Question 42. Which of the following is NOT a recommended practice when writing a Dockerfile for production images? A) Use a minimal base image such as alpine B) Install unnecessary debugging tools to aid troubleshooting C) Remove build‑time dependencies in a later stage
Question 45. Which Helm hook type is executed before any resources in the chart are installed? A) post-install B) pre-delete C) pre-install D) post-upgrade Answer: C Explanation: pre-install hooks run prior to the chart’s normal resources being applied. Question 46. In a GitOps workflow, what is the typical trigger for a deployment rollout? A) A manual kubectl apply command B) A push to the main branch of the Git repository that holds the manifests C) A cron job that runs every hour D) An HTTP webhook from a third‑party monitoring tool Answer: B Explanation: GitOps continuously watches the Git repo; a commit to the desired branch triggers reconciliation. Question 47. Which Kubernetes construct can be used to ensure that only Pods with a specific label can communicate with each other? A) Service B) NetworkPolicy C) ConfigMap D) HorizontalPodAutoscaler
Answer: B Explanation: NetworkPolicy can restrict ingress/egress based on pod selectors and namespace selectors. Question 48. What is the effect of setting readOnlyRootFilesystem: true in a Pod’s securityContext? A) The container can write to any mounted volume B) The container’s root filesystem is mounted as read‑only, preventing writes to the image layers C) The container runs as a privileged user D) The container is prohibited from using any network interfaces Answer: B Explanation: This setting makes the container’s root filesystem immutable, improving security. Question 49. Which of the following best describes a “canary release” in Kubernetes? A) Deploying a new version to 100% of pods at once B) Rolling out the new version to a small subset of pods while monitoring metrics before full rollout C) Creating a separate namespace for the new version and switching DNS entries manually D) Using a Recreate strategy to replace all pods at once Answer: B Explanation: Canary releases expose a limited fraction of traffic to the new version, allowing validation before full deployment.