Cloud Native Developer IT Professional Program Practice Exam, Exams of Technology

This exam evaluates comprehensive cloud-native development skills including Kubernetes application delivery, microservices design, container build strategies, CI/CD pipelines, GitOps, service mesh concepts, and cloud-native security. Candidates solve hands-on scenarios involving troubleshooting distributed systems, designing scalable APIs, implementing observability stacks, and applying best practices in container lifecycle management. Includes case-study-driven architecture questions and practical code-review assessments.

Typology: Exams

2025/2026

Available from 01/12/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 106

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cloud Native Developer IT Professional
Program Practice Exam
**Question 1.** Which principle of the TwelveFactor App ensures that code is never locked to
a specific deployment environment?
A) Config
B) Dependencies
C) Build, release, run
D) Disposability
Answer: B
Explanation: The “Dependencies” factor requires declaring all external libraries explicitly,
preventing hidden ties to a particular environment.
**Question 2.** In a microservices architecture, which pattern is most appropriate for reducing
latency when a client must call multiple services to assemble a response?
A) Circuit Breaker
B) API Gateway aggregation
C) Sidecar proxy
D) Bulkhead
Answer: B
Explanation: API Gateway aggregation composes calls to several services into a single request,
minimizing roundtrip latency.
**Question 3.** When choosing between clientside and serverside service discovery, which
statement is true?
A) Clientside discovery eliminates the need for a load balancer.
B) Serverside discovery provides DNSstyle resolution for pods.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Cloud Native Developer IT Professional Program Practice Exam and more Exams Technology in PDF only on Docsity!

Program Practice Exam

Question 1. Which principle of the Twelve‑Factor App ensures that code is never locked to a specific deployment environment? A) Config B) Dependencies C) Build, release, run D) Disposability Answer: B Explanation: The “Dependencies” factor requires declaring all external libraries explicitly, preventing hidden ties to a particular environment. Question 2. In a microservices architecture, which pattern is most appropriate for reducing latency when a client must call multiple services to assemble a response? A) Circuit Breaker B) API Gateway aggregation C) Sidecar proxy D) Bulkhead Answer: B Explanation: API Gateway aggregation composes calls to several services into a single request, minimizing round‑trip latency. Question 3. When choosing between client‑side and server‑side service discovery, which statement is true? A) Client‑side discovery eliminates the need for a load balancer. B) Server‑side discovery provides DNS‑style resolution for pods.

Program Practice Exam

C) Client‑side discovery requires each service to embed the discovery logic. D) Server‑side discovery cannot be used with Kubernetes. Answer: C Explanation: In client‑side discovery, the client library queries a registry (e.g., Consul) and selects an instance, embedding discovery logic. Question 4. Which of the following best describes a “cold start” in Function‑as‑a‑Service (FaaS) platforms? A) The function exceeds its memory limit. B) The runtime container must be initialized before executing the request. C) The function receives an unhandled exception. D) The function is throttled due to concurrency limits. Answer: B Explanation: A cold start occurs when the platform must spin up a new execution environment before handling the first invocation. Question 5. In Docker, which instruction creates a new build stage that can be referenced later to copy artifacts? A) FROM B) RUN C) COPY D) LABEL Answer: A

Program Practice Exam

A) Deployment B) ReplicaSet C) StatefulSet D) CronJob Answer: C Explanation: StatefulSets provide stable pod names, ordered startup, and persistent volume claims, ideal for stateful databases. Question 9. Which Service type exposes an application inside the cluster only, without allocating an external IP? A) LoadBalancer B) NodePort C) ClusterIP D) ExternalName Answer: C Explanation: ClusterIP creates an internal virtual IP accessible only within the cluster. Question 10. In Kubernetes networking, what does a NetworkPolicy with policyTypes: [Ingress] control? A) Outbound traffic from pods B) Inbound traffic to pods C) DNS resolution for services D) Pod-to-pod traffic on the same node

Program Practice Exam

Answer: B Explanation: An Ingress‑only NetworkPolicy restricts which sources may send traffic to selected pods. Question 11. Which of the following is NOT a typical use case for a sidecar container? A) Log forwarding B) Service mesh proxy C) Primary business logic processing D) Credential rotation Answer: C Explanation: The sidecar pattern is for auxiliary tasks; the main application logic runs in the primary container. Question 12. Which CI tool natively integrates with Google Cloud Build to trigger builds on commits to a Cloud Source Repository? A) Jenkins B) CircleCI C) Cloud Build D) Travis CI Answer: C Explanation: Cloud Build can be configured to watch Cloud Source Repositories and start builds automatically.

Program Practice Exam

C) delta() D) irate() Answer: B Explanation: rate(metric[5m]) returns per‑second average rate of increase for a counter over the specified window. Question 16. In OpenTelemetry, which component is responsible for sending collected trace data to a backend like Jaeger? A) Collector B) Exporter C) Instrumentation library D) Span processor Answer: B Explanation: Exporters serialize and forward telemetry data to tracing back‑ends. Question 17. Which Kubernetes probe is executed before a container is considered “started” and therefore ready to receive traffic? A) Liveness probe B) Readiness probe C) Startup probe D) Health probe Answer: C

Program Practice Exam

Explanation: The startup probe disables other probes until it succeeds, allowing containers with long initialization. Question 18. Which IAM role in GKE grants a service account permission to pull images from Artifact Registry? A) roles/container.developer B) roles/artifactregistry.reader C) roles/compute.instanceAdminV D) roles/iam.serviceAccountUser Answer: B Explanation: roles/artifactregistry.reader permits read‑only access to repositories for image pulls. Question 19. Which security mechanism provides mutual authentication between services in a service mesh? A) OAuth B) JWT C) mTLS D) API keys Answer: C Explanation: Mutual TLS (mTLS) establishes bidirectional certificate verification, ensuring both client and server authenticate each other. Question 20. In a supply‑chain security context, what does SBOM stand for?

Program Practice Exam

Answer: B Explanation: Ingress resources define HTTP(S) routing rules, allowing path‑based traffic distribution to multiple services. Question 23. Which of the following is a primary benefit of using a multi‑stage Docker build? A) Reducing runtime memory consumption B) Eliminating the need for a base image C) Removing build‑time dependencies from the final image D) Enabling automatic scaling of containers Answer: C Explanation: Multi‑stage builds allow copying only the compiled artifact into the final stage, leaving behind build tools and libraries. Question 24. In a Kubernetes Deployment, what does the strategy.type: RollingUpdate field control? A) How many replicas are created at startup B) The order in which pods are terminated during scale‑down C) The process of gradually replacing old pods with new ones D) Whether the Deployment uses a Service account Answer: C Explanation: RollingUpdate defines the max surge and max unavailable pods to achieve a smooth transition.

Program Practice Exam

Question 25. Which of the following is an example of a “stateless” design principle for cloud‑native services? A) Storing session data in a local file system B) Caching user preferences in memory without replication C) Using an external Redis cluster for session storage D) Maintaining a per‑instance counter in process memory Answer: C Explanation: Offloading state to an external, shared store (Redis) ensures any instance can handle a request, achieving statelessness. Question 26. Which Cloud‑Native pattern helps prevent cascading failures by limiting the number of concurrent calls to a downstream service? A) Retry B) Circuit Breaker C) Bulkhead D) Rate Limiter Answer: C Explanation: Bulkhead isolates resources (e.g., thread pools) so failure in one component does not exhaust resources for others. Question 27. In GKE Autopilot, which of the following responsibilities is still managed by the user? A) Node pool provisioning

Program Practice Exam

Answer: A Explanation: The sidecar.istio.io/inject: "true" annotation tells the Istio webhook to inject the Envoy sidecar. Question 30. Which of the following is the most appropriate way to store database credentials for a containerized application in GKE? A) Hard‑code them in the Dockerfile B) Pass them as command‑line arguments C) Store them in a ConfigMap D) Store them in a Secret and mount as a volume Answer: D Explanation: Secrets provide base64‑encoded data and can be mounted as files or exposed as env vars, keeping credentials out of plain text. Question 31. Which of the following CI/CD practices helps ensure that only validated images are promoted to production? A) Manual approval after each build B) Image signing with Notary and verification in the deployment pipeline C) Using latest tag for all environments D) Deploying directly from the developer’s workstation Answer: B Explanation: Image signing creates a cryptographic guarantee of provenance; verification blocks unsigned or tampered images from reaching prod.

Program Practice Exam

Question 32. Which Prometheus metric type is best suited for representing a gauge of current active connections? A) Counter B) Gauge C) Histogram D) Summary Answer: B Explanation: Gauges can go up and down, making them ideal for tracking instantaneous values like active connections. Question 33. Which of the following is a primary advantage of using gRPC over traditional REST for inter‑service communication? A) Human‑readable JSON payloads B) Built‑in caching mechanisms C) Binary protocol with contract‑first interfaces and lower latency D) Automatic API documentation generation Answer: C Explanation: gRPC uses Protocol Buffers (binary) and generates stubs from .proto files, offering efficient, low‑latency communication. Question 34. In a Kubernetes cluster, which component watches for changes in desired state and creates/deletes pods accordingly? A) kubelet B) kube-proxy

Program Practice Exam

Explanation: Fluentd has a native Google Cloud Logging plugin and is the default log collector in GKE. Question 37. Which Kubernetes resource is used to store non‑confidential configuration data that can be consumed as environment variables or volume files? A) Secret B) ConfigMap C) PersistentVolume D) Service Answer: B Explanation: ConfigMaps hold key‑value pairs for configuration and can be injected into pods via env vars or mounted volumes. Question 38. Which of the following is a recommended practice for reducing the attack surface of container images? A) Use the latest ubuntu base image for every service B) Run containers as root user C) Remove unnecessary packages and use minimal base images like distroless or alpine D) Include debugging tools in production images Answer: C Explanation: Minimal images reduce the number of binaries that could be exploited and shrink the overall attack surface. Question 39. Which of the following Kubernetes objects can be used to schedule a periodic job that runs every day at midnight?

Program Practice Exam

A) Deployment B) CronJob C) StatefulSet D) Job Answer: B Explanation: CronJob defines a schedule using Cron syntax and creates Jobs at the specified times. Question 40. In the context of IaC, what does “idempotent” mean? A) The operation can be performed only once. B) Applying the same configuration multiple times yields the same result without side effects. C) The code automatically scales resources. D) Resources are destroyed after each apply. Answer: B Explanation: Idempotent operations ensure that repeated applications do not change the system beyond the intended state. Question 41. Which of the following best explains the purpose of a “Readiness probe” in Kubernetes? A) Detects if a container has crashed and needs to be restarted B) Determines whether a pod should receive traffic from Services C) Checks if the node has sufficient resources to run a pod D) Validates the container image signature before launch

Program Practice Exam

Question 44. Which of the following tools can generate a Software Bill of Materials (SBOM) for a container image? A) kubectl B) trivy C) helm D) terraform Answer: B Explanation: Trivy can scan images and output an SBOM listing all included packages and versions. Question 45. Which of the following is a key characteristic of “disposability” in cloud‑native applications? A) Applications must retain state across restarts. B) Processes should start quickly and shut down gracefully. C) Services must never be terminated once started. D) Containers should never be deleted. Answer: B Explanation: Disposability emphasizes fast startup and graceful termination to enable rapid scaling and resilience. Question 46. Which Kubernetes object can be used to expose a Service outside the cluster without allocating a cloud load balancer? A) NodePort B) ClusterIP

Program Practice Exam

C) ExternalName D) Ingress with a NodePort backend Answer: D Explanation: An Ingress can be configured with a NodePort service backend, allowing external traffic via the node’s IP and port without a cloud LB. Question 47. Which of the following statements about “immutable infrastructure” is true? A) Servers are patched in place after deployment. B) Changes are applied by updating the existing instances. C) New instances are provisioned with the desired state, and old ones are terminated. D) Configuration files are edited directly on running VMs. Answer: C Explanation: Immutable infrastructure avoids in‑place changes; updates are performed by replacing resources with new versions. Question 48. Which of the following is NOT a typical responsibility of a CI pipeline? A) Static code analysis B) Deploying to production without approval C) Running unit tests D) Building Docker images Answer: B Explanation: Deploying to production without approval is a CD or release‑management activity, not a core CI function.