COA Certified OpenStack Administrator Practice Exam, Exams of Technology

This practice exam is for those seeking certification as an OpenStack Administrator. Topics include managing and configuring OpenStack services, implementing cloud infrastructure, and troubleshooting common OpenStack issues. Candidates will demonstrate their ability to deploy and maintain OpenStack environments.

Typology: Exams

2025/2026

Available from 12/25/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 87

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
COA Certified OpenStack Administrator
Practice Exam
**Question 1.** Which OpenStack service provides the central identity, authentication, and
service catalog functionality?
A) Nova
B) Keystone
C) Glance
D) Neutron
Answer: B
Explanation: Keystone is the identity service that authenticates users, issues tokens, and
maintains the service catalog for other OpenStack components.
**Question 2.** In Horizon, what is the primary purpose of a “Project” (also called a tenant)?
A) To store VM images
B) To group users and isolate resources
C) To define network subnets
D) To manage compute host aggregates
Answer: B
Explanation: Projects provide logical isolation of resources (instances, volumes, networks) for a
set of users, enabling multitenancy.
**Question 3.** Which of the following best describes RoleBased Access Control (RBAC) in
OpenStack?
A) Assigning network CIDRs to users
B) Granting permissions through roles such as _member_ or _admin_
C) Defining VM flavors per user
D) Setting quota limits per project
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57

Partial preview of the text

Download COA Certified OpenStack Administrator Practice Exam and more Exams Technology in PDF only on Docsity!

Practice Exam

Question 1. Which OpenStack service provides the central identity, authentication, and service catalog functionality? A) Nova B) Keystone C) Glance D) Neutron Answer: B Explanation: Keystone is the identity service that authenticates users, issues tokens, and maintains the service catalog for other OpenStack components. Question 2. In Horizon, what is the primary purpose of a “Project” (also called a tenant)? A) To store VM images B) To group users and isolate resources C) To define network subnets D) To manage compute host aggregates Answer: B Explanation: Projects provide logical isolation of resources (instances, volumes, networks) for a set of users, enabling multi‑tenancy. Question 3. Which of the following best describes Role‑Based Access Control (RBAC) in OpenStack? A) Assigning network CIDRs to users B) Granting permissions through roles such as member or admin C) Defining VM flavors per user D) Setting quota limits per project Answer: B

Practice Exam

Explanation: RBAC uses roles to control what actions a user can perform within a project; common roles are member and admin. Question 4. When creating a new user in Keystone, which attribute must be supplied to allow password‑based authentication? A) Public key B) Email address C) Password D) Domain ID Answer: C Explanation: Password‑based authentication requires the user’s password; other methods like token or SSH key are optional. Question 5. Which Horizon panel allows you to view and manage the service catalog? A) Compute → Instances B) Identity → Projects C) Admin → System → Service Catalog D) Network → Networks Answer: C Explanation: The Service Catalog is under the Admin → System section, where services and their endpoints are listed. Question 6. What is the default state of a Nova instance immediately after the “Launch Instance” command is issued? A) ACTIVE B) BUILDING C) SHUTOFF

Practice Exam

B) ram C) instances D) volumes Answer: C Explanation: The instances quota limits the total number of Nova instances a project can launch. Question 10. How does Nova authenticate API requests from the CLI? A) By reading a local configuration file only B) By using a token obtained from Keystone C) By sending the user’s password in clear text D) By connecting directly to the hypervisor Answer: B Explanation: The CLI obtains a token from Keystone and includes it in each request for authentication. Question 11. Which of the following is NOT a valid method to generate an SSH key pair for instance access? A) openstack keypair create B) ssh-keygen on the client machine C) Horizon → Compute → Key Pairs → Create Key Pair D) nova keypair list Answer: D Explanation: nova keypair list only lists existing key pairs; it does not generate a new pair. Generation is done via openstack keypair create, ssh-keygen, or Horizon UI.

Practice Exam

Question 12. What is the purpose of a host aggregate in Nova? A) To group images by format B) To group compute hosts with similar characteristics for scheduling C) To define security groups for instances D) To create shared volumes across projects Answer: B Explanation: Host aggregates allow administrators to tag compute hosts (e.g., by hardware type or location) so the scheduler can place instances accordingly. Question 13. Which metadata key is commonly used to schedule instances on a specific host aggregate? A) aggregate_name B) availability_zone C) host_name D) aggregate_id Answer: B Explanation: The availability_zone metadata (or scheduler_hints with group/az) guides the scheduler to select hosts from the specified aggregate. Question 14. When uploading an image to Glance, which property describes the format of the image file itself? A) container_format B) disk_format C) min_ram D) visibility Answer: A

Practice Exam

D) openstack volume snapshot create Answer: B Explanation: openstack server image create captures the current state of an instance and registers it as a Glance image. Question 18. In Neutron, what is the function of a provider network? A) To provide DHCP services to tenant networks B) To map a virtual network directly to a physical network segment C) To isolate tenant traffic from the external world D) To create floating IP pools automatically Answer: B Explanation: Provider networks expose the underlying physical network (e.g., VLAN, flat) to tenants, bypassing overlay abstractions. Question 19. Which Neutron resource defines the IP address range and DHCP settings for a network? A) Router B) Subnet C) Port D) Security group Answer: B Explanation: Subnets are attached to networks and contain CIDR, gateway, and DHCP configuration. Question 20. When configuring a Neutron router, which interface must be attached to a tenant network to enable internal routing? A) External gateway interface

Practice Exam

B) Subnet interface C) Router interface (add‑interface) D) Floating IP interface Answer: C Explanation: Adding an interface (port) to the router connects the tenant network, allowing routing between internal subnets and the external gateway. Question 21. What does SNAT stand for, and what is its purpose in Neutron? A) Source Network Address Translation; it allows instances to reach external networks using the router’s IP B) Secure Network Access Tunnel; it encrypts tenant traffic C) Subnet Network Allocation Table; it stores IP allocations D) Service Network Authentication Token; it validates API calls Answer: A Explanation: SNAT translates the source IP of outbound traffic from an instance to the router’s external IP, enabling internet access. Question 22. Which security group rule would allow inbound SSH traffic from any IP address? A) egress rule, protocol TCP, port 22, remote IP 0.0.0.0/ B) ingress rule, protocol TCP, port 22, remote IP 0.0.0.0/ C) ingress rule, protocol ICMP, port - 1, remote IP 0.0.0.0/ D) egress rule, protocol UDP, port 22, remote IP 0.0.0.0/ Answer: B Explanation: An ingress rule for TCP port 22 with source CIDR 0.0.0.0/0 opens SSH from any address.

Practice Exam

Question 26. Which operation allows an instance to boot directly from a Cinder volume? A) Volume boot (boot from volume) B) Image boot (boot from Glance) C) Snapshot boot (boot from snapshot) D) Live migration boot Answer: A Explanation: Booting from volume creates a volume‑backed instance, using the Cinder volume as the root disk. Question 27. In Swift, what is the primary purpose of a container? A) To hold virtual machine images for Glance B) To provide a logical namespace for storing objects C) To define network subnets for tenants D) To group security group rules Answer: B Explanation: Containers are analogous to directories; they organize objects (files) and can have ACLs applied. Question 28. Which Swift ACL header grants read access to the public for a container? A) X-Container-Read: .r:,.rlistings B) X-Container-Write: .r: C) X-Container-Meta: public=yes D) X-Container-Read: .r:* Answer: A Explanation: The .r:* grants read to anyone, and .rlistings allows listing the container contents.

Practice Exam

Question 29. Which log file typically contains authentication failures for Keystone on a controller node? A) /var/log/nova/nova-compute.log B) /var/log/neutron/neutron-server.log C) /var/log/keystone/keystone.log D) /var/log/cinder/cinder-volume.log Answer: C Explanation: Keystone logs its own authentication events in /var/log/keystone/keystone.log. Question 30. If an instance cannot reach the external network, which of the following is the most likely cause? A) Missing security group egress rule B) Incorrect image format C) Disabled Cinder service D) Unassigned flavor Answer: A Explanation: Egress rules control outbound traffic; without an allow‑all egress rule, the instance cannot send packets to the internet. Question 31. Which command checks the health of all OpenStack services on a controller node? A) openstack service list --all B) systemctl status openstack-* C) openstack hypervisor list D) openstack compute service list

Practice Exam

C) System → Information → Tokens D) It is not displayed in the UI for security reasons Answer: D Explanation: Horizon does not expose the token ID in the UI to avoid leaking credentials. Question 35. Which of the following is a valid container format for a Glance image? A) qcow B) raw C) bare D) vhdx Answer: C Explanation: bare is a container format indicating no additional packaging; qcow2 and raw are disk formats. Question 36. What does the Neutron “router_external” attribute indicate when set to True on a network? A) The network can be used as a provider network only B) The network is a public/external network for floating IPs and gateway connections C) The network is isolated from all other networks D) The network automatically assigns security groups to instances Answer: B Explanation: An external network is used for floating IP allocation and as the gateway for routers to reach the internet. Question 37. Which OpenStack service provides the block storage functionality that can be attached to instances?

Practice Exam

A) Nova B) Cinder C) Glance D) Neutron Answer: B Explanation: Cinder is the block storage service; it creates volumes that can be attached/detached from Nova instances. Question 38. When creating a new security group rule, which direction does “egress” refer to? A) Traffic entering the instance B) Traffic leaving the instance C) Traffic between two instances in the same project D) Traffic that is dropped by the firewall Answer: B Explanation: “Egress” rules govern outbound traffic from the instance to other destinations. Question 39. Which command lists all available flavors in the cloud? A) openstack flavor list B) nova flavor-list C) glance image-list --flavor D) neutron flavor-show Answer: A Explanation: The unified CLI uses openstack flavor list to display all defined flavors.

Practice Exam

Explanation: min_ram defines the minimum RAM an instance must have to boot from the image. Question 43. Which Neutron command creates a new security group named “web‑sg”? A) openstack security group create web-sg B) neutron security-group-create web-sg C) openstack network security group create web-sg D) neutron sg-create web-sg Answer: B Explanation: The legacy neutron CLI uses neutron security-group-create; the unified CLI uses openstack security group create. Question 44. When a Cinder volume snapshot is created, what is its relationship to the original volume? A) It is a full copy stored as a new volume B) It is a point‑in‑time reference that can be used to create a new volume C) It deletes the original volume automatically D) It converts the volume to an image in Glance Answer: B Explanation: A snapshot captures the state of a volume at a specific time and can be used to create new volumes later. Question 45. Which of the following is a typical cause of a “404 Not Found” error when accessing a Nova instance via its floating IP? A) The instance has no security group allowing inbound ICMP B) The floating IP is not associated with any port C) The image used is corrupted

Practice Exam

D) The compute host is down Answer: B Explanation: If a floating IP is not attached to a port (i.e., not associated with an instance), traffic to that IP will result in a 404 from the Neutron API. Question 46. In Horizon, which tab allows you to view the service catalog endpoints? A) Admin → System → Services B) Identity → Projects → Endpoints C) System → Information → Endpoints D) Settings → API Access → Endpoints Answer: C Explanation: The “System → Information → Endpoints” page lists all service catalog endpoints. Question 47. What does the “admin_state_up” attribute of a Neutron router control? A) Whether the router forwards traffic (True) or is disabled (False) B) Whether the router can be deleted C) Whether the router is visible in the Horizon UI D) Whether the router uses NAT or routing only Answer: A Explanation: admin_state_up set to False disables the router’s forwarding function. Question 48. Which of the following is the correct order of steps to attach a Cinder volume to a running instance using the CLI? A) openstack server add volume, openstack volume attach, openstack server set B) openstack volume attach C) openstack server add volume

Practice Exam

C) openstack ip floating list D) neutron fip-list Answer: A Explanation: The unified CLI uses openstack floating ip list to display allocated floating IPs. Question 52. In Cinder, what does the “bootable” flag indicate for a volume? A) The volume can be used as a root disk when launching an instance B) The volume can be attached to multiple instances simultaneously C) The volume is automatically encrypted D) The volume is a snapshot of an image Answer: A Explanation: Setting a volume as “bootable” allows it to be used as the source for a volume‑backed instance. Question 53. Which of the following is a valid way to share a Glance image with another project without making it public? A) Set visibility to public and use project‑level ACLs B) Use the “member” feature to add the target project as a member of the image C) Copy the image to the target project manually D) Export the image to Swift and import it in the other project Answer: B Explanation: Glance supports image sharing via the “member” list, allowing specific projects to access a private image. Question 54. When configuring a Neutron provider network with VLAN segmentation, which parameter must be specified?

Practice Exam

A) provider:network_type = vlan B) segmentation_id = flat C) provider:segmentation_id = 0 D) network_type = vxlan Answer: A Explanation: Setting provider:network_type=vlan tells Neutron to create a VLAN‑segmented provider network; segmentation_id then specifies the VLAN ID. Question 55. Which of the following statements about OpenStack “domains” is correct? A) Domains are used to group images only B) Domains provide a top‑level isolation for users, projects, and groups across the cloud C) Each project can belong to multiple domains simultaneously D) Domains are deprecated in favor of projects Answer: B Explanation: Domains are the highest level of identity isolation, containing projects, users, and groups; they enable multi‑tenant identity separation. Question 56. Which command shows the current quota usage for a specific project? A) openstack quota show B) openstack limit list --project C) openstack quota set --project D) openstack usage show Answer: A Explanation: openstack quota show displays both limits and current usage for the given project.