









































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This review guide provides a focused recap of operational DevOps competencies including infrastructure automation, configuration management, monitoring, performance optimization, incident response, and deployment orchestration. Designed for candidates preparing for final revision, it features concise concept summaries, troubleshooting examples, workflow diagrams, and exam-style review questions to reinforce operational best practices and improve exam performance.
Typology: Exams
1 / 81
This page cannot be seen from the preview
Don't miss anything!










































































Question 1. Which of the following best describes the primary responsibility of a DevOps‑OPS Engineer? A) Writing application business logic B) Ensuring system availability, maintainability, and operational analytics C) Designing user interfaces D) Managing corporate finance budgets Answer: B Explanation: The DevOps‑OPS Engineer focuses on the operational health of systems—availability, maintainability, and providing analytics for performance and incidents. Question 2. In the CALMS framework, the “L” stands for: A) Leadership B) Logging C) Lean D) Load balancing Answer: C Explanation: CALMS stands for Culture, Automation, Lean, Measurement, Sharing; “L” emphasizes waste reduction and value‑stream optimization. Question 3. The “First Way” of the Three Ways in DevOps emphasizes: A) Continuous learning and experimentation B) Accelerating feedback loops C) Optimizing flow of work from development to operations D) Implementing strict governance gates Answer: C Explanation: The First Way focuses on improving the flow of value by streamlining the delivery pipeline. Question 4. Which practice helps transform siloed IT teams into integrated product delivery teams?
A) Increasing hierarchical layers B) Enforcing strict departmental budgets C) Implementing cross‑functional squads with shared ownership D) Isolating code repositories per department Answer: C Explanation: Cross‑functional squads break silos by giving developers, ops, and QA shared responsibility for a product. Question 5. An “on‑call rotation” primarily aims to: A) Reduce the number of engineers needed for a project B) Ensure 24/7 incident response coverage while sharing burden fairly C) Increase the number of scheduled meetings D) Automate all incident handling without human involvement Answer: B Explanation: On‑call rotations distribute incident response duties evenly and guarantee round‑the‑clock coverage. Question 6. In Terraform, a “workspace” is used to: A) Store Docker images B) Isolate multiple state files for different environments (e.g., dev, prod) C) Manage Kubernetes secrets D) Host a web server for documentation Answer: B Explanation: Workspaces let you maintain separate state files, enabling environment‑specific infrastructure management. Question 7. Which Terraform command refreshes the state file to match real‑world resources without applying changes?
C) Running all CI pipelines on a single server D) Manual approval for every infrastructure change Answer: B Explanation: GitOps relies on Git repositories to store the desired state of infrastructure, enabling automated sync. Question 11. A “branch‑per‑environment” strategy in GitOps typically maps branches to: A) Individual developers only B) Separate environments such as dev, staging, and production C) Different programming languages D) Various cloud providers simultaneously Answer: B Explanation: Branches represent environment‑specific configurations, allowing controlled promotion of changes. Question 12. Which CI/CD tool natively supports “pipeline as code” using a YAML definition stored in the repository? A) Jenkins (with traditional UI) B) GitHub Actions C) TeamCity (XML only) D) Azure DevOps Classic Pipelines Answer: B Explanation: GitHub Actions defines workflows in YAML files located in the repository, enabling pipeline‑as‑code. Question 13. In a Jenkins pipeline, the post block is used for: A) Declaring environment variables B) Executing steps after the main stages, such as cleanup or notifications
C) Defining agent labels D) Running unit tests only Answer: B Explanation: The post block runs after stage execution, handling success, failure, or always actions. Question 14. Blue‑Green deployment primarily reduces risk by: A) Deploying updates to a subset of users first B) Maintaining two identical production environments and switching traffic after verification C) Rolling updates one pod at a time D) Using canary metrics to rollback automatically Answer: B Explanation: Blue‑Green keeps a stable “green” environment while deploying to “blue”; traffic is switched only after validation. Question 15. A canary release differs from a blue‑green deployment in that it: A) Requires two full production environments B) Gradually rolls out changes to a small percentage of users before full rollout C) Never uses load balancers D) Is only applicable to database schema changes Answer: B Explanation: Canary releases expose the new version to a limited audience, monitoring for issues before wider exposure. Question 16. In a rolling update for a Kubernetes Deployment, the maxSurge field controls: A) The maximum number of pods that can be unavailable during the update B) The number of new pods created above the desired replica count during the update C. The size of the Docker image cache D. The CPU limit for each pod
Explanation: docker system prune - a (or docker prune - a) cleans up stopped containers, unused networks, and dangling images. Question 20. In Kubernetes, a ConfigMap is used to: A) Store container logs permanently B) Provide non‑confidential configuration data to pods as environment variables or files C. Encrypt secrets for pods D. Define network policies for services Answer: B Explanation: ConfigMaps hold key‑value pairs for configuration data that can be consumed by pods. Question 21. Which Kubernetes object ensures that a set of pods always matches the desired replica count? A) Service B) Deployment C) ConfigMap D. PersistentVolumeClaim Answer: B Explanation: Deployments manage replica sets, automatically scaling pods to meet the defined replica count. Question 22. The Horizontal Pod Autoscaler (HPA) in Kubernetes uses which metric by default to scale pods? A) Disk I/O B) Network latency C) CPU utilization D. Memory fragmentation Answer: C
Explanation: HPA’s default metric is average CPU utilization across pods; custom metrics can also be configured. Question 23. A Kubernetes NetworkPolicy that denies all ingress traffic except from pods with label app=frontend is an example of: A) Egress control B) Ingress whitelisting C. Service mesh implementation D. Persistent storage policy Answer: B Explanation: The policy explicitly allows ingress only from pods labeled app=frontend, effectively whitelisting those sources. Question 24. Role‑Based Access Control (RBAC) in Kubernetes binds roles to: A) IP addresses only B) Service accounts, users, or groups C. Docker images D. Namespace names only Answer: B Explanation: RBAC assigns permissions (Roles/ClusterRoles) to subjects such as users, groups, or service accounts. Question 25. Which tool is commonly used for storing and retrieving secrets in a Kubernetes cluster? A) etcd directly B) HashiCorp Vault integrated via the Secrets Store CSI driver C. ConfigMap only D. Docker registry Answer: B
Explanation: Grafana dashboards aggregate visual panels that display time‑series data from sources like Prometheus. Question 29. Which component of the ELK stack is responsible for ingesting and transforming log data? A) Elasticsearch B) Logstash C) Kibana D. Beats Answer: B Explanation: Logstash processes incoming logs, applying filters and transformations before indexing them into Elasticsearch. Question 30. The primary difference between monitoring and observability is that observability: A) Only measures CPU usage B) Answers “Why is it broken?” by exposing internal system states, not just “Is it working?” C. Requires no instrumentation D. Is limited to on‑premise systems Answer: B Explanation: Observability provides deep insight into system internals (metrics, traces, logs) to diagnose root causes. Question 31. Distributed tracing helps developers to: A. Store large binary files in a database B. Track the flow of a single request across multiple microservices C. Encrypt traffic between services automatically D. Deploy containers without Dockerfiles Answer: B
Explanation: Tracing records spans across services, allowing end‑to‑end visibility of request paths. Question 32. A Service Level Indicator (SLI) is: A) The contractual penalty for downtime B) A quantitative measure of a service’s performance (e.g., 99.9% availability) C. A tool for logging D. A type of secret management solution Answer: B Explanation: SLIs are metrics that reflect the level of service provided, like latency or error rate. Question 33. An Error Budget is calculated as: A) 100% minus the SLO target percentage B) The total number of incidents per month C. The sum of all latency values D. The amount of money allocated for bug fixing Answer: A Explanation: Error Budget = 1 – SLO; it represents the allowable downtime or errors before SLO breach. Question 34. In SRE, a “blameless postmortem” aims to: A) Assign blame to the responsible engineer B) Identify systemic issues and improve processes without finger‑pointing C. Reduce documentation effort D. Increase the number of incidents per quarter Answer: B Explanation: Blameless postmortems focus on learning from failures rather than blaming individuals. Question 35. Chaos Engineering experiments typically start with:
C. DNS management D. Continuous integration pipelines Answer: B Explanation: Vault secures, stores, and dynamically generates secrets for applications and services. Question 39. Which of the following is an example of runtime security for containers? A) Scanning Dockerfiles during build time only B. Using a tool like Falco to detect anomalous system calls in running containers C. Relying solely on OS firewalls D. Disabling all network traffic to containers Answer: B Explanation: Falco monitors container behavior at runtime, detecting suspicious activity. Question 40. In a CI pipeline, a “pipeline gate” is used to: A. Automatically merge code without review B. Pause progression until manual or automated approval criteria are met C. Delete the source repository after build D. Increase the build timeout indefinitely Answer: B Explanation: Gates enforce quality or compliance checks before allowing the pipeline to continue. Question 41. Which of the following best describes “immutable infrastructure”? A) Servers that are patched in place B) Infrastructure components replaced entirely rather than updated in place C. Virtual machines that never reboot D. Databases that never change schema Answer: B
Explanation: Immutable infrastructure treats servers as disposable; updates are applied by provisioning new instances. Question 42. A “provider” in Terraform is responsible for: A) Defining the UI theme B) Interacting with APIs of a specific cloud or service (e.g., AWS, Azure) C. Managing Docker images only D. Hosting the Git repository Answer: B Explanation: Providers encapsulate the logic to manage resources for a particular platform. Question 43. What is the purpose of a “backend” configuration in Terraform? A) To store state files remotely (e.g., S3, Terraform Cloud) for collaboration and locking B. To compile Go code C. To define network routes D. To generate Kubernetes manifests automatically Answer: A Explanation: Backends define where Terraform stores state, enabling remote storage and state locking. Question 44. In Ansible, the become directive is used to: A. Switch to a different user (e.g., root) for privilege escalation B. Clone a repository C. Deploy a Docker container D. Create a new inventory file Answer: A Explanation: become enables privilege escalation, allowing tasks to run as another user.
A. Ensure a minimum number of pods remain available during voluntary disruptions (e.g., node upgrades) B. Limit CPU usage per pod C. Encrypt pod traffic automatically D. Store logs permanently Answer: A Explanation: PDB defines the allowed number of concurrent pod evictions, protecting service availability. Question 49. Which of the following is NOT a native Kubernetes object for managing storage? A. PersistentVolume (PV) B. PersistentVolumeClaim (PVC) C. StorageClass D. ServiceAccount Answer: D Explanation: ServiceAccount is for identity and access, not storage management. Question 50. A “service mesh” such as Istio primarily provides: A. Container runtime replacement B. Advanced traffic management, security, and observability at the network layer C. Direct hardware provisioning D. Source code versioning Answer: B Explanation: Service meshes inject sidecar proxies to handle routing, mTLS, and telemetry without changing application code. Question 51. Which of the following metrics is most appropriate as a Service Level Indicator for an API’s latency requirement?
A. Average CPU utilization of the API server B. 95th‑percentile response time of API requests C. Number of Docker images stored D. Disk space consumption on the host Answer: B Explanation: Percentile latency captures the tail performance, aligning with user experience expectations. Question 52. In the context of SRE, “toil” is defined as: A. Automated, repeatable work that adds no enduring value B. The process of building new features C. Manual code reviews D. The amount of storage used by logs Answer: A Explanation: Toil is manual, repetitive operational work that should be minimized through automation. Question 53. Which of the following is a widely used open‑source tool for chaos experiments on Kubernetes? A. Prometheus B. Chaos Mesh C. Fluentd D. Helm Answer: B Explanation: Chaos Mesh provides fault injection capabilities for Kubernetes resources. Question 54. In a CI/CD pipeline, “artifact promotion” typically means: A. Deleting old build artifacts
A. Rolling updates with zero downtime B. Deleting all existing pods before creating new ones, causing downtime C. Blue‑Green deployment automatically D. Automatic scaling based on CPU usage Answer: B Explanation: Recreate removes old pods first, then creates new ones, which can cause temporary unavailability. Question 58. Which of the following statements about “GitOps” is FALSE? A. Pull‑based deployments synchronize the cluster state to match the Git repo B. All changes to infrastructure must go through pull requests and code review C. GitOps eliminates the need for any CI/CD pipelines D. The Git repository is the source of truth for desired state Answer: C Explanation: GitOps often uses CI/CD pipelines to validate and apply changes; it does not eliminate them. Question 59. The primary purpose of a “Service Level Objective” (SLO) is to: A. Define a contractual SLA with customers B. Set internal targets for reliability that guide engineering decisions C. Measure the number of lines of code written D. Allocate budget for hardware purchases Answer: B Explanation: SLOs are internal reliability goals that help balance feature delivery and stability. Question 60. Which of the following is a common technique for reducing “latency” as a golden signal? A. Adding more logging statements
B. Implementing caching layers close to the client C. Increasing the size of database tables D. Disabling TLS encryption Answer: B Explanation: Caching reduces time to retrieve data, directly lowering request latency. Question 61. In Prometheus, a “recording rule” is used to: A. Store raw logs permanently B. Pre‑compute frequently used expressions and store them as new time series C. Encrypt metrics at rest D. Trigger alerts only on startup Answer: B Explanation: Recording rules evaluate expressions and write the results back to the time‑series database for efficient querying. Question 62. Which Kubernetes object is used to expose a set of pods as a network service with a stable IP and DNS name? A. ConfigMap B. Service C. Deployment D. Ingress Answer: B Explanation: A Service provides a stable endpoint (ClusterIP, NodePort, LoadBalancer) for accessing pods. Question 63. A “DaemonSet” in Kubernetes ensures that: A. Only one replica of a pod runs in the cluster B. A copy of a pod runs on every (or selected) node, typically for logging or monitoring agents