




















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A conceptual exam evaluating understanding of Kubernetes basics, cloud-native ecosystems, containerization, CNCF project landscape, microservices, CI/CD, observability, GitOps, and security fundamentals. It includes multiple-choice and scenario-based items aimed at validating entry-level cloud-native literacy.
Typology: Exams
1 / 92
This page cannot be seen from the preview
Don't miss anything!





















































































Question 1. Which component stores the entire cluster state in Kubernetes? A) kube‑apiserver B) kube‑scheduler C) etcd D) kube‑controller‑manager Answer: C Explanation: etcd is a consistent, highly‑available key‑value store used by Kubernetes to persist all cluster state data. Question 2. What is the primary role of the kube‑scheduler? A) Authenticate API requests B) Assign newly created Pods to suitable Nodes C) Manage network policies D) Store configuration data Answer: B Explanation: The kube‑scheduler watches for Pods without a Node assigned and selects an appropriate Node based on resource requirements, affinity rules, and other constraints. Question 3. Which of the following best describes a ReplicaSet? A) Ensures a specific number of pod replicas are running at any time B) Provides a stable network identity for stateful applications C) Runs batch jobs to completion D) Exposes Pods via a static IP address Answer: A Explanation: A ReplicaSet maintains a stable set of replica Pods running at the desired count.
Question 4. In a Deployment, what mechanism enables a rollback to a previous version? A) DaemonSet controller B) ReplicaSet history C) StatefulSet revision D) CronJob schedule Answer: B Explanation: Deployments keep a history of ReplicaSets; rolling back reverts to a prior ReplicaSet. Question 5. Which Kubernetes object guarantees that a copy of a Pod runs on every Node (or a subset) in the cluster? A) StatefulSet B) DaemonSet C) Job D) Deployment Answer: B Explanation: DaemonSets ensure that a Pod is scheduled on each selected Node, commonly used for log collection or monitoring agents. Question 6. What does a ConfigMap store? A) Encrypted passwords B) Non‑sensitive configuration data as key‑value pairs C) Container images D) Persistent volume definitions Answer: B
Answer: D Explanation: rkt is no longer a supported CRI implementation; Kubernetes officially supports containerd, CRI‑O, and Docker (via dockershim, now deprecated). Question 10. Which label selector expression selects Pods that have label tier=frontend and environment=prod? A) tier in (frontend), environment in (prod) B) tier=frontend,environment=prod C) tier!=frontend && environment!=prod D) tier=frontend || environment=prod Answer: B Explanation: Multiple comma‑separated key=value pairs in a selector are ANDed together. Question 11. What does a Taint on a Node do? A) Prevents Pods from being scheduled unless they have a matching Toleration B) Forces Pods to run on that Node regardless of resources C) Marks the Node as unschedulable for all Pods D) Grants elevated privileges to Pods on the Node Answer: A Explanation: Taints repel Pods; only Pods with matching tolerations can be scheduled onto the tainted Node. Question 12. Which resource type is used to run a one‑time batch job that must complete successfully? A) CronJob B) Deployment
C) Job D) DaemonSet Answer: C Explanation: A Job creates one or more Pods that run to completion, ensuring the specified number of successful completions. Question 13. Which of the following is NOT a valid Service type in Kubernetes? A) ClusterIP B) NodePort C) LoadBalancer D) ExternalIP Answer: D Explanation: ExternalIP is a field of a Service, not a Service type. Valid types are ClusterIP, NodePort, LoadBalancer, and ExternalName. Question 14. What does an Ingress controller do? A) Provides internal DNS for Services B) Creates external load balancers automatically for all Services C) Routes external HTTP/HTTPS traffic to Services based on rules D) Persists data for StatefulSets Answer: C Explanation: An Ingress controller implements the Ingress resource, handling host/path‑based routing of HTTP/HTTPS traffic. Question 15. Which feature of the Horizontal Pod Autoscaler (HPA) uses custom metrics? A) Scaling based on CPU utilization only
Question 18. Which RBAC resource defines a set of permissions that can be granted to users or service accounts? A) RoleBinding B) ClusterRoleBinding C) Role D) ServiceAccount Answer: C Explanation: A Role (namespaced) or ClusterRole (cluster‑wide) contains rules that specify allowed API verbs on resources. Question 19. What does the kubectl apply - f command do? A) Deletes the resources defined in the file B) Creates resources imperatively without storing state C) Performs a declarative update, creating or patching resources to match the manifest D) Executes a command inside a container Answer: C Explanation: kubectl apply reads a manifest and creates or updates resources to match the desired state. Question 20. Which networking model does Kubernetes use for pod-to-pod communication? A) NAT on each Node B) Flat network where every Pod gets its own IP address reachable without NAT C) Overlay network only for cross‑Node traffic D) Only Service IPs are routable, not Pod IPs Answer: B
Explanation: Kubernetes assigns each Pod a unique IP address within the cluster network, allowing direct pod‑to‑pod communication. Question 21. What is the effect of setting a resource limit for a container? A) Guarantees the container will receive at least that amount of CPU/memory B) Prevents the container from exceeding the specified amount of CPU/memory C) Allows the container to use unlimited resources D) Sets the default request value for the container Answer: B Explanation: Limits enforce a hard ceiling; the container cannot consume more than the defined CPU or memory. Question 22. Which CNI plugin is known for providing network policies and a pure L routing model? A) Flannel B) Calico C) Weave Net D) kube‑router Answer: B Explanation: Calico offers L3 routing, network policy enforcement, and can operate in pure IP‑in‑IP or BGP modes. Question 23. In the context of Service Mesh, what is a sidecar? A) A separate Service that proxies traffic for a microservice B) An additional container deployed alongside an application container in the same Pod C) A network device that balances traffic across nodes
C) kube‑scheduler D) kube‑apiserver Answer: B Explanation: The cloud‑controller‑manager abstracts cloud‑specific operations such as provisioning LoadBalancers and volumes. Question 27. Which of the following is a Pod Security Standard level that enforces the most restrictive security posture? A) privileged B) baseline C) restricted D) unrestricted Answer: C Explanation: The restricted level applies the strictest defaults, disallowing privileged escalation, host mounts, etc. Question 28. What does the Cluster Autoscaler do? A) Adjusts the number of Pods in a Deployment based on CPU usage B) Adds or removes Nodes in a cluster based on pending Pods and resource utilization C) Automatically updates the Kubernetes version on Nodes D) Scales the etcd cluster size dynamically Answer: B Explanation: The Cluster Autoscaler expands or shrinks the node pool to accommodate unscheduled Pods or underutilized Nodes. Question 29. Which of the following is NOT a core pillar of observability?
A) Logs B) Metrics C) Traces D) Backups Answer: D Explanation: Observability comprises Logs, Metrics, and Traces; backups are a data‑protection concern. Question 30. In Prometheus, which metric type is best suited for counting occurrences of discrete events? A) Gauge B) Counter C) Histogram D) Summary Answer: B Explanation: Counters only increase and are ideal for counting events such as HTTP requests. Question 31. What does the PromQL expression rate(http_requests_total[5m]) compute? A) The total number of HTTP requests over the last 5 minutes B) The average number of requests per second over the last 5 minutes C) The maximum request latency in the last 5 minutes D) The number of distinct HTTP status codes observed Answer: B Explanation: rate() calculates per‑second average increase of a counter over the specified range vector.
Answer: B Explanation: Immutable infrastructure promotes replacing resources rather than mutating them, ensuring consistency and reducing configuration drift. Question 35. Which CNCF project provides a service mesh implementation that uses the sidecar proxy Envoy? A) Linkerd B) Istio C) Consul Connect D) Open Service Mesh Answer: B Explanation: Istio uses Envoy as its sidecar data plane to provide traffic management, security, and observability. Question 36. In Kubernetes, what does the --dry-run=client flag do when creating a resource? A) Sends the request to the API server but does not persist the object B) Validates the manifest locally without contacting the API server C) Executes the creation on the remote cluster and then deletes it immediately D) Applies the manifest only to the kube‑proxy component Answer: B Explanation: --dry-run=client performs client‑side validation only, not contacting the API server. Question 37. Which of the following is a custom resource definition (CRD) used to extend the Kubernetes API? A) Deployment
B) Service C) Ingress D) Any user‑defined API object defined via a CRD, e.g., MySQLCluster Answer: D Explanation: CRDs let users create their own API objects; MySQLCluster is an example of a custom resource. Question 38. What does the Vertical Pod Autoscaler (VPA) adjust? A) Number of Pod replicas B) CPU and memory requests/limits of existing Pods C) Number of Nodes in the cluster D) Network bandwidth allocation per Pod Answer: B Explanation: VPA recommends or automatically updates resource requests and limits for containers based on usage. Question 39. Which of the following statements about Knative is TRUE? A) It provides a built‑in Service Mesh for all workloads. B) It enables serverless‑style deployment of containers on Kubernetes. C) It replaces the kube‑apiserver with a custom API. D) It only works on bare‑metal clusters, not on cloud providers. Answer: B Explanation: Knative builds on Kubernetes to deliver Function‑as‑a‑Service capabilities, handling autoscaling to zero, routing, and eventing.
Explanation: Blue/Green creates a parallel set of Pods (green) and a separate Service; traffic is switched by updating the Service selector. Question 43. Which of the following is a default ServiceAccount name created in every namespace? A) default B) admin C) system D) kube-admin Answer: A Explanation: Each namespace automatically contains a ServiceAccount named default. Question 44. What is the purpose of the kube‑apiserver in the control plane? A) Store persistent volume data B) Serve the Kubernetes API and validate/serve requests from users and components C) Schedule Pods onto Nodes D) Manage network policies Answer: B Explanation: The kube‑apiserver is the front‑end for all RESTful API interactions and enforces admission controls. Question 45. Which of the following is a core component of the CNCF Landscape that has reached graduated status? A) Prometheus B) Linkerd C) OpenTelemetry
D) ArgoCD Answer: A Explanation: Prometheus is a graduated CNCF project; the others are still incubating or sandbox. Question 46. Which Kubernetes object allows you to run a set of Pods that share the same network namespace and storage volumes? A) Deployment B) ReplicaSet C) Pod D) Service Answer: C Explanation: A Pod is the smallest deployable unit; all containers within a Pod share the same network namespace and can mount shared volumes. Question 47. In the context of FinOps, which practice helps reduce cloud spend for a Kubernetes cluster? A) Increasing replica counts for all Deployments B) Enabling Cluster Autoscaler and right‑sizing resource requests/limits C) Deploying multiple identical clusters in different regions D) Disabling node monitoring to save metrics costs Answer: B Explanation: Autoscaling nodes and right‑sizing resources prevent over‑provisioning, directly lowering cost. Question 48. Which of the following best describes a NetworkPolicy? A) Defines how Services are exposed externally
Question 51. Which of the following is a required field in a Deployment YAML manifest? A) spec.replicas B) metadata.name C) spec.strategy.type D) spec.template.spec.restartPolicy Answer: B Explanation: metadata.name is mandatory for all top‑level objects; spec.replicas defaults to 1 if omitted. Question 52. In Kubernetes, what does the imagePullPolicy: IfNotPresent setting do? A) Always pull the image from the registry before starting the container B) Pull the image only if it is not already present on the node C) Never pull the image; use a local copy only D) Pull the image only when the node is first added to the cluster Answer: B Explanation: IfNotPresent causes the kubelet to pull the image only if it does not exist locally. Question 53. Which of the following is a valid way to expose a Deployment externally without using a cloud LoadBalancer? A) Set the Service type to ClusterIP B) Use a NodePort Service and configure external DNS to the node IPs C) Add an ExternalName Service pointing to an external domain D) Create a DaemonSet that runs a reverse proxy on each node Answer: B
Explanation: NodePort opens a static port on each node's IP, allowing external traffic without a cloud LoadBalancer. Question 54. What does the kubelet do on each worker node? A) Schedules Pods onto the node B) Manages the node's network routes C) Ensures containers defined in Pods are running and healthy D) Provides DNS services for the cluster Answer: C Explanation: The kubelet monitors the desired state of Pods on its node and starts/stops containers accordingly. Question 55. Which of the following best describes Serverless on Kubernetes with Knative? A) Deploying a full VM per function B) Running containers that scale to zero when idle and scale out based on traffic C) Using Kubernetes Jobs for each request D) Running functions directly inside the kube‑apiserver process Answer: B Explanation: Knative Serving can automatically scale a container to zero and back up based on request volume. Question 56. Which of the following is NOT a typical component of a service mesh data plane? A) Sidecar proxy (e.g., Envoy) B) Control plane (e.g., Istio Pilot)