






















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This practice exam assesses core knowledge of OpenStack components, architecture, services, deployment models, and operational workflows. Candidates must demonstrate understanding of Nova, Neutron, Keystone, Glance, Cinder, Horizons, security policies, networking isolation models, and multi-tenant resource management. Task-based exercises simulate typical OpenStack cloud operations including provisioning, scaling, monitoring, and troubleshooting. The exam emphasizes practical orchestration, cloud lifecycle management, and alignment with OpenStack ecosystem best practices.
Typology: Exams
1 / 94
This page cannot be seen from the preview
Don't miss anything!























































































Question 1. Which OpenStack service provides the central directory for all service endpoints? A) Nova B) Neutron C) Keystone D) Glance Answer: C Explanation: Keystone is the identity service that stores users, projects, roles, and the catalog of service endpoints. Question 2. In the OpenStack reference architecture, which node typically runs the API services, scheduler, and conductor? A) Compute node B) Controller node C) Network node D) Storage node Answer: B Explanation: The controller node hosts core OpenStack services such as keystone, nova-api, scheduler, and conductor. Question 3. Which OpenStack service is responsible for managing block storage volumes? A) Swift B) Cinder C) Glance D) Heat Answer: B
Explanation: Cinder provides the API and drivers for creating, attaching, and managing block storage devices. Question 4. What is the purpose of a “flavor” in Nova? A) To define a virtual network topology B) To describe a VM’s hardware profile (CPU, RAM, Disk) C) To store image metadata D) To manage user roles Answer: B Explanation: Flavors are templates that specify the compute resources allocated to an instance. Question 5. Which token type in Keystone has a limited lifespan and can be revoked before expiration? A) PKI token B) UUID token C) Scoped token D) Unscoped token Answer: C Explanation: Scoped tokens are tied to a project and can be revoked or expire based on the token expiration policy. Question 6. Which backend can Glance use to store images in a highly available, distributed manner? A) Local file system only B) MySQL C) Ceph RBD
C) Hyper-V D) VMware ESXi Answer: B Explanation: KVM (Kernel-based Virtual Machine) is the most common hypervisor for Nova due to its open‑source nature and performance. Question 10. Which OpenStack service provides object storage with a flat namespace? A) Cinder B) Glance C) Swift D) Nova Answer: C Explanation: Swift implements an object storage system where objects are stored in containers within accounts. Question 11. How does OpenStack achieve high availability for API services? A) By running a single instance on the controller node B) Using HAProxy in front of multiple API service instances C) By disabling load balancing D) By storing API data in a local file Answer: B Explanation: HAProxy distributes incoming API requests across multiple service instances, providing redundancy. Question 12. Which of the following best describes “RBAC” in Keystone? A) Role‑Based Access Control that limits actions based on user roles
B) Remote Binary Access Cache C) Randomized Block Allocation Control D) Resource Binding and Allocation Control Answer: A Explanation: RBAC assigns permissions to roles, and users inherit those permissions, controlling access to OpenStack resources. Question 13. Which command-line tool is used to interact with the Heat orchestration service? A) openstack compute B) heat stack-create C) openstack stack create D) nova heat‑manage Answer: C Explanation: The unified “openstack” CLI includes the “stack” subcommand for managing Heat stacks. Question 14. What is the purpose of a “security group” in Nova? A) To define VM flavors B) To enforce firewall rules at the hypervisor level C) To assign users to projects D) To store image metadata Answer: B Explanation: Security groups act as virtual firewalls, allowing or denying traffic to instances based on defined rules.
Explanation: cinder‑volume runs on storage nodes, while the controller hosts API services like keystone, glance‑api, and RabbitMQ. Question 18. What does the “nova‑manage service list” command display? A) List of all images in Glance B) All running Nova services and their host status C) All network subnets in Neutron D) All block volumes in Cinder Answer: B Explanation: The command shows each Nova service (api, scheduler, compute, etc.) and whether it is up or down. Question 19. Which of the following best describes a “floating IP” in OpenStack? A) An IP address that moves between instances to provide external access B) A private IP assigned to a VM’s internal network C) An IP address reserved for DNS services only D) An IP address used for internal storage replication Answer: A Explanation: Floating IPs are public IPs that can be associated with any instance, enabling external connectivity. Question 20. Which OpenStack service is used to automate the creation of complex multi‑resource environments? A) Cinder B) Heat C) Swift
D) Trove Answer: B Explanation: Heat uses templates (HOT) to orchestrate the provisioning of compute, network, and storage resources. Question 21. When configuring a Ceph backend for Glance, which image store type must be set in the Glance configuration? A) file B) swift C) rbd D) http Answer: C Explanation: Setting “rbd” as the store type tells Glance to use Ceph RADOS Block Devices for image storage. Question 22. Which OpenStack component is responsible for delivering notifications to other services when a VM changes state? A) Nova‑scheduler B) Nova‑conductor C) Nova‑compute D) Nova‑notification driver (via oslo.messaging) Answer: D Explanation: Nova’s notification driver publishes messages (e.g., instance create, delete) over the messaging bus for other services to consume.
Explanation: Consistent timestamps are critical for token validation, logging, and HA; NTP provides this synchronization. Question 26. In Swift, what is the purpose of the “ring” files? A) To store VM images B) To map objects to physical storage locations for load balancing and replication C) To define security group rules D) To configure compute flavors Answer: B Explanation: Ring files contain the partitioning algorithm that determines where objects are stored across devices. Question 27. Which of the following is a valid OpenStack “quota” that can be set per project? A) Number of compute nodes B) Maximum number of floating IPs C) Hypervisor version D) API endpoint URL Answer: B Explanation: Quotas control resource consumption, such as the number of floating IPs a project can use. Question 28. Which service provides the “metadata service” that supplies instance metadata to VMs? A) Keystone B) Neutron DHCP agent
C) Nova metadata server (metadata service) D) Glance Answer: C Explanation: The Nova metadata service runs on the compute node and serves instance metadata over a special IP. Question 29. Which OpenStack component is responsible for routing tenant traffic between different networks in a virtual router? A) nova‑network B) neutron‑router‑agent (L3 agent) C) cinder‑scheduler D) glance‑registry Answer: B Explanation: The Neutron L3 agent implements virtual router functionality for tenant traffic. Question 30. What is the default database used by most OpenStack services for persistent storage? A) PostgreSQL B) SQLite C) MariaDB/MySQL D) Oracle Answer: C Explanation: MariaDB (or MySQL) is the recommended relational database for OpenStack services.
Question 34. Which feature of Neutron enables tenants to create their own virtual networks without administrator intervention? A) Provider networks B) Self‑service networking (via Neutron API) C) VLAN trunking D) Flat networking only Answer: B Explanation: Neutron’s self‑service API allows users to create networks, subnets, and routers within their project. Question 35. Which of the following is NOT a valid Nova state for an instance? A) ACTIVE B) BUILD C) PAUSED D) REPLICATING Answer: D Explanation: “REPLICATING” is not an official Nova instance state; typical states include BUILD, ACTIVE, PAUSED, SUSPENDED, etc. Question 36. How does the “nova‑manage db sync” command affect an OpenStack deployment? A) It synchronizes compute node clocks B) It creates or upgrades the Nova database schema C) It updates the neutron security groups D) It refreshes the glance image cache
Answer: B Explanation: The command applies database migrations to ensure the Nova DB schema matches the code version. Question 37. Which OpenStack service is responsible for providing DNS-as-a-Service? A) Designate B) Neutron DNS agent C) Keystone DNS plugin D) Glance DNS driver Answer: A Explanation: Designate offers a DNS service API for creating and managing DNS zones and records. Question 38. Which of the following best describes “Live Migration” in Nova? A) Moving an instance’s storage while it is powered off B) Moving a running VM from one compute host to another without downtime C) Copying an image to a new region D) Changing the flavor of an instance while it is stopped Answer: B Explanation: Live migration transfers the VM’s memory and state to another host with minimal interruption. Question 39. Which OpenStack component uses “RabbitMQ” as its messaging backbone? A) Only Cinder B) Only Glance C) All core services (Keystone, Nova, Neutron, etc.)
B) Nova‑api C) Cinder‑volume D) Keystone‑catalog Answer: A Explanation: The Glance registry holds image metadata, while the Glance store holds the binary data. Question 43. Which of the following is NOT a typical OpenStack deployment model? A) All‑in‑one single node B) Distributed multi‑node with HA controller C) Serverless edge only D) Multi‑region federation Answer: C Explanation: “Serverless edge only” is not a standard OpenStack deployment pattern; OpenStack can be deployed as all‑in‑one, multi‑node, or multi‑region. Question 44. In Ceph, what is the purpose of the “MON” daemon? A) To store block device data B) To provide object storage gateway C) To maintain cluster maps and health status D) To manage metadata for file systems Answer: C Explanation: Monitor daemons keep track of the cluster’s state, providing consensus and health information. Question 45. Which command lists all available flavors in an OpenStack cloud?
A) openstack flavor list B) nova flavor‑list C) glance flavor-show D) neutron flavor-show Answer: A Explanation: The unified “openstack flavor list” command displays all defined flavors. Question 46. Which of the following options enables “instance‑level encryption” for Cinder volumes? A) Using LUKS on the host OS only B) Enabling the “encryptable” volume type with a key manager (Barbican) C) Setting the “--encrypted” flag on the Nova launch command D) Adding a security group rule for port 443 Answer: B Explanation: Cinder supports encryptable volume types that integrate with Barbican to manage encryption keys. Question 47. Which OpenStack service provides “autoscaling” based on telemetry data? A) Heat Autoscaling (via OS::Heat::AutoScalingGroup) using Ceilometer alarms B) Cinder auto‑expansion C) Swift auto‑replication D) Keystone token renewal Answer: A Explanation: Heat can define AutoScalingGroup resources that react to Ceilometer alarms to scale out/in.
Question 51. Which OpenStack service can be used to provision container orchestration clusters such as Kubernetes? A) Magnum B) Trove C) Sahara D) Ironic Answer: A Explanation: Magnum offers a service to manage container orchestration engines like Kubernetes, Swarm, and Mesos. Question 52. Which of the following is the correct order of steps when launching an instance via the CLI? A) create image → create flavor → create network → launch server B) create network → create image → create flavor → launch server C) create flavor → create image → create network → launch server D) launch server → create image → create flavor → create network Answer: B Explanation: The instance needs a network, an image, and a flavor before the server can be launched. Question 53. Which component of OpenStack is responsible for “quota enforcement” for compute resources? A) Nova‑scheduler B) Nova‑conductor C) Nova‑quota manager (part of nova‑api)
D) Keystone‑policy engine Answer: C Explanation: The quota manager validates resource requests against the project’s limits before allowing creation. Question 54. What does the “--key-name” option specify when creating a Nova instance? A) The name of the security group B) The name of the SSH public key stored in Keystone for keypair injection C) The name of the flavor to use D) The name of the image to boot from Answer: B Explanation: The key name references a keypair that Nova injects into the instance for SSH access. Question 55. Which of the following best describes the “OpenStack Dashboard” (Horizon)? A) A command‑line tool for managing resources B) A REST API gateway for all services C) A web‑based graphical interface for users and administrators D) A database replication service Answer: C Explanation: Horizon provides a user‑friendly web UI to interact with OpenStack services. Question 56. In a typical OpenStack HA deployment, which tool is used to monitor and failover services? A) Corosync only B) Pacemaker with Corosync