




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This simulation covers the full OpenStack lifecycle: Nova compute management, Neutron networking, Keystone authentication, Horizon dashboard usage, Cinder block storage, Glance images, and Heat orchestration. Candidates perform administrative tasks such as provisioning instances, configuring floating IPs, managing quotas, setting up multi-tier networks, troubleshooting failed instances, debugging Neutron agents, and ensuring secure multi-tenant isolation.
Typology: Exams
1 / 102
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. In Keystone v3, which entity represents a logical grouping of users, projects, and groups for isolation purposes? A) Role B) Domain C) Service D) Endpoint Answer: B Explanation: A domain is the top‑level container in Keystone v3 that isolates users, projects, and groups, enabling multi‑tenant isolation. Question 2. Which command creates a new user named “alice” in the default domain with the password “Secret123”? A) openstack user create --password Secret123 alice B) openstack user add --name alice --password Secret C) openstack user create alice --password Secret D) openstack user new --username alice --pwd Secret Answer: A Explanation: The correct syntax is openstack user create --password <pwd> <name>. The command automatically places the user in the default domain unless otherwise specified. Question 3. When assigning a role to a user on a specific project, which of the following is required? A) Only the user ID B) Only the project ID
C) Both the user ID and the project ID D) Neither; roles are global Answer: C Explanation: Role assignments are scoped; you must specify both the user (or group) and the project (or domain) where the role applies. Question 4. What is the purpose of a Keystone service catalog entry? A) To store user passwords securely B) To define the API endpoints for OpenStack services C) To manage compute host aggregates D) To schedule instances on specific hypervisors Answer: B Explanation: The service catalog holds the list of OpenStack services and their public, internal, and admin endpoints, allowing clients to discover APIs. Question 5. Which of the following actions will disable a Keystone user without deleting the account? A) openstack user delete B) openstack user set --disable C) openstack user deactivate D) openstack user lock Answer: B
C) Image D) Floating IP Answer: C Explanation: The image is the base OS template; it must be chosen before configuring networking, security, or keypairs. Question 9. Which operation is NOT part of the instance lifecycle in Nova? A) Pause B) Migrate C) Snapshot D) Defragment Answer: D Explanation: Defragmentation is not a Nova lifecycle operation; pause, migrate, and snapshot are valid actions. Question 10. What does the “--block-device-mapping” option allow you to specify when creating an instance? A) The security groups to attach B) The volume or image to boot from C) The number of floating IPs D) The compute host aggregate Answer: B
Explanation: --block-device-mapping defines how block devices (volumes, images) are attached to the instance at boot time. Question 11. Which of the following best describes a “snapshot” of an instance? A) A copy of the instance’s RAM state only B) A backup of the instance’s volume data and metadata at a point in time C) A clone of the instance’s security groups D) A duplicate of the instance’s floating IPs Answer: B Explanation: An instance snapshot captures the disk state and metadata, allowing you to launch new instances from that point. Question 12. In Nova, what is the effect of setting the “hw:cpu_policy” extra spec on a flavor? A) It changes the image format used by the flavor B) It controls the CPU allocation policy (e.g., dedicated, shared) C) It modifies the network bandwidth limit D) It enables automatic backup of instances Answer: B Explanation: The hw:cpu_policy extra spec defines whether instances use dedicated or shared CPU resources. Question 13. Which command disables the Nova scheduler service on a compute node? A) systemctl stop nova-scheduler.service B) openstack compute service disable --binary nova-scheduler
Explanation: The Neutron DHCP agent runs on network nodes and provides DHCP to tenant subnets. Question 16. When creating a tenant network in Neutron, which of the following is NOT a required parameter? A) Network name B) Subnet CIDR C) Provider network type D) Router ID Answer: D Explanation: A router is optional; you can create a network and subnet without attaching it to a router immediately. Question 17. Which command creates a new Neutron router named “router1”? A) openstack router create router B) neutron router-add router C) openstack network router create router D) neutron router-create router Answer: A Explanation: The unified CLI openstack router create <name> creates a router; the older neutron command is deprecated. Question 18. To allow instances to access the Internet, which Neutron operation must be performed?
A) Attach a security group that permits outbound traffic B) Set the instance’s metadata “gateway=public” C) Connect the tenant router’s gateway to an external network D) Enable NAT on the compute node Answer: C Explanation: The router’s external gateway must be set to an external (provider) network to provide North‑South connectivity. Question 19. Which security group rule would you add to allow inbound SSH traffic from any source? A) protocol: tcp, port_range_min: 22, port_range_max: 22, remote_ip_prefix: 0.0.0.0/ B) protocol: icmp, remote_ip_prefix: 0.0.0.0/ C) protocol: udp, port_range_min: 22, port_range_max: 22, remote_ip_prefix: ::/ D) protocol: tcp, port_range_min: 80, port_range_max: 80, remote_ip_prefix: 0.0.0.0/ Answer: A Explanation: SSH uses TCP port 22; allowing any IPv4 source requires remote_ip_prefix: 0.0.0.0/0. Question 20. Which Neutron command lists all floating IPs currently allocated in the cloud? A) openstack floating ip list B) neutron fip-list C) openstack network floating ip list D) neutron floatingip-list
B) cinder create --name data_vol --size 10 C) openstack block storage volume create data_vol 10 D) cinder volume create data_vol 10 Answer: A Explanation: The unified CLI uses openstack volume create --size <GB> <name>. Question 24. After attaching a Cinder volume to an instance, which of the following must be done inside the guest OS to use the new storage? A) Reboot the instance B) Run fdisk - l to detect the device and then mount it C) Delete the volume from Cinder and recreate it as a snapshot D) Restart the Cinder service on the compute node Answer: B Explanation: The OS must detect the new block device (e.g., with fdisk - l or lsblk) and then format/mount it; no reboot is required. Question 25. Which of the following is true about Cinder volume snapshots? A) Snapshots can be taken only from volumes that are attached to an instance B) Snapshots are incremental and consume space only for changed blocks C) Snapshots can be used to create new volumes of the same size or larger D) Snapshots automatically delete themselves after 30 days Answer: C
Explanation: Snapshots can be used as source for new volumes; they can be larger than the original volume. Incremental behavior depends on backend, but not guaranteed. Question 26. In Swift, what is the purpose of a “container”? A) To store metadata about the entire object storage cluster B) To group objects together and provide a namespace for object names C) To define network subnets for object storage traffic D) To hold block storage volumes Answer: B Explanation: A container is a logical bucket that holds objects; object names are unique within a container. Question 27. Which Swift command uploads a file named “report.pdf” to a container called “docs” with the object name “2023/report.pdf”? A) swift upload docs report.pdf 2023/report.pdf B) swift upload docs 2023/report.pdf report.pdf C) swift upload docs 2023/report.pdf report.pdf D) swift upload docs 2023/report.pdf report.pdf Answer: B Explanation: The syntax is swift upload <container> <object> <local_file>. Therefore swift upload docs 2023/report.pdf report.pdf uploads the local file as the specified object path. Question 28. Which of the following Swift ACL settings would make a container publicly readable?
D) glance add-image --name ubuntu-img --format qcow2 --public ubuntu.qcow Answer: C Explanation: The unified CLI uses openstack image create <name> --file <path> --disk-format <fmt> --visibility public. Question 31. What is the effect of setting the “protected” flag on a Glance image? A) The image cannot be deleted until the flag is cleared B) The image is automatically replicated across all regions C) The image is encrypted at rest D) The image becomes read‑only for all tenants Answer: A Explanation: A protected image cannot be deleted (or overwritten) until the flag is unset, providing safety against accidental removal. Question 32. Which log file typically contains Nova compute service messages? A) /var/log/nova/api.log B) /var/log/nova/nova-compute.log C) /var/log/nova/scheduler.log D) /var/log/nova/placement.log Answer: B Explanation: The compute service logs to nova-compute.log. API and scheduler have separate logs.
Question 33. When troubleshooting a failed instance launch due to “No valid host”, which component is most likely the source of the problem? A) Cinder volume backend B) Nova scheduler filter configuration C) Swift object storage quota D) Keystone token expiration Answer: B Explanation: “No valid host” indicates the scheduler could not find a compute node matching the requested filters (e.g., flavor, availability zone). Question 34. Which OpenStack command displays the status of all services in the cloud? A) openstack service list --status B) openstack endpoint list --detail C) openstack compute service list D) openstack service status Answer: C Explanation: openstack compute service list shows each compute service (API, scheduler, conductor, etc.) with its status (up/down). Question 35. In Horizon, where can an administrator view the current usage of CPU, RAM, and disk across all projects? A) Admin → System → Statistics B) Admin → Overview → Usage C) Admin → System → System Information
Explanation: remote_ip_prefix specifies an IP CIDR (e.g., 192.168.0.0/24) for the rule’s source or destination. Question 38. Which Neutron agent runs on the compute node to provide L2 networking for VM ports? A) L3 agent B) DHCP agent C) Open vSwitch (OVS) agent D) Metadata agent Answer: C Explanation: The OVS agent (or linuxbridge agent) on compute nodes handles L2 bridging for VM interfaces. Question 39. What is the default TTL (time‑to‑live) for a newly created Swift object if no explicit header is set? A) 0 (never expires) B) 86400 seconds (1 day) C) 31536000 seconds (1 year) D) 604800 seconds (1 week) Answer: A Explanation: Swift objects have no expiration by default; they persist until explicitly deleted. Question 40. Which command shows the current quota limits for a project in the Block Storage service?
A) openstack quota show --volume openstack volume quota show <project>. Question 41. In Keystone, what does the “role assignment list --effective” command display? A) All roles that are currently active in the system, regardless of scope B) Roles assigned directly to users, plus those inherited from groups and domains C) Only the roles that have been revoked in the last 24 hours D) The list of default roles that cannot be removed Answer: B Explanation: The --effective flag expands the list to include indirect assignments via groups and domain inheritance. Question 42. Which of the following is a valid reason to use a “shared” image in Glance? A) To allow a specific tenant to edit the image metadata B) To make the image visible to a limited set of projects rather than all C) To prevent the image from being downloaded D) To enforce encryption on the image automatically Answer: B
A) openstack server add volume openstack server add volume <server> <volume>. It internally performs the attach operation. Question 46. Which of the following is NOT a valid network type for a Neutron provider network? A) vlan B) flat C) gre D) vxlan Answer: C Explanation: GRE is an overlay (tunnel) network type, not a provider network type. Provider networks are typically flat, vlan, or vxlan (when used as a provider). Question 47. In Swift, what does the “X-Delete-After” header control? A) The number of times an object can be downloaded B) The time in seconds after which the object is automatically deleted C) The size limit of the object
D) The replication factor across zones Answer: B Explanation: X-Delete-After sets a TTL (in seconds) after which Swift automatically removes the object. Question 48. Which command lists all Cinder volume types present in the cloud? A) openstack volume type list B) cinder type-list C) openstack block storage type list D) cinder volume-type list Answer: A Explanation: The unified CLI command is openstack volume type list. Question 49. When using the “openstack server create” command, which option specifies the keypair to be injected into the instance? A) --ssh-key B) --key-name C) --public-key D) --keypair Answer: B Explanation: --key-name points to the name of an existing keypair that Nova will inject for SSH access.