











































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam assesses proficiency in building, deploying, and managing Java-based microservices on VMware Tanzu. It covers Spring fundamentals, cloud-native development principles, container lifecycle management, service mesh interactions, and platform-specific APIs. The practice test includes coding-based questions, debugging exercises, architectural decision-making, and Tanzu Build Service deployment scenarios. Candidates must troubleshoot microservice communication, apply resilience patterns, manage persistent services, and optimize applications for Kubernetes. Designed for Java developers transitioning into modern cloud-native ecosystems on the VMware Tanzu platform.
Typology: Exams
1 / 83
This page cannot be seen from the preview
Don't miss anything!












































































Question 1. Which component of VMware Tanzu provides automated container image creation from source code using Cloud Native Buildpacks? A) Tanzu Mission Control B) Tanzu Build Service C) Tanzu Observability D) Tanzu Service Mesh Answer: B Explanation: Tanzu Build Service continuously builds OCI-compatible images from source using Cloud Native Buildpacks, handling dependency updates automatically. Question 2. In Tanzu Application Platform (TAP), which layer is responsible for defining the developer experience, including the CLI and UI for creating apps? A) Build Service Layer B) Supply Chain Layer C) Platform Layer D) Application Layer Answer: C Explanation: The Platform Layer of TAP provides the developer interface (tanzu CLI, UI) that abstracts the underlying supply chain and build services. Question 3. Which Kubernetes resource type does Tanzu Mission Control use to enforce policy across clusters? A) ConfigMap B) CustomResourceDefinition (CRD) C) Deployment D) ServiceAccount Answer: B Explanation: Tanzu Mission Control creates CRDs (e.g., tmc.io policies) that represent policy objects applied to managed clusters. Question 4. What is the default container registry used by Tanzu Build Service when no external registry is configured?
A) Docker Hub B) Harbor C) Elastic Container Registry (ECR) E) None – it fails without explicit configuration Answer: D Explanation: Tanzu Build Service requires an explicit registry; if none is provided, the build fails rather than falling back to a default public registry. Question 5. Which of the following best describes a “Supply Chain” in Tanzu Application Platform? A) A series of Git repositories that store source code. B) A pipeline that defines how source is turned into a runnable image, including scanning and testing. C) A network of Kubernetes clusters managed by Tanzu Mission Control. D) A set of Helm charts for deploying applications. Answer: B Explanation: In TAP, a Supply Chain defines the end-to-end process (build, scan, test, sign) that converts source code into a secure container image. Question 6. When using Tanzu Build Service, which file defines the buildpack order for an application? A) Dockerfile B) buildpack.toml C) buildpack.yml D) buildpacks.yaml Answer: C Explanation: The buildpack.yml file can be placed in the source repository to customize the order and configuration of buildpacks. Question 7. Which Tanzu component provides a unified observability platform for metrics, traces, and logs across multiple clusters? A) Tanzu Mission Control
A) Reducing image size. B) Ensuring that only trusted images are deployed. C) Accelerating image pull times. D) Automatically tagging images with Git commit IDs. Answer: B Explanation: Image signing provides cryptographic verification that an image was built by a trusted pipeline, preventing supply-chain attacks. Question 11. Which command creates a new Tanzu Application Platform workload using the default supply chain? A) tanzu apps workload create my-app --git-repo https://... B) tanzu build create my-app --source https://... C) tanzu cluster create my-app --image my-image D) tanzu service mesh enable my-app Answer: A Explanation: tanzu apps workload create provisions a workload that follows the configured supply chain, pulling source from the provided Git repo. Question 12. In Tanzu Service Mesh, what does “Zero-Trust” refer to? A) Disabling all inbound traffic to services. B) Requiring mutual TLS for all service-to-service communication. C) Allowing only unauthenticated HTTP traffic. D) Running services without any network policies. Answer: B Explanation: Zero-Trust in Tanzu Service Mesh enforces mutual TLS (mTLS) and fine-grained policies for every request, regardless of network location. Question 13. Which Kubernetes object does Tanzu Mission Control use to apply a “Namespace-Level” policy? A) Namespace B) ClusterRoleBinding
C) PolicyAssignment (CRD) D) NetworkPolicy Answer: C Explanation: Tanzu Mission Control defines a custom resource called PolicyAssignment that can target a specific namespace for policy enforcement. Question 14. Which of the following is NOT a default policy type provided by Tanzu Mission Control? A) Image Vulnerability Scanning B) Resource Quota Enforcement C) Pod Security Standards D) Service Mesh Traffic Mirroring Answer: D Explanation: Service Mesh Traffic Mirroring is a feature of Tanzu Service Mesh, not a default TMC policy type. Question 15. When configuring a Tanzu Kubernetes Grid (TKG) cluster, which file contains the “cluster configuration” in a YAML format? A) tkg-config.yaml B) cluster.yaml C) tkg-cluster.yaml D) values.yaml Answer: C Explanation: tkg-cluster.yaml holds the configuration for a TKG cluster, including control-plane size, node pools, and networking details. Question 16. Which tool is used to interact with Tanzu Mission Control from the command line? A) tkgctl B) tanzu mc C) tmcctl
Answer: B Explanation: Cluster-scoped resources, such as ClusterRoles, affect the entire cluster regardless of namespace. Question 20. Which credential type does Tanzu Build Service use to authenticate with a private Docker registry? A) SSH key B) Service Account token C) Docker config JSON (registry secret) D) OAuth2 client credentials Answer: C Explanation: Tanzu Build Service reads a dockerconfigjson secret containing the registry credentials to push built images. Question 21. In Tanzu Service Mesh, what is the purpose of a “Virtual Service”? A) To define a physical network interface. B) To expose a set of Pods under a logical name for routing rules. C) To store TLS certificates. D) To schedule Pods onto nodes. Answer: B Explanation: A Virtual Service abstracts a group of Pods and enables traffic routing, fault injection, and mirroring via the mesh control plane. Question 22. Which Spring annotation is automatically recognized by Tanzu Build Service to generate a Dockerfile when using the Java Buildpack? A) @SpringBootApplication B) @EnableAutoConfiguration C) @Component D) @Configuration Answer: A
Explanation: The presence of @SpringBootApplication signals the Java Buildpack to generate an appropriate Dockerfile for a Spring Boot executable JAR. Question 23. What is the main advantage of using “Layered Docker Images” produced by Tanzu Build Service? A) They reduce image size by reusing unchanged layers across builds. B) They encrypt each layer separately. C) They allow runtime modification of layers. D) They enable multi-architecture builds automatically. Answer: A Explanation: Layered images allow unchanged layers (e.g., base OS, language runtime) to be cached, speeding up subsequent builds and reducing storage. Question 24. Which of the following is a required step before enabling Tanzu Service Mesh on a workload namespace? A) Installing the Istio sidecar injection label on the namespace. B) Enabling vSphere HA. C) Creating a Service Account with cluster-admin role. D) Deploying a ConfigMap named mesh-config. Answer: A Explanation: The namespace must be labeled istio-injection=enabled (or the equivalent for Tanzu Service Mesh) to trigger automatic sidecar injection. Question 25. In Tanzu Application Platform, which resource defines the “buildpack stack” to be used for Java applications? A) BuildpackConfig CRD B) ClusterStack CRD C) StackTemplate D) ImageBuilderSpec Answer: B Explanation: ClusterStack CRD specifies the stack (base image and run image) that buildpacks use during image creation.
Question 29. In Tanzu Service Mesh, what does “Traffic Split” enable? A) Load balancing across multiple clusters. B) Gradual traffic migration from one version of a service to another. C) Mirroring traffic to an external logging system. D) Encrypting traffic with a custom cipher suite. Answer: B Explanation: Traffic Split allows progressive rollout by splitting inbound traffic between multiple service versions based on defined percentages. Question 30. What is the default namespace where Tanzu Mission Control stores its internal resources? A) tmc-system B) tanzu-mc C) kube-system D) tmc-operator Answer: A Explanation: TMC creates the tmc-system namespace to host its controllers, webhooks, and related resources. Question 31. Which of the following is NOT a supported language pack in Tanzu Build Service? A) Java (Spring Boot) B) Go C) Ruby on Rails D) .NET Core Answer: D Explanation: As of the latest release, Tanzu Build Service supports Java, Go, Node.js, Python, and Ruby, but not .NET Core. Question 32. Which annotation can be added to a Spring Boot application to enable automatic health checks exposed to Tanzu Observability?
A) @EnableHealthIndicators B) @HealthCheck C) @EndpointHealth D) @Actuator Answer: D Explanation: Adding @SpringBootApplication together with the Actuator starter (spring-boot-starter-actuator) exposes health endpoints that Observability can scrape. Question 33. In vSphere with Tanzu, what is the role of the “Supervisor Cluster”? A) To run user workloads directly. B) To provide Kubernetes control plane services that manage workload clusters. C) To store container images locally. D) To host the vCenter Server Appliance. Answer: B Explanation: The Supervisor Cluster runs the Kubernetes control plane on top of vSphere, enabling creation and management of workload clusters. Question 34. Which of the following best describes a “Layered Buildpack” in Tanzu Build Service? A) A buildpack that only compiles source code. B) A buildpack that provides both a build and a run image layer. C) A buildpack that is executed in multiple stages to produce separate image layers. D) A buildpack that only works with Java applications. Answer: C Explanation: Layered buildpacks produce distinct image layers (e.g., dependencies, compiled code) allowing efficient caching and reuse. Question 35. Which of the following is a valid way to provide environment-specific configuration to a Tanzu Application Platform workload? A) Using a ConfigMap named dev-config and referencing it in the workload.
C) ServiceEntry D) PeerAuthentication Answer: A Explanation: AuthorizationPolicy specifies which principals can communicate with a service, controlling inbound and outbound traffic. Question 39. Which of the following best explains the concept of “Infrastructure as Code” (IaC) in the Tanzu ecosystem? A) Storing source code in Git. B) Defining clusters, policies, and packages using declarative YAML files applied via kubectl or tanzu CLI. C) Writing Java code that interacts directly with vSphere APIs. D) Using Dockerfiles to build container images. Answer: B Explanation: IaC in Tanzu involves using YAML manifests (ClusterClass, PackageInstall, PolicyAssignment) that describe infrastructure and are applied programmatically. Question 40. Which command is used to upgrade an existing Tanzu Kubernetes Grid workload cluster? A) tanzu cluster upgrade my-cluster B) tmcctl cluster upgrade my-cluster C) tkgctl upgrade my-cluster D) kubectl rollout restart deployment/my-cluster Answer: C Explanation: tkgctl upgrade initiates an upgrade of a TKG workload cluster to a newer Kubernetes version. Question 41. In Tanzu Build Service, what is the purpose of the “Builder” resource? A) To store Docker credentials. B) To define which buildpacks and stack should be used for building images.
C) To schedule build jobs on a CI server. D) To provide a UI for monitoring builds. Answer: B Explanation: A Builder CRD references a set of buildpacks and a stack, governing how source is transformed into a container image. Question 42. Which of the following statements about “Sidecar Injection” in Tanzu Service Mesh is true? A) It can only be performed manually via kubectl edit. B) It is automatically triggered for namespaces labeled with istio- injection=enabled. C) It requires a custom Dockerfile modification. D) It is disabled by default and cannot be enabled. Answer: B Explanation: Labeling a namespace with istio-injection=enabled causes the mutating webhook to automatically inject the Envoy sidecar into new Pods. Question 43. Which Spring Boot starter is most commonly used with Tanzu Build Service to expose actuator endpoints for health and metrics? A) spring-boot-starter-web B) spring-boot-starter-actuator C) spring-boot-starter-data-jpa D) spring-boot-starter-security Answer: B Explanation: spring-boot-starter-actuator adds health, metrics, and other management endpoints that Tanzu Observability can scrape. Question 44. What does the tanzu apps workload delete command do? A) Removes the workload CR and all associated resources from the cluster. B) Deletes the source code repository from Git. C) Uninstalls Tanzu Application Platform from the cluster.
Answer: C Explanation: Signing images and pushing them to a trusted registry ensures integrity and authenticity, aligning with supply-chain security best practices. Question 48. Which Kubernetes resource type does Tanzu Observability use to automatically discover services for telemetry collection? A) Service B) Pod C) EndpointSlice D) ServiceMonitor (via Prometheus Operator) Answer: D Explanation: Tanzu Observability can scrape metrics from services that are exposed via Prometheus ServiceMonitor resources. Question 49. What is the primary function of the “tanzu login” command? A) To authenticate the CLI against a Tanzu Mission Control or Tanzu Application Platform management endpoint. B) To log into a Kubernetes cluster using a service account token. C) To start a local Docker registry. D) To create a new user in vCenter. Answer: A Explanation: tanzu login authenticates the CLI to the management plane (TMC or TAP) using an API token, enabling subsequent commands. Question 50. Which of the following best describes “Cluster-Class” in Tanzu Kubernetes Grid? A) A custom resource that defines a reusable template for creating multiple workload clusters with consistent settings. B) A Helm chart for deploying a Kubernetes cluster. C) An Ansible playbook for provisioning vSphere resources. D) A Dockerfile used by Tanzu Build Service. Answer: A
Explanation: ClusterClass is a Kubernetes API object that encapsulates cluster topology and defaults, allowing declarative provisioning of workload clusters. Question 51. In Tanzu Build Service, what does the kpack.io/build label on a container image indicate? A) The image was built using Docker directly. B) The image was produced by kpack (the engine behind Tanzu Build Service). C) The image contains a Java runtime. D) The image is deprecated. Answer: B Explanation: The kpack.io/build label is added by kpack to identify images built by the Build Service pipeline. Question 52. Which of the following is a core component of Tanzu Service Mesh architecture? A) Envoy sidecar proxy B) Nginx ingress controller C) RabbitMQ broker D) ElasticSearch node Answer: A Explanation: Tanzu Service Mesh uses Envoy sidecar proxies to intercept and manage all service-to-service traffic. Question 53. Which command retrieves the current version of Tanzu CLI installed on the workstation? A) tanzu version B) tanzu --help C) tanzu cli version D) tanzu info Answer: A Explanation: tanzu version prints the client version of the Tanzu CLI.
Question 57. Which of the following is a prerequisite for enabling Tanzu Observability on a Kubernetes cluster? A) Installing the Wavefront collector DaemonSet. B) Enabling vSphere HA. C) Deploying a Helm chart named observability. D) Configuring a Service Mesh gateway. Answer: A Explanation: The Wavefront collector DaemonSet must be installed to gather metrics, traces, and logs from cluster nodes and pods. Question 58. Which Spring annotation can be used to inject configuration properties from a ConfigMap that Tanzu Application Platform mounts into the pod? A) @Value("${my.prop}") B) @InjectConfig C) @ConfigProperty D) @AutowiredConfig Answer: A Explanation: @Value resolves property placeholders from the environment, which includes ConfigMap entries mounted as environment variables. Question 59. In Tanzu Build Service, what does the term “stack” refer to? A) The set of Kubernetes resources that define a cluster. B) The combination of a build image (builder) and a run image used by buildpacks. C) The collection of Helm charts installed on a cluster. D) The version control system used for source code. Answer: B Explanation: A stack consists of a build image (contains buildpacks) and a run image (runtime environment) that together form the base for generated container images. Question 60. Which of the following is a valid way to expose a Spring Boot application’s health endpoint to Tanzu Service Mesh’s telemetry?
A) Annotate the controller with @MeshHealth. B) Enable the Actuator health endpoint and ensure the sidecar can reach it on the same pod. C) Add a ServiceEntry for the health endpoint. D) Use a custom Ingress rule. Answer: B Explanation: Enabling Actuator health (management.endpoint.health.enabled=true) makes the endpoint available on localhost, which the sidecar can scrape for telemetry. Question 61. Which of the following best describes the “tanzu package available list” command? A) Lists all package repositories configured for the current context. B) Shows all packages (e.g., Contour, cert-manager) that can be installed on the cluster. C) Displays installed Helm charts. D) Returns a list of Docker images in the registry. Answer: B Explanation: tanzu package available list enumerates all installable packages from the configured package repositories. Question 62. In Tanzu Mission Control, what is the effect of applying a “NetworkPolicy” policy to a managed cluster? A) It automatically generates Calico policies to enforce pod-level network segmentation. B) It disables all network traffic. C) It creates a firewall rule on the vSphere NSX-T edge. D) It converts the cluster to a single-node configuration. Answer: A Explanation: TMC’s NetworkPolicy policy translates into underlying CNI (e.g., Calico) rules that enforce the defined pod-level network policies.