Speaker KCD DC 2023 Practice Exam, Exams of Technology

This exam evaluates the skills required to present at Kubernetes Community Days DC. Candidates must demonstrate the ability to create community-focused technical talks, provide actionable insights, deliver demos, address regional Kubernetes use cases, and communicate emerging patterns such as edge computing, multi-cluster operations, GitOps, and platform engineering. Emphasis is placed on clarity, technical accuracy, and community engagement.

Typology: Exams

2025/2026

Available from 01/11/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 102

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Speaker KCD DC 2023 Practice Exam
**Question 1.** Which Kubernetes component is responsible for maintaining the desired state
of the cluster by continuously reconciling the actual state with the declared configuration?
A) kubelet
B) kube-proxy
C) kube-apiserver
D) kube-controllermanager
Answer: D
Explanation: The kubecontrollermanager runs controllers (e.g., Deployment, ReplicaSet) that
watch the API server and act to drive the current state toward the desired state.
**Question 2.** In an airgapped Kubernetes deployment, which method is most reliable for
distributing container images to worker nodes?
A) Direct pull from Docker Hub
B) Image pullthrough cache behind a proxy
C) Preloading images via `docker load` or `ctr images import` on each node
D) Using a public CDN
Answer: C
Explanation: Without internet connectivity, images must be manually transferred (e.g., via USB
or internal registry) and loaded directly on each node.
**Question 3.** Which of the following best describes “container hardening”?
A) Scaling containers automatically based on CPU usage
B) Reducing the attack surface of container images by removing unnecessary binaries and using
nonroot users
C) Adding more replicas to a Deployment for high availability
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Speaker KCD DC 2023 Practice Exam and more Exams Technology in PDF only on Docsity!

Question 1. Which Kubernetes component is responsible for maintaining the desired state of the cluster by continuously reconciling the actual state with the declared configuration? A) kubelet B) kube-proxy C) kube-apiserver D) kube-controller‑manager Answer: D Explanation: The kube‑controller‑manager runs controllers (e.g., Deployment, ReplicaSet) that watch the API server and act to drive the current state toward the desired state. Question 2. In an air‑gapped Kubernetes deployment, which method is most reliable for distributing container images to worker nodes? A) Direct pull from Docker Hub B) Image pull‑through cache behind a proxy C) Pre‑loading images via docker load or ctr images import on each node D) Using a public CDN Answer: C Explanation: Without internet connectivity, images must be manually transferred (e.g., via USB or internal registry) and loaded directly on each node. Question 3. Which of the following best describes “container hardening”? A) Scaling containers automatically based on CPU usage B) Reducing the attack surface of container images by removing unnecessary binaries and using non‑root users C) Adding more replicas to a Deployment for high availability

D) Enabling sidecar injection for logging Answer: B Explanation: Container hardening focuses on minimizing vulnerabilities by stripping unnecessary components and avoiding privileged execution. Question 4. The “Cluster Provenance” concept primarily helps with: A) Real‑time metrics collection B) Tracking the origin, version, and configuration history of a Kubernetes cluster for reproducibility C) Autoscaling worker nodes D) Managing network policies Answer: B Explanation: Provenance records the source and evolution of cluster manifests, enabling consistent recreation of environments. Question 5. Which tool is specifically designed to detect malicious syscalls in a Kubernetes node using eBPF? A) Trivy B) Falco C) Helm D) Argo CD Answer: B Explanation: Falco leverages eBPF (or kernel modules) to monitor system calls and generate alerts on suspicious activity.

C) Docker Compose files D) Helm chart values Answer: B Explanation: OPA Gatekeeper and Kyverno allow declarative policies that are enforced on cluster resources. Question 9. Which OpenTelemetry signal is primarily used for tracing distributed requests across microservices? A) Metrics B) Logs C) Traces D) Events Answer: C Explanation: Traces capture spans and context propagation to visualize request flow across services. Question 10. In incident analysis, moving beyond “root cause” to “human‑system interaction” helps teams to: A) Identify the exact line of code that failed B) Understand procedural gaps, communication failures, and tool misuse that contributed to the outage C) Assign blame to a single engineer D) Reduce the number of alerts Answer: B

Explanation: Considering the socio‑technical aspects reveals why a technically correct system still failed. Question 11. Which metric is considered a “non‑obvious” indicator of delivery performance in a cloud‑native organization? A) CPU utilization B) Time to Market (TTM) for a feature C) Number of pods D) Disk I/O Answer: B Explanation: TTM reflects the efficiency of the delivery pipeline and organizational agility, not just resource usage. Question 12. For cost‑effective log management at scale, which pattern is recommended? A) Storing raw logs indefinitely on local disks B) Using a “log aggregation → hot tier → cold tier” pipeline with compression and lifecycle policies C) Sending logs to a public Git repository D) Disabling log collection Answer: B Explanation: Tiered storage balances query performance for recent logs with low‑cost archival for older data. Question 13. An Internal Developer Platform (IDP) primarily aims to: A) Replace Kubernetes with a proprietary scheduler

Answer: B Explanation: Contract testing validates that the published API contract is honored by the service implementation. Question 16. Serverless Kubernetes (e.g., Knative) abstracts away: A) The need for any containers B) Underlying node provisioning and scaling, allowing developers to focus on code while the platform handles request‑driven scaling C) All networking configuration D) Persistent storage Answer: B Explanation: Knative provides request‑driven autoscaling (including to zero) on top of Kubernetes. Question 17. Which regulatory challenge is most common for government agencies adopting Kubernetes? A) Unlimited public internet access for nodes B) Requirement for FedRAMP‑approved cloud services and strict audit trails C) No need for encryption at rest D) Unlimited use of open‑source licenses Answer: B Explanation: Federal agencies must meet FedRAMP compliance, which mandates rigorous security controls and auditability. Question 18. When integrating Generative AI (LLMs) into CI/CD pipelines, a primary risk is:

A) Faster build times B) Hallucinated code suggestions that introduce security flaws C) Reduced storage usage D) Improved test coverage Answer: B Explanation: LLMs can generate plausible‑looking but incorrect code, potentially embedding vulnerabilities if not reviewed. Question 19. The Recreation.gov traffic spike incident highlighted the importance of: A) Using a single monolithic server B) Implementing multi‑regional traffic routing, autoscaling, and graceful degradation strategies C) Disabling TLS to improve performance D) Relying on manual scaling Answer: B Explanation: Distributed load‑balancing and automated scaling prevented the system from collapsing under sudden demand. Question 20. Which metric helps evaluate the environmental impact of a Kubernetes workload? A) Number of pods B) CPU‑seconds multiplied by the carbon intensity of the underlying power grid (CO₂e) C) Memory limit size D) Number of services Answer: B

B) Cilium C) Istio D) Helm Answer: B Explanation: Cilium leverages eBPF for transparent networking, security policies, and observability. Question 24. A “sidecar” pattern is most appropriate when: A) You need to replace the main container’s image B) Adding auxiliary functionality (e.g., logging, proxy) without modifying the primary application image C) Scaling the pod horizontally D) Changing the pod’s namespace Answer: B Explanation: Sidecars run alongside the main container, providing supplemental capabilities. Question 25. Which of the following is a key benefit of using “immutable infrastructure” in Kubernetes? A) Ability to edit live resources directly with kubectl edit B) Guarantees that once a resource version is deployed, it never changes, reducing configuration drift C) Eliminates the need for version control D) Allows pods to run as root Answer: B

Explanation: Immutable infrastructure ensures reproducibility and consistency across environments. Question 26. The “Cluster Autoscaler” in Kubernetes reacts to: A) CPU usage inside a pod B) Unschedulable pods due to insufficient resources, scaling the node pool accordingly C) Number of services in the namespace D) Changes in ConfigMaps Answer: B Explanation: It adds or removes nodes based on scheduling failures caused by resource constraints. Question 27. Which practice helps mitigate “dependency confusion” attacks in a private container registry? A) Allowing any image from Docker Hub B) Enforcing strict image signing (e.g., Cosign) and refusing unsigned images C) Disabling TLS D) Using latest tag for all images Answer: B Explanation: Signed images ensure authenticity and prevent maliciously crafted similarly‑named packages. Question 28. In the context of OODA loops (Observe‑Orient‑Decide‑Act), “Observe” in a cloud‑native environment typically involves: A) Deploying new services

Question 31. When using OpenTelemetry Collector in a “gateway” deployment mode, the collector: A) Runs inside each application pod B) Receives telemetry from multiple agents and forwards it to back‑ends, reducing per‑pod overhead C) Stores logs on local disk only D) Replaces Prometheus entirely Answer: B Explanation: The gateway mode centralizes processing, aggregating data from many agents. Question 32. Which of the following best describes “policy linting” for Kubernetes manifests? A) Formatting YAML files with prettier B) Validating manifests against best‑practice rules (e.g., no privileged containers) before they are applied C) Compressing manifests to reduce size D) Automatically generating Helm charts Answer: B Explanation: Linting checks for policy violations such as insecure settings before deployment. Question 33. The “Log4Shell” vulnerability highlighted the need for which of the following in incident response? A) Ignoring third‑party libraries B) Rapid dependency scanning, patching, and a clear communication plan to stakeholders

C) Disabling all logging D) Using only Java 8 Answer: B Explanation: Log4Shell showed how a single library flaw can be catastrophic; quick detection and coordinated response are essential. Question 34. Which Kubernetes feature allows you to run a pod on a node that meets specific hardware criteria (e.g., GPU)? A) Taints and tolerations B) Node selectors and node affinity C) Service accounts D) ConfigMaps Answer: B Explanation: Node affinity lets you specify required or preferred node labels, such as those indicating GPU presence. Question 35. In a GitOps workflow, the “reconciliation loop” is typically executed by: A) A human operator manually applying manifests B) An automated controller (e.g., Flux, Argo CD) that watches the Git repo and applies changes to the cluster C) The kubelet on each node D) The Docker daemon Answer: B

B) Monitoring collects predefined metrics; observability provides the ability to ask arbitrary questions about system state through logs, traces, and metrics C) They are identical concepts D) Observability only applies to serverless Answer: B Explanation: Observability is a broader discipline that enables insight beyond fixed dashboards. Question 39. In a highly regulated environment, which Kubernetes admission controller can enforce that all images are signed with a specific key? A) NamespaceLifecycle B) ImagePolicyWebhook (OPA Gatekeeper) C) ServiceAccount D) PersistentVolumeLabel Answer: B Explanation: An admission webhook can reject pods whose images lack a valid signature. Question 40. Which of the following is a common pattern for “blue‑green” deployments in Kubernetes? A) Deleting the old Deployment before creating the new one B) Creating a new Deployment with a different label selector, routing traffic via a Service, then switching the Service selector once the new version is verified C) Using a single pod and updating its image in place D) Scaling the Deployment to zero Answer: B

Explanation: Blue‑green uses two parallel environments and flips traffic by changing the Service selector. Question 41. The “PodDisruptionBudget” (PDB) is used to: A) Limit the number of pods that can be created in a namespace B) Ensure a minimum number or percentage of pods remain available during voluntary disruptions (e.g., node upgrades) C) Set CPU limits for pods D) Define network policies Answer: B Explanation: PDB protects against excessive simultaneous pod terminations. Question 42. Which of the following statements about “ephemeral containers” is true? A) They replace the main container in a pod B) They are used for debugging purposes, added to a running pod without restarting it C) They provide persistent storage D) They are the same as init containers Answer: B Explanation: Ephemeral containers can be injected into a live pod to run debugging tools. Question 43. In the context of “sustainability in tech,” which practice directly reduces the carbon footprint of a Kubernetes workload? A) Running all workloads on a single large node instead of multiple small nodes, if utilization is high B) Increasing replica count arbitrarily

Question 46. Which of the following best explains “controller‑runtime” in the context of building custom Kubernetes controllers? A) A GUI for managing pods B) A Go library that abstracts client‑set interactions, event handling, and reconciliation logic for custom controllers/operators C) A hardware appliance D) A logging framework Answer: B Explanation: controller‑runtime simplifies operator development by handling boilerplate. Question 47. In a multi‑tenant Kubernetes cluster, which isolation mechanism is considered the strongest? A) Namespace‑level RBAC only B) Separate node pools with dedicated hardware (or dedicated clusters) combined with network policies C) Using the same ServiceAccount for all tenants D) Sharing a single namespace Answer: B Explanation: Physical or node‑pool isolation plus network policies provides strong tenant separation. Question 48. Which of the following is a primary advantage of using “Helm” for package management in Kubernetes? A) Automatic scaling of pods B) Versioned, templated charts that simplify application deployment and upgrades C) Replaces the need for the kube‑apiserver

D) Provides built‑in security scanning Answer: B Explanation: Helm charts allow reusable, versioned definitions of Kubernetes resources. Question 49. The “Kubernetes API Server” authenticates incoming requests via: a) Certificates, bearer tokens, OpenID Connect, and webhook token authentication b) Only IP address filtering c) DNS queries d) None of the above Answer: A Explanation: The API server supports multiple authentication strategies, including X. certificates, JWT tokens, OIDC, and webhook. Question 50. Which of the following is a key consideration when deploying workloads to “edge” clusters with limited connectivity? A) Relying on real‑time image pulls from public registries B) Pre‑loading images and using GitOps with a local Git server to avoid external network dependencies C) Disabling all security policies D) Using only Windows containers Answer: B Explanation: Edge environments need offline image distribution and local Git repos for declarative management.