Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Linux Foundation KCNA Dumps Questions Answers

Page: 1 / 18
Total 239 questions

Kubernetes and Cloud Native Associate Questions and Answers

Question 1

Which GitOps engine can be used to orchestrate parallel jobs on Kubernetes?

Options:

A.

Jenkins X

B.

Flagger

C.

Flux

D.

Argo Workflows

Buy Now
Question 2

In the DevOps framework and culture, who builds, automates, and offers continuous delivery tools for developer teams?

Options:

A.

Application Users

B.

Application Developers

C.

Platform Engineers

D.

Cluster Operators

Question 3

Which group of container runtimes provides additional sandboxed isolation and elevated security?

Options:

A.

rune, cgroups

B.

docker, containerd

C.

runsc, kata

D.

crun, cri-o

Question 4

What is the difference between a Deployment and a ReplicaSet?

Options:

A.

With a Deployment, you can’t control the number of pod replicas.

B.

A ReplicaSet does not guarantee a stable set of replica pods running.

C.

A Deployment is basically the same as a ReplicaSet with annotations.

D.

A Deployment is a higher-level concept that manages ReplicaSets.

Question 5

What is a Pod?

Options:

A.

A networked application within Kubernetes.

B.

A storage volume within Kubernetes.

C.

A single container within Kubernetes.

D.

A group of one or more containers within Kubernetes.

Question 6

Which of the following are tasks performed by a container orchestration tool?

Options:

A.

Schedule, scale, and manage the health of containers.

B.

Create images, scale, and manage the health of containers.

C.

Debug applications, and manage the health of containers.

D.

Store images, scale, and manage the health of containers.

Question 7

Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called:

Options:

A.

Namespaces

B.

Containers

C.

Hypervisors

D.

cgroups

Question 8

What is CRD?

Options:

A.

Custom Resource Definition

B.

Custom Restricted Definition

C.

Customized RUST Definition

D.

Custom RUST Definition

Question 9

When a Kubernetes Secret is created, how is the data stored by default in etcd?

Options:

A.

As Base64-encoded strings that provide simple encoding but no actual encryption.

B.

As plain text values that are directly stored without any obfuscation or additional encoding.

C.

As compressed binary objects that are optimized for space but not secured against access.

D.

As encrypted records automatically protected using the Kubernetes control plane master key.

Question 10

Which of these commands is used to retrieve the documentation and field definitions for a Kubernetes resource?

Options:

A.

kubectl explain

B.

kubectl api-resources

C.

kubectl get --help

D.

kubectl show

Question 11

In Kubernetes, what is the primary responsibility of the kubelet running on each worker node?

Options:

A.

To allocate persistent storage volumes and manage distributed data replication for Pods.

B.

To manage cluster state information and handle all scheduling decisions for workloads.

C.

To ensure that containers defined in Pod specifications are running and remain healthy on the node.

D.

To provide internal DNS resolution and route service traffic between Pods and nodes.

Question 12

Which of the following resources helps in managing a stateless application workload on a Kubernetes cluster?

Options:

A.

DaemonSet

B.

StatefulSet

C.

kubectl

D.

Deployment

Question 13

Which component of the node is responsible to run workloads?

Options:

A.

The kubelet.

B.

The kube-proxy.

C.

The kube-apiserver.

D.

The container runtime.

Question 14

Which of the following would fall under the responsibilities of an SRE?

Options:

A.

Developing a new application feature.

B.

Creating a monitoring baseline for an application.

C.

Submitting a budget for running an application in a cloud.

D.

Writing policy on how to submit a code change.

Question 15

What is the telemetry component that represents a series of related distributed events that encode the end-to-end request flow through a distributed system?

Options:

A.

Metrics

B.

Logs

C.

Spans

D.

Traces

Question 16

What edge and service proxy tool is designed to be integrated with cloud native applications?

Options:

A.

CoreDNS

B.

CNI

C.

gRPC

D.

Envoy

Question 17

Which of the following is the correct command to run an nginx deployment with 2 replicas?

Options:

A.

kubectl run deploy nginx --image=nginx --replicas=2

B.

kubectl create deploy nginx --image=nginx --replicas=2

C.

kubectl create nginx deployment --image=nginx --replicas=2

D.

kubectl create deploy nginx --image=nginx --count=2

Question 18

Kubernetes ___ protect you against voluntary interruptions (such as deleting Pods, draining nodes) to run applications in a highly available manner.

Options:

A.

Pod Topology Spread Constraints

B.

Pod Disruption Budgets

C.

Taints and Tolerations

D.

Resource Limits and Requests

Question 19

Which of the following options includes valid API versions?

Options:

A.

alpha1v1, beta3v3, v2

B.

alpha1, beta3, v2

C.

v1alpha1, v2beta3, v2

D.

v1alpha1, v2beta3, 2.0

Question 20

What is the correct hierarchy of Kubernetes components?

Options:

A.

Containers → Pods → Cluster → Nodes

B.

Nodes → Cluster → Containers → Pods

C.

Cluster → Nodes → Pods → Containers

D.

Pods → Cluster → Containers → Nodes

Question 21

What is the common standard for Service Meshes?

Options:

A.

Service Mesh Specification (SMS)

B.

Service Mesh Technology (SMT)

C.

Service Mesh Interface (SMI)

D.

Service Mesh Function (SMF)

Question 22

What is the main purpose of a DaemonSet?

Options:

A.

A DaemonSet ensures that all (or certain) nodes run a copy of a Pod.

B.

A DaemonSet ensures that the kubelet is constantly up and running.

C.

A DaemonSet ensures that there are as many pods running as specified in the replicas field.

D.

A DaemonSet ensures that a process (agent) runs on every node.

Question 23

A Pod has been created, but when checked with kubectl get pods, the READY column shows 0/1. What Kubernetes feature causes this behavior?

Options:

A.

Node Selector

B.

Readiness Probes

C.

DNS Policy

D.

Security Contexts

Question 24

Which persona is normally responsible for defining, testing, and running an incident management process?

Options:

A.

Site Reliability Engineers

B.

Project Managers

C.

Application Developers

D.

Quality Engineers

Question 25

Which option best represents the Pod Security Standards ordered from most permissive to most restrictive?

Options:

A.

Privileged, Baseline, Restricted

B.

Baseline, Privileged, Restricted

C.

Baseline, Restricted, Privileged

D.

Privileged, Restricted, Baseline

Question 26

What happens with a regular Pod running in Kubernetes when a node fails?

Options:

A.

A new Pod with the same UID is scheduled to another node after a while.

B.

A new, near-identical Pod but with different UID is scheduled to another node.

C.

By default, a Pod can only be scheduled to the same node when the node fails.

D.

A new Pod is scheduled on a different node only if it is configured explicitly.

Question 27

In Kubernetes, what is the primary purpose of using annotations?

Options:

A.

To control the access permissions for users and service accounts.

B.

To provide a way to attach metadata to objects.

C.

To specify the deployment strategy for applications.

D.

To define the specifications for resource limits and requests.

Question 28

What framework does Kubernetes use to authenticate users with JSON Web Tokens?

Options:

A.

OpenID Connect

B.

OpenID Container

C.

OpenID Cluster

D.

OpenID CNCF

Question 29

What is the practice of bringing financial accountability to the variable spend model of cloud resources?

Options:

A.

FaaS

B.

DevOps

C.

CloudCost

D.

FinOps

Question 30

A platform engineer is tasked with ensuring that an application can securely access the Kubernetes API without using a developer’s personal credentials. What is the correct way to configure this?

Options:

A.

Create a ServiceAccount and bind it to the Pod for API access.

B.

Generate a certificate for the application to access the API.

C.

Use a developer’s kubeconfig file with restricted permissions.

D.

Set the application to use the default ServiceAccount in the namespace.

Question 31

What does CNCF stand for?

Options:

A.

Cloud Native Community Foundation

B.

Cloud Native Computing Foundation

C.

Cloud Neutral Computing Foundation

D.

Cloud Neutral Community Foundation

Question 32

Which of the following options is true about considerations for large Kubernetes clusters?

Options:

A.

Kubernetes supports up to 1000 nodes and recommends no more than 1000 containers per node.

B.

Kubernetes supports up to 5000 nodes and recommends no more than 500 Pods per node.

C.

Kubernetes supports up to 5000 nodes and recommends no more than 110 Pods per node.

D.

Kubernetes supports up to 50 nodes and recommends no more than 1000 containers per node.

Question 33

In the Kubernetes platform, which component is responsible for running containers?

Options:

A.

etcd

B.

CRI-O

C.

cloud-controller-manager

D.

kube-controller-manager

Question 34

The Kubernetes project work is carried primarily by SIGs. What does SIG stand for?

Options:

A.

Special Interest Group

B.

Software Installation Guide

C.

Support and Information Group

D.

Strategy Implementation Group

Question 35

How long should a stable API element in Kubernetes be supported (at minimum) after deprecation?

Options:

A.

9 months

B.

24 months

C.

12 months

D.

6 months

Question 36

Which of the following options include only mandatory fields to create a Kubernetes object using a YAML file?

Options:

A.

apiVersion, template, kind, status

B.

apiVersion, metadata, status, spec

C.

apiVersion, template, kind, spec

D.

apiVersion, metadata, kind, spec

Question 37

Which command lists the running containers in the current Kubernetes namespace?

Options:

A.

kubectl get pods

B.

kubectl ls

C.

kubectl ps

D.

kubectl show pods

Question 38

In Kubernetes, which abstraction defines a logical set of Pods and a policy by which to access them?

Options:

A.

Service Account

B.

NetworkPolicy

C.

Service

D.

Custom Resource Definition

Question 39

Which tool is used to streamline installing and managing Kubernetes applications?

Options:

A.

apt

B.

helm

C.

service

D.

brew

Question 40

When modifying an existing Helm release to apply new configuration values, which approach is the best practice?

Options:

A.

Use helm upgrade with the --set flag to apply new values while preserving the release history.

B.

Use kubectl edit to modify the live release configuration and apply the updated resource values.

C.

Delete the release and reinstall it with the desired configuration to force an updated deployment.

D.

Edit the Helm chart source files directly and reapply them to push the updated configuration values.

Question 41

Which type of Service requires manual creation of Endpoints?

Options:

A.

LoadBalancer

B.

Services without selectors

C.

NodePort

D.

ClusterIP with selectors

Question 42

What does the livenessProbe in Kubernetes help detect?

Options:

A.

When a container is ready to serve traffic.

B.

When a container has started successfully.

C.

When a container exceeds resource limits.

D.

When a container is unresponsive.

Question 43

How can you extend the Kubernetes API?

Options:

A.

Adding a CustomResourceDefinition or implementing an aggregation layer.

B.

Adding a new version of a resource, for instance v4beta3.

C.

With the command kubectl extend api, logged in as an administrator.

D.

Adding the desired API object as a kubelet parameter.

Question 44

What is the primary mechanism to identify grouped objects in a Kubernetes cluster?

Options:

A.

Custom Resources

B.

Labels

C.

Label Selector

D.

Pod

Question 45

A platform engineer wants to ensure that a new microservice is automatically deployed to every cluster registered in Argo CD. Which configuration best achieves this goal?

Options:

A.

Set up a Kubernetes CronJob that redeploys the microservice to all registered clusters on a schedule.

B.

Manually configure every registered cluster with the deployment YAML for installing the microservice.

C.

Create an Argo CD ApplicationSet that uses a Git repository containing the microservice manifests.

D.

Use a Helm chart to package the microservice and manage it with a single Application defined in Argo CD.

Question 46

Manual reclamation policy of a PV resource is known as:

Options:

A.

claimRef

B.

Delete

C.

Retain

D.

Recycle

Question 47

Ceph is a highly scalable distributed storage solution for block storage, object storage, and shared filesystems with years of production deployments. Which open-source cloud native storage orchestrator automates deployment and management of Ceph to provide self-managing, self-scaling, and self-healing storage services?

Options:

A.

CubeFS

B.

OpenEBS

C.

Rook

D.

MinIO

Question 48

The cloud native architecture centered around microservices provides a strong system that ensures ______________.

Options:

A.

fallback

B.

resiliency

C.

failover

D.

high reachability

Question 49

What’s the difference between a security profile and a security context?

Options:

A.

Security Contexts configure Clusters and Namespaces at runtime. Security profiles are control plane mechanisms to enforce specific settings in the Security Context.

B.

Security Contexts configure Pods and Containers at runtime. Security profiles are control plane mechanisms to enforce specific settings in the Security Context.

C.

Security Profiles configure Pods and Containers at runtime. Security Contexts are control plane mechanisms to enforce specific settings in the Security Profile.

D.

Security Profiles configure Clusters and Namespaces at runtime. Security Contexts are control plane mechanisms to enforce specific settings in the Security Profile.

Question 50

How do you deploy a workload to Kubernetes without additional tools?

Options:

A.

Create a Bash script and run it on a worker node.

B.

Create a Helm Chart and install it with helm.

C.

Create a manifest and apply it with kubectl.

D.

Create a Python script and run it with kubectl.

Question 51

What element allows Kubernetes to run Pods across the fleet of nodes?

Options:

A.

The node server.

B.

The etcd static pods.

C.

The API server.

D.

The kubelet.

Question 52

What methods can you use to scale a Deployment?

Options:

A.

With kubectl edit deployment exclusively.

B.

With kubectl scale-up deployment exclusively.

C.

With kubectl scale deployment and kubectl edit deployment.

D.

With kubectl scale deployment exclusively.

Question 53

What is Flux constructed with?

Options:

A.

GitLab Environment Toolkit

B.

GitOps Toolkit

C.

Helm Toolkit

D.

GitHub Actions Toolkit

Question 54

What is a Service?

Options:

A.

A static network mapping from a Pod to a port.

B.

A way to expose an application running on a set of Pods.

C.

The network configuration for a group of Pods.

D.

An NGINX load balancer that gets deployed for an application.

Question 55

In a cloud native environment, who is usually responsible for maintaining the workloads running across the different platforms?

Options:

A.

The cloud provider.

B.

The Site Reliability Engineering (SRE) team.

C.

The team of developers.

D.

The Support Engineering team (SE).

Question 56

Scenario: You have a Kubernetes cluster hosted in a public cloud provider. When trying to create a Service of type LoadBalancer, the external-ip is stuck in the "Pending" state. Which Kubernetes component is failing in this scenario?

Options:

A.

Cloud Controller Manager

B.

Load Balancer Manager

C.

Cloud Architecture Manager

D.

Cloud Load Balancer Manager

Question 57

What is a cloud native application?

Options:

A.

It is a monolithic application that has been containerized and is running now on the cloud.

B.

It is an application designed to be scalable and take advantage of services running on the cloud.

C.

It is an application designed to run all its functions in separate containers.

D.

It is any application that runs in a cloud provider and uses its services.

Question 58

What helps an organization to deliver software more securely at a higher velocity?

Options:

A.

Kubernetes

B.

apt-get

C.

Docker Images

D.

CI/CD Pipeline

Question 59

How are ReplicaSets and Deployments related?

Options:

A.

Deployments manage ReplicaSets and provide declarative updates to Pods.

B.

ReplicaSets manage stateful applications, Deployments manage stateless applications.

C.

Deployments are runtime instances of ReplicaSets.

D.

ReplicaSets are subsets of Jobs and CronJobs which use imperative Deployments.

Question 60

How many different Kubernetes service types can you define?

Options:

A.

2

B.

3

C.

4

D.

5

Question 61

What is the default value for authorization-mode in Kubernetes API server?

Options:

A.

--authorization-mode=RBAC

B.

--authorization-mode=AlwaysAllow

C.

--authorization-mode=AlwaysDeny

D.

--authorization-mode=ABAC

Question 62

Which component of the Kubernetes architecture is responsible for integration with the CRI container runtime?

Options:

A.

kubeadm

B.

kubelet

C.

kube-apiserver

D.

kubectl

Question 63

Can a Kubernetes Service expose multiple ports?

Options:

A.

No, you can only expose one port per each Service.

B.

Yes, but you must specify an unambiguous name for each port.

C.

Yes, the only requirement is to use different port numbers.

D.

No, because the only port you can expose is port number 443.

Question 64

A Kubernetes Pod is returning a CrashLoopBackOff status. What is the most likely reason for this behavior?

Options:

A.

There are insufficient resources allocated for the Pod.

B.

The application inside the container crashed after starting.

C.

The container’s image is missing or cannot be pulled.

D.

The Pod is unable to communicate with the Kubernetes API server.

Question 65

Which are the two primary modes for Service discovery within a Kubernetes cluster?

Options:

A.

Environment variables and DNS

B.

API calls and LDAP

C.

Labels and RADIUS

D.

Selectors and DHCP

Question 66

In Kubernetes, what is the primary function of a RoleBinding?

Options:

A.

To provide a user or group with permissions across all resources at the cluster level.

B.

To assign the permissions of a Role to a user, group, or service account within a namespace.

C.

To enforce namespace network rules by binding policies to Pods running in the namespace.

D.

To create and define a new Role object that contains a specific set of permissions.

Question 67

A Kubernetes _____ is an abstraction that defines a logical set of Pods and a policy by which to access them.

Options:

A.

Selector

B.

Controller

C.

Service

D.

Job

Question 68

What Kubernetes control plane component exposes the programmatic interface used to create, manage and interact with the Kubernetes objects?

Options:

A.

kube-controller-manager

B.

kube-proxy

C.

kube-apiserver

D.

etcd

Question 69

Which of the following capabilities are you allowed to add to a container using the Restricted policy?

Options:

A.

CHOWN

B.

SYS_CHROOT

C.

SETUID

D.

NET_BIND_SERVICE

Question 70

Which of the following is the name of a container orchestration software?

Options:

A.

OpenStack

B.

Docker

C.

Apache Mesos

D.

CRI-O

Question 71

What is a probe within Kubernetes?

Options:

A.

A monitoring mechanism of the Kubernetes API.

B.

A pre-operational scope issued by the kubectl agent.

C.

A diagnostic performed periodically by the kubelet on a container.

D.

A logging mechanism of the Kubernetes API.

Page: 1 / 18
Total 239 questions