Free Practice Questions Kubernetes & Cloud Native Associate 30 Questions with Answers Free Practice Questions Kubernetes & Cloud Native Associate 30 Questions with Answers
FREE QUESTIONS

Kubernetes & Cloud Native Associate
Practice Questions

30 free questions with correct answers and detailed explanations.

30 Free Questions
2 Free Exams
100% With Explanations

KCNA Practice Set-01

15 questions
Q1
What is the default deployment strategy in Kubernetes?
Rolling update
B Blue/Green deployment
C Canary deployment
D Recreate deployment
Correct Answer
Rolling update
Explanation
The default deployment strategy in Kubernetes is RollingUpdate, which gradually replaces old Pods with new ones to ensure zero downtime. It uses maxSurge and maxUnavailable parameters to control the rate of update. The alternative Recreate strategy terminates all old Pods before creating new ones, causing downtime. For more details, see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
Q2
How do you perform a command in a running container of a Pod?
kubectl exec--
B docker exec
C kubectl run--
D kubectl attach-i
Correct Answer
kubectl exec--
Explanation
The 'kubectl exec -it <pod-name> -- <command>' command allows you to execute a command in a running container. The '-it' flags allocate an interactive TTY, enabling interactive shell sessions. You can also specify a container within a multi-container pod using the '-c <container-name>' flag. For more details, see https://kubernetes.io/docs/reference/kubectl/generated/kubectl_exec/
Q3
Which of the following is a correct definition of a Helm chart?
A A Helm chart is a collection of YAML files bundled in a tar.gz file and can be applied without decompressing it.
B A Helm chart is a collection of JSON files and contains all the resource definitions to run an application on Kubernetes.
C A Helm chart is a collection of YAML files that can be applied on Kubernetes by using the kubectl tool.
A Helm chart is similar to a package and contains all the resource definitions to run an application on Kubernetes.
Correct Answer
A Helm chart is similar to a package and contains all the resource definitions to run an application on Kubernetes.
Explanation
A Helm chart is a collection of files that describe a related set of Kubernetes resources. It is a packaging format that bundles Kubernetes manifests, default configuration values, and templates into a deployable unit. Charts can be versioned, shared, and reused, making it easy to deploy complex applications consistently. For more details, see https://helm.sh/docs/topics/charts/
Q4
Which of the following sentences is true about namespaces in Kubernetes?
A You can create a namespace within another namespace in Kubernetes.
B You can create two resources of the same kind and name in a namespace.
The default namespace exists when a new cluster is created.
D All the objects in the cluster are namespaced by default.
Correct Answer
The default namespace exists when a new cluster is created.
Explanation
Namespaces in Kubernetes provide a mechanism to isolate groups of resources within a single cluster. They allow multiple teams or projects to share a cluster while maintaining separation of resources, quotas, and access controls. Resources in different namespaces can communicate using their fully qualified DNS names. For more details, see https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
Q5
How does Horizontal Pod autoscaling work in Kubernetes?
A The Horizontal Pod Autoscaler controller adds more CPU or memory to the pods when the load is above the configured threshold, and reduces CPU or memory when the load is below.
B The Horizontal Pod Autoscaler controller adds more pods when the load is above the configured threshold, but does not reduce the number of pods when the load is below.
C The Horizontal Pod Autoscaler controller adds more pods to the specified DaemonSet when the load is above the configured threshold, and reduces the number of pods when the load is below.
The Horizontal Pod Autoscaler controller adds more pods when the load is above the configured threshold, and reduces the number of pods when the load is below.
Correct Answer
The Horizontal Pod Autoscaler controller adds more pods when the load is above the configured threshold, and reduces the number of pods when the load is below.
Explanation
Horizontal Pod Autoscaling (HPA) works by periodically querying metrics (from the metrics-server or custom metrics APIs), comparing them against target thresholds, and adjusting the replica count of a Deployment or StatefulSet accordingly. The default metrics include CPU and memory utilization. The HPA controller runs a reconciliation loop every 15 seconds by default. For more details, see https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
Q6
What is a Pod?
A A networked application within Kubernetes.
B A storage volume within Kubernetes.
C A single container within Kubernetes.
A group of one or more containers within Kubernetes.
Correct Answer
A group of one or more containers within Kubernetes.
Explanation
A Pod is the smallest deployable unit in Kubernetes, representing one or more containers that share storage, network, and a specification for how to run the containers. Containers within a Pod share the same IP address, port space, and can communicate via localhost. Pods are ephemeral and managed by higher-level controllers like Deployments and StatefulSets. For more details, see https://kubernetes.io/docs/concepts/workloads/pods/
Q7
What is the Kubernetes object used for running a recurring workload?
A Job
B Batch
C DaemonSet
CronJob
Correct Answer
CronJob
Explanation
A CronJob is the Kubernetes object used for running recurring workloads on a time-based schedule. It creates Jobs at specified times using a standard Unix cron expression syntax. CronJobs are suitable for periodic batch processing, report generation, or any task that needs to run on a schedule. For more details, see https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
Q8
Which kubectl command is useful for collecting information about any type of resource that is active in a Kubernetes cluster?
describe
B list
C expose
D explain
Correct Answer
describe
Explanation
'kubectl get all' is useful for collecting information about multiple resource types in a cluster, though 'kubectl get <resource>' targets specific types. The 'kubectl describe' command gives detailed information about a specific resource. Using 'kubectl get all -A' lists common resources across all namespaces. For more details, see https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/
Q9
Kubernetes___ protect you against voluntary interruptions (such as deleting Pods, draining nodes) to run applications in a highly available manner.
A Pod Topology Spread Constraints
Pod Disruption Budgets
C Taints and Tolerances
D Resource Limits and Requests
Correct Answer
Pod Disruption Budgets
Explanation
Pod Disruption Budgets (PDBs) protect against voluntary disruptions such as node drains, kubectl delete pod, or cluster upgrades. They define the minimum number of pods that must remain available (minAvailable) or maximum unavailable (maxUnavailable) during disruptions. PDBs do NOT protect against involuntary disruptions like hardware failures. For more details, see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
Q10
Manual reclamation policy of a PVC resource is known as:
A claimRef
B Delete
Retain
D Recycle
Correct Answer
Retain
Explanation
The 'Retain' reclaim policy is used for manual reclamation of a PersistentVolume. After the PVC is deleted, the PV still exists and holds the data; an administrator must manually reclaim (or delete) the volume. This policy is the safest for preserving important data. For more details, see https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
Q11
Which component of the Kubernetes architecture is responsible for integration with the CRI container runtime?
A kubeadm
kubelet
C kube-aplserver
D kubectl
Correct Answer
kubelet
Explanation
The kubelet is the component responsible for integrating with the CRI (Container Runtime Interface) to manage containers on a node. It receives PodSpecs from the API server and instructs the container runtime to start, stop, or monitor containers. The kubelet uses CRI gRPC calls to communicate with runtimes like containerd or CRI-O. For more details, see https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
Q12
Which of the following is a challenge derived from running cloud native applications?
A The operational costs of maintaining the data center of the company.
The cost optimization is complex to maintain across different public cloud environments.
C The lack of different container images available in public image repositories.
D The lack of services provided by the most common public clouds
Correct Answer
The cost optimization is complex to maintain across different public cloud environments.
Explanation
A major challenge of cloud native applications is managing the increased operational complexity that comes with distributed systems, including observability, service discovery, and failure handling. Breaking a monolith into many services introduces network latency, partial failures, and the need for distributed tracing. Operational overhead grows significantly with the number of services and clusters. For more details, see https://kubernetes.io/docs/concepts/overview/
Q13
Which statement about Secrets is correct?
A A Secret is part of a Pod specification.
B Secrets data is encrypted with the cluster private key by default.
Secrets data is base64 encoded and stored unencrypted by default
D A Secret can only be used for confidential data
Correct Answer
Secrets data is base64 encoded and stored unencrypted by default
Explanation
Secrets in Kubernetes can be mounted as files or exposed as environment variables in containers. They are base64-encoded by default, not encrypted, so enabling encryption at rest is strongly recommended. Secrets are namespaced resources and can be referenced by Pods within the same namespace only. For more details, see https://kubernetes.io/docs/concepts/configuration/secret/
Q14
What can be used to create a job that will run at specified times/dates or on a repeating schedule?
A Job
B CalenderJob
C BatchJob
CronJob
Correct Answer
CronJob
Explanation
A CronJob in Kubernetes creates Jobs on a repeating schedule defined by a standard cron expression. It is used for periodic and recurring tasks like backups, report generation, or cleanup operations. Each execution of a CronJob creates a new Job object, which in turn creates Pod(s) to run the task. For more details, see https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
Q15
If kubectl is failing to retrieve information from the cluster, where can you find pod logs to troubleshoot?
/var/log/pods/
B ~/.kube/config
C /var/log/k8s/
D /etc/kubernetes/
Correct Answer
/var/log/pods/
Explanation
When kubectl fails, you can access pod logs directly from the node using the container runtime CLI (e.g., 'crictl logs <container-id>') or by reading log files from /var/log/containers/ or /var/log/pods/ on the node. The kubelet also stores logs accessible via journalctl on systemd-based systems. This is essential for debugging clusters where the API server is unavailable. For more details, see https://kubernetes.io/docs/concepts/cluster-administration/logging/

KCNA Practice Set-02

15 questions
Q1
Which API object is the recommended way to run a scalable, stateless application on your cluster?
A ReplicaSet
Deployment
C DaemonSet
D Pod
Correct Answer
Deployment
Explanation
A Deployment is the recommended way to run scalable, stateless applications on Kubernetes. It manages ReplicaSets and provides declarative updates, rollback capabilities, and scaling. Unlike bare ReplicaSets, Deployments add version management and rolling update strategies. For more details, see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
Q2
Let's assume that an organization needs to process large amounts of data in bursts, on a cloud-based Kubernetes cluster. For instance: each Monday morning, they need to run a batch of 1000 compute jobs of 1 hour each, and these jobs must be completed by Monday night. What's going to be the most cost-effective method?
A Run a group of nodes with the exact required size to complete the batch on time, and use a combination of taints, tolerations, and nodeSelectors to reserve these nodes to the batch jobs.
Leverage the Kubernetes Cluster Autoscaler to automatically start and stop nodes as they're needed.
C Commit to a specific level of spending to get discounted prices (with e.g. “reserved instances” or similar mechanisms).
D Use PriorityСlasses so that the weekly batch job gets priority over other workloads running on the cluster, and can be completed on time.
Correct Answer
Leverage the Kubernetes Cluster Autoscaler to automatically start and stop nodes as they're needed.
Explanation
The Cluster Autoscaler is the most cost-effective solution for burst workloads because it automatically adds nodes when demand is high and removes them when idle, eliminating the cost of idle infrastructure. Pre-provisioned node pools waste money during off-peak hours, and PriorityClasses only affect scheduling, not infrastructure costs. For more details, see https://kubernetes.io/docs/concepts/cluster-administration/cluster-autoscaling/
Q3
What default level of protection is applied to the data in Secrets in the Kubernetes API?
A The values use AES Symmetric Encryption
B The values are stored in plain text
C The values are encoded with SHA256 hashes
The values are base64 encoded
Correct Answer
The values are base64 encoded
Explanation
By default, Kubernetes Secrets store data as base64-encoded strings, which is an encoding scheme, NOT encryption. This means the values can be trivially decoded and are essentially stored in plain text from a security perspective. Administrators should enable encryption at rest for Secrets to add real protection. For more details, see https://kubernetes.io/docs/concepts/configuration/secret/
Q4
What function does kube-proxy provide to a cluster?
A Implementing the Ingress resource type for application traffic.
Forwarding data to the correct endpoints for Services.
C Managing data egress from the cluster nodes to the network.
D Managing access to the Kubernetes API.
Correct Answer
Forwarding data to the correct endpoints for Services.
Explanation
kube-proxy runs on every node and maintains network rules that allow communication to Pods from inside or outside the cluster. It implements the Kubernetes Service concept by forwarding traffic to the correct Pods using iptables or IPVS rules. It is responsible for load balancing traffic across all healthy Pod endpoints for each Service. For more details, see https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
Q5
How long should a stable API element in Kubernetes be supported (at minimum) after deprecation?
A 9 months
B 24 months
12 months
D 6 months
Correct Answer
12 months
Explanation
Stable (GA) API elements in Kubernetes must be supported for a minimum of 12 months or 3 releases after deprecation, whichever is longer. This policy ensures users and operators have sufficient time to migrate workloads before APIs are removed. The deprecation policy is strictly enforced across alpha, beta, and stable lifecycle stages. For more details, see https://kubernetes.io/docs/reference/using-api/deprecation-policy/
Q6
Which is the correct kubectl command to display logs in real time?
A kubectl logs -p test-container-1
B kubectl logs -c test-container-1
C kubectl logs -l test-container-1
kubectl logs -f test-container-1
Correct Answer
kubectl logs -f test-container-1
Explanation
The correct kubectl command to stream logs in real time is 'kubectl logs -f <pod-name>', where the '-f' flag stands for 'follow'. This command continuously outputs new log lines as they are written, similar to 'tail -f' in Linux. Without the '-f' flag, kubectl only returns a snapshot of existing logs. For more details, see https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/
Q7
How to load and generate data required before the Pod startup?
Use an init container with shared file storage.
B Use a PVC volume.
C Use a sidecar container with shared volume.
D Use another pod with a PVC.
Correct Answer
Use an init container with shared file storage.
Explanation
Init Containers are the correct way to load and generate data required before a Pod's main containers start. They run sequentially to completion before any app container starts, and can share volumes with main containers to pass generated files or configuration. This pattern is ideal for tasks like database migrations, config file generation, or secret fetching. For more details, see https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Q8
What is the order of 4C’s in Cloud Native Security, starting with the layer that a user has the most control over?
A Cloud -> Container -> Cluster -> Code
B Container -> Cluster -> Code -> Cloud
C Cluster -> Container -> Code -> Cloud
Code -> Container -> Cluster -> Cloud
Correct Answer
Code -> Container -> Cluster -> Cloud
Explanation
The 4Cs of Cloud Native Security from outermost to innermost are: Cloud, Cluster, Container, Code. Starting from the layer users have the most control over (Code) outward, the order is Cloud → Cluster → Container → Code. Each layer builds upon the security of the outer layers, meaning vulnerabilities at the Cloud level can affect all inner layers. For more details, see https://kubernetes.io/docs/concepts/security/cloud-native-security/
Q9
What fields must exist in any Kubernetes object (e.g. YAML) file?
apiVersion, kind, metadata
B kind, namespace, data
C apiVersion, metadata, namespace
D kind, metadata, data
Correct Answer
apiVersion, kind, metadata
Explanation
Every Kubernetes object YAML file must contain: apiVersion, kind, metadata, and spec fields. The 'apiVersion' specifies the API group and version, 'kind' is the type of object, 'metadata' includes at least a name, and 'spec' defines the desired state. Missing any of these mandatory fields will cause the API server to reject the object. For more details, see https://kubernetes.io/docs/concepts/overview/working-with-objects/
Q10
Which Kubernetes feature would you use to guard against split brain scenarios with your distributed application?
A Replication controllers
B Consensus protocols
C Rolling updates
StatefulSet
Correct Answer
StatefulSet
Explanation
Pod Disruption Budgets (PDBs) protect against split-brain scenarios by ensuring a minimum number of replicas remain available during voluntary disruptions. For distributed applications like etcd or Zookeeper that require quorum, PDBs prevent too many pods from being evicted simultaneously. PDBs work alongside taints and affinities to maintain application availability guarantees. For more details, see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
Q11
What feature must a CNI support to control specific traffic flows for workloads running in Kubernetes?
A Border Gateway Protocol
B IP Address Management
C Pod Security Policy
Network Policies
Correct Answer
Network Policies
Explanation
Network Policies in Kubernetes require the CNI plugin to support them to control traffic flows between workloads. Without NetworkPolicy support in the CNI, all pod-to-pod traffic is allowed by default. Popular CNI plugins like Calico, Cilium, and Weave Net support NetworkPolicy, while basic plugins like Flannel do not enforce them. For more details, see https://kubernetes.io/docs/concepts/services-networking/network-policies/
Q12
Scenario: You have a Kubernetes cluster hosted in a public cloud provider. When trying to create a Service of type LoadBalancer, the external-ip is stuck in the "Pending" state. Which Kubernetes component is failing in this scenario?
Cloud Controller Manager
B Load Balancer Manager
C Cloud Architecture Manager
D Cloud Load Balancer Manager
Correct Answer
Cloud Controller Manager
Explanation
When a LoadBalancer Service is stuck in 'Pending' external IP state, the Cloud Controller Manager is failing. It is the component responsible for integrating Kubernetes with the cloud provider's load balancer APIs to provision actual external load balancers. Without a functioning cloud controller, Kubernetes cannot provision cloud-specific resources like external IPs. For more details, see https://kubernetes.io/docs/concepts/architecture/cloud-controller/
Q13
What are the characteristics for building every cloud-native application?
A Resiliency, Operability, Observability, Availability
B Resiliency, Containerd, Observability, Agility
C Kubernetes, Operability, Observability, Availability
Resiliency, Agility, Operability, Observability
Correct Answer
Resiliency, Agility, Operability, Observability
Explanation
Cloud-native applications are characterized by being loosely coupled, resilient, manageable, and observable. They embrace microservices architecture, are packaged as containers, run on dynamic infrastructure, and are managed by declarative APIs. These characteristics enable rapid, frequent changes with minimal toil. For more details, see https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/
Q14
What is a key feature of a container network?
A Proxying REST requests across a set of containers.
Allowing containers running on separate hosts to communicate.
C Allowing containers on the same host to communicate.
D Caching remote disk access.
Correct Answer
Allowing containers running on separate hosts to communicate.
Explanation
A key feature of container networking is that each container gets its own network namespace with its own IP address and port space. This means containers can bind to the same port without conflicts, and communicate with other containers via network interfaces. The container network model enables consistent networking regardless of the underlying host. For more details, see https://kubernetes.io/docs/concepts/cluster-administration/networking/
Q15
What is the primary mechanism to identify grouped objects in a Kubernetes cluster?
A Custom Resources
Labels
C Label Selector
D Pod
Correct Answer
Labels
Explanation
Labels are the primary mechanism to identify and group objects in a Kubernetes cluster. They are key-value pairs attached to objects like Pods, Services, and Deployments, and are used by selectors to group and target related objects. Unlike annotations, labels are intended for querying, filtering, and selecting objects. For more details, see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Want More Practice?

These are just the free questions. Unlock the full Kubernetes & Cloud Native Associate exam library with hundreds of additional questions, timed practice mode, and progress tracking.

Get Started Free View All Exams
← Back to Kubernetes & Cloud Native Associate Exams