Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

KCNA Kubernetes and Cloud Native Associate Questions and Answers

Questions 4

What is CRD?

Options:

A.

Custom Resource Definition

B.

Custom Restricted Definition

C.

Customized RUST Definition

D.

Custom RUST Definition

Buy Now
Questions 5

What component enables end users, different parts of the Kubernetes cluster, and external components to communicate with one another?

Options:

A.

kubectl

B.

AWS Management Console

C.

Kubernetes API

D.

Google Cloud SDK

Buy Now
Questions 6

Kubernetes ___ allows you to automatically manage the number of nodes in your cluster to meet demand.

Options:

A.

Node Autoscaler

B.

Cluster Autoscaler

C.

Horizontal Pod Autoscaler

D.

Vertical Pod Autoscaler

Buy Now
Questions 7

Which of the following is a primary use case of Istio in a Kubernetes cluster?

Options:

A.

To manage and control the versions of container runtimes used on nodes between services.

B.

To provide secure built-in database management features for application workloads.

C.

To provision and manage persistent storage volumes for stateful applications.

D.

To provide service mesh capabilities such as traffic management, observability, and security between services.

Buy Now
Questions 8

What are the 3 pillars of Observability?

Options:

A.

Metrics, Logs, and Traces

B.

Metrics, Logs, and Spans

C.

Metrics, Data, and Traces

D.

Resources, Logs, and Tracing

Buy Now
Questions 9

Which of the following is a valid PromQL query?

Options:

A.

SELECT * from http_requests_total WHERE job=apiserver

B.

http_requests_total WHERE (job="apiserver")

C.

SELECT * from http_requests_total

D.

http_requests_total(job="apiserver")

Buy Now
Questions 10

Which kubectl command is useful for collecting information about any type of resource that is active in a Kubernetes cluster?

Options:

A.

describe

B.

list

C.

expose

D.

explain

Buy Now
Questions 11

Which of the following is a correct definition of a Helm chart?

Options:

A.

A Helm chart is a collection of YAML files bundled in a tar.gz file and can be applied without decompressing it.

B.

A Helm chart is a collection of JSON files and contains all the resource definitions to run an application on Kubernetes.

C.

A Helm chart is a collection of YAML files that can be applied on Kubernetes by using the kubectl tool.

D.

A Helm chart is similar to a package and contains all the resource definitions to run an application on Kubernetes.

Buy Now
Questions 12

Which statement best describes the role of kubelet on a Kubernetes worker node?

Options:

A.

kubelet manages the container runtime and ensures that all Pods scheduled to the node are running as expected.

B.

kubelet configures networking rules on each node to handle traffic routing for Services in the cluster.

C.

kubelet monitors cluster-wide resource usage and assigns Pods to the most suitable nodes for execution.

D.

kubelet acts as the primary API component that stores and manages cluster state information.

Buy Now
Questions 13

How many hosts are required to set up a highly available Kubernetes cluster when using an external etcd topology?

Options:

A.

Four hosts. Two for control plane nodes and two for etcd nodes.

B.

Four hosts. One for a control plane node and three for etcd nodes.

C.

Three hosts. The control plane nodes and etcd nodes share the same host.

D.

Six hosts. Three for control plane nodes and three for etcd nodes.

Buy Now
Questions 14

What's the most adopted way of conflict resolution and decision-making for the open-source projects under the CNCF umbrella?

Options:

A.

Financial Analysis

B.

Discussion and Voting

C.

Flipism Technique

D.

Project Founder Say

Buy Now
Questions 15

What is a sidecar container?

Options:

A.

A Pod that runs next to another container within the same Pod.

B.

A container that runs next to another Pod within the same namespace.

C.

A container that runs next to another container within the same Pod.

D.

A Pod that runs next to another Pod within the same namespace.

Buy Now
Questions 16

What is the Kubernetes object used for running a recurring workload?

Options:

A.

Job

B.

Batch

C.

DaemonSet

D.

CronJob

Buy Now
Questions 17

In Kubernetes, what is the primary responsibility of the kubelet running on each worker node?

Options:

A.

To allocate persistent storage volumes and manage distributed data replication for Pods.

B.

To manage cluster state information and handle all scheduling decisions for workloads.

C.

To ensure that containers defined in Pod specifications are running and remain healthy on the node.

D.

To provide internal DNS resolution and route service traffic between Pods and nodes.

Buy Now
Questions 18

Which statement about Ingress is correct?

Options:

A.

Ingress provides a simple way to track network endpoints within a cluster.

B.

Ingress is a Service type like NodePort and ClusterIP.

C.

Ingress is a construct that allows you to specify how a Pod is allowed to communicate.

D.

Ingress exposes routes from outside the cluster to Services in the cluster.

Buy Now
Questions 19

A Kubernetes _____ is an abstraction that defines a logical set of Pods and a policy by which to access them.

Options:

A.

Selector

B.

Controller

C.

Service

D.

Job

Buy Now
Questions 20

Which of the following options includes valid API versions?

Options:

A.

alpha1v1, beta3v3, v2

B.

alpha1, beta3, v2

C.

v1alpha1, v2beta3, v2

D.

v1alpha1, v2beta3, 2.0

Buy Now
Questions 21

In Kubernetes, what is the primary responsibility of the kubelet running on each worker node?

Options:

A.

To allocate persistent storage volumes and manage distributed data replication for Pods.

B.

To manage cluster state information and handle all scheduling decisions for workloads.

C.

To ensure that containers defined in Pod specifications are running and remain healthy on the node.

D.

To provide internal DNS resolution and route service traffic between Pods and nodes.

Buy Now
Questions 22

Which statement about Secrets is correct?

Options:

A.

A Secret is part of a Pod specification.

B.

Secret data is encrypted with the cluster private key by default.

C.

Secret data is base64 encoded and stored unencrypted by default.

D.

A Secret can only be used for confidential data.

Buy Now
Questions 23

What is the purpose of the CRI?

Options:

A.

To provide runtime integration control when multiple runtimes are used.

B.

Support container replication and scaling on nodes.

C.

Provide an interface allowing Kubernetes to support pluggable container runtimes.

D.

Allow the definition of dynamic resource criteria across containers.

Buy Now
Questions 24

Which cloud native tool keeps Kubernetes clusters in sync with sources of configuration (like Git repositories), and automates updates to configuration when there is new code to deploy?

Options:

A.

Flux and ArgoCD

B.

GitOps Toolkit

C.

Linkerd and Istio

D.

Helm and Kustomize

Buy Now
Questions 25

What methods can you use to scale a Deployment?

Options:

A.

With kubectl edit deployment exclusively.

B.

With kubectl scale-up deployment exclusively.

C.

With kubectl scale deployment and kubectl edit deployment.

D.

With kubectl scale deployment exclusively.

Buy Now
Questions 26

In a cloud native environment, who is usually responsible for maintaining the workloads running across the different platforms?

Options:

A.

The cloud provider.

B.

The Site Reliability Engineering (SRE) team.

C.

The team of developers.

D.

The Support Engineering team (SE).

Buy Now
Questions 27

What service account does a Pod use in a given namespace when the service account is not specified?

Options:

A.

admin

B.

sysadmin

C.

root

D.

default

Buy Now
Questions 28

Which one of the following is an open source runtime security tool?

Options:

A.

lxd

B.

containerd

C.

falco

D.

gVisor

Buy Now
Questions 29

Which API object is the recommended way to run a scalable, stateless application on your cluster?

Options:

A.

ReplicaSet

B.

Deployment

C.

DaemonSet

D.

Pod

Buy Now
Questions 30

What are the most important resources to guarantee the performance of an etcd cluster?

Options:

A.

CPU and disk capacity.

B.

Network throughput and disk I/O.

C.

CPU and RAM memory.

D.

Network throughput and CPU.

Buy Now
Questions 31

Which of the following best describes horizontally scaling an application deployment?

Options:

A.

The act of adding/removing node instances to the cluster to meet demand.

B.

The act of adding/removing applications to meet demand.

C.

The act of adding/removing application instances of the same application to meet demand.

D.

The act of adding/removing resources to application instances to meet demand.

Buy Now
Questions 32

What feature must a CNI support to control specific traffic flows for workloads running in Kubernetes?

Options:

A.

Border Gateway Protocol

B.

IP Address Management

C.

Pod Security Policy

D.

Network Policies

Buy Now
Questions 33

What is the difference between a Deployment and a ReplicaSet?

Options:

A.

With a Deployment, you can’t control the number of pod replicas.

B.

A ReplicaSet does not guarantee a stable set of replica pods running.

C.

A Deployment is basically the same as a ReplicaSet with annotations.

D.

A Deployment is a higher-level concept that manages ReplicaSets.

Buy Now
Questions 34

What are the characteristics for building every cloud-native application?

Options:

A.

Resiliency, Operability, Observability, Availability

B.

Resiliency, Containerd, Observability, Agility

C.

Kubernetes, Operability, Observability, Availability

D.

Resiliency, Agility, Operability, Observability

Buy Now
Questions 35

What framework does Kubernetes use to authenticate users with JSON Web Tokens?

Options:

A.

OpenID Connect

B.

OpenID Container

C.

OpenID Cluster

D.

OpenID CNCF

Buy Now
Questions 36

How is application data maintained in containers?

Options:

A.

Store data into data folders.

B.

Store data in separate folders.

C.

Store data into sidecar containers.

D.

Store data into volumes.

Buy Now
Questions 37

What is the API that exposes resource metrics from the metrics-server?

Options:

A.

custom.k8s.io

B.

resources.k8s.io

C.

metrics.k8s.io

D.

cadvisor.k8s.io

Buy Now
Questions 38

What is Flux constructed with?

Options:

A.

GitLab Environment Toolkit

B.

GitOps Toolkit

C.

Helm Toolkit

D.

GitHub Actions Toolkit

Buy Now
Questions 39

What best describes cloud native service discovery?

Options:

A.

It's a mechanism for applications and microservices to locate each other on a network.

B.

It's a procedure for discovering a MAC address, associated with a given IP address.

C.

It's used for automatically assigning IP addresses to devices connected to the network.

D.

It's a protocol that turns human-readable domain names into IP addresses on the Internet.

Buy Now
Questions 40

What are the two essential operations that the kube-scheduler normally performs?

Options:

A.

Pod eviction or starting

B.

Resource monitoring and reporting

C.

Filtering and scoring nodes

D.

Starting and terminating containers

Buy Now
Questions 41

Services and Pods in Kubernetes are ______ objects.

Options:

A.

JSON

B.

YAML

C.

Java

D.

REST

Buy Now
Questions 42

When modifying an existing Helm release to apply new configuration values, which approach is the best practice?

Options:

A.

Use helm upgrade with the --set flag to apply new values while preserving the release history.

B.

Use kubectl edit to modify the live release configuration and apply the updated resource values.

C.

Delete the release and reinstall it with the desired configuration to force an updated deployment.

D.

Edit the Helm chart source files directly and reapply them to push the updated configuration values.

Buy Now
Questions 43

What is the primary mechanism to identify grouped objects in a Kubernetes cluster?

Options:

A.

Custom Resources

B.

Labels

C.

Label Selector

D.

Pod

Buy Now
Questions 44

What is the goal of load balancing?

Options:

A.

Automatically measure request performance across instances of an application.

B.

Automatically distribute requests across different versions of an application.

C.

Automatically distribute instances of an application across the cluster.

D.

Automatically distribute requests across instances of an application.

Buy Now
Questions 45

What is the default eviction timeout when the Ready condition of a node is Unknown or False?

Options:

A.

Thirty seconds.

B.

Thirty minutes.

C.

One minute.

D.

Five minutes.

Buy Now
Questions 46

Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called:

Options:

A.

Namespaces

B.

Containers

C.

Hypervisors

D.

cgroups

Buy Now
Questions 47

Which Kubernetes resource workload ensures that all (or some) nodes run a copy of a Pod?

Options:

A.

DaemonSet

B.

StatefulSet

C.

kubectl

D.

Deployment

Buy Now
Questions 48

A Kubernetes Pod is returning a CrashLoopBackOff status. What is the most likely reason for this behavior?

Options:

A.

There are insufficient resources allocated for the Pod.

B.

The application inside the container crashed after starting.

C.

The container’s image is missing or cannot be pulled.

D.

The Pod is unable to communicate with the Kubernetes API server.

Buy Now
Questions 49

Which component of the Kubernetes architecture is responsible for integration with the CRI container runtime?

Options:

A.

kubeadm

B.

kubelet

C.

kube-apiserver

D.

kubectl

Buy Now
Questions 50

What is Serverless computing?

Options:

A.

A computing method of providing backend services on an as-used basis.

B.

A computing method of providing services for AI and ML operating systems.

C.

A computing method of providing services for quantum computing operating systems.

D.

A computing method of providing services for cloud computing operating systems.

Buy Now
Questions 51

When a Kubernetes Secret is created, how is the data stored by default in etcd?

Options:

A.

As Base64-encoded strings that provide simple encoding but no actual encryption.

B.

As plain text values that are directly stored without any obfuscation or additional encoding.

C.

As compressed binary objects that are optimized for space but not secured against access.

D.

As encrypted records automatically protected using the Kubernetes control plane master key.

Buy Now
Questions 52

How many different Kubernetes service types can you define?

Options:

A.

2

B.

3

C.

4

D.

5

Buy Now
Questions 53

Which of these is a valid container restart policy?

Options:

A.

On login

B.

On update

C.

On start

D.

On failure

Buy Now
Questions 54

Which of the following options include resources cleaned by the Kubernetes garbage collection mechanism?

Options:

A.

Stale or expired CertificateSigningRequests (CSRs) and old deployments.

B.

Nodes deleted by a cloud controller manager and obsolete logs from the kubelet.

C.

Unused container and container images, and obsolete logs from the kubelet.

D.

Terminated pods, completed jobs, and objects without owner references.

Buy Now
Questions 55

In a Kubernetes cluster, what is the primary role of the Kubernetes scheduler?

Options:

A.

To manage the lifecycle of the Pods by restarting them when they fail.

B.

To monitor the health of the nodes and Pods in the cluster.

C.

To handle network traffic between services within the cluster.

D.

To distribute Pods across nodes based on resource availability and constraints.

Buy Now
Questions 56

What helps an organization to deliver software more securely at a higher velocity?

Options:

A.

Kubernetes

B.

apt-get

C.

Docker Images

D.

CI/CD Pipeline

Buy Now
Questions 57

The Container Runtime Interface (CRI) defines the protocol for the communication between:

Options:

A.

The kubelet and the container runtime.

B.

The container runtime and etcd.

C.

The kube-apiserver and the kubelet.

D.

The container runtime and the image registry.

Buy Now
Questions 58

Manual reclamation policy of a PV resource is known as:

Options:

A.

claimRef

B.

Delete

C.

Retain

D.

Recycle

Buy Now
Questions 59

How do you deploy a workload to Kubernetes without additional tools?

Options:

A.

Create a Bash script and run it on a worker node.

B.

Create a Helm Chart and install it with helm.

C.

Create a manifest and apply it with kubectl.

D.

Create a Python script and run it with kubectl.

Buy Now
Questions 60

Which authorization-mode allows granular control over the operations that different entities can perform on different objects in a Kubernetes cluster?

Options:

A.

Webhook Mode Authorization Control

B.

Role Based Access Control

C.

Node Authorization Access Control

D.

Attribute Based Access Control

Buy Now
Questions 61

What edge and service proxy tool is designed to be integrated with cloud native applications?

Options:

A.

CoreDNS

B.

CNI

C.

gRPC

D.

Envoy

Buy Now
Questions 62

A platform engineer wants to ensure that a new microservice is automatically deployed to every cluster registered in Argo CD. Which configuration best achieves this goal?

Options:

A.

Set up a Kubernetes CronJob that redeploys the microservice to all registered clusters on a schedule.

B.

Manually configure every registered cluster with the deployment YAML for installing the microservice.

C.

Create an Argo CD ApplicationSet that uses a Git repository containing the microservice manifests.

D.

Use a Helm chart to package the microservice and manage it with a single Application defined in Argo CD.

Buy Now
Questions 63

Which of the following actions is supported when working with Pods in Kubernetes?

Options:

A.

Managing static Pods directly through the API server.

B.

Guaranteeing Pods always stay on the same node once scheduled.

C.

Renaming containers in a Pod using kubectl patch.

D.

Creating Pods through workload resources like Deployments.

Buy Now
Questions 64

What is the minimum number of etcd members that are required for a highly available Kubernetes cluster?

Options:

A.

Two etcd members.

B.

Five etcd members.

C.

Six etcd members.

D.

Three etcd members.

Buy Now
Questions 65

Kubernetes ___ protect you against voluntary interruptions (such as deleting Pods, draining nodes) to run applications in a highly available manner.

Options:

A.

Pod Topology Spread Constraints

B.

Pod Disruption Budgets

C.

Taints and Tolerations

D.

Resource Limits and Requests

Buy Now
Questions 66

What does CNCF stand for?

Options:

A.

Cloud Native Community Foundation

B.

Cloud Native Computing Foundation

C.

Cloud Neutral Computing Foundation

D.

Cloud Neutral Community Foundation

Buy Now
Questions 67

Which of the following is a good habit for cloud native cost efficiency?

Options:

A.

Follow an automated approach to cost optimization, including visibility and forecasting.

B.

Follow manual processes for cost analysis, including visibility and forecasting.

C.

Use only one cloud provider to simplify the cost analysis.

D.

Keep your legacy workloads unchanged, to avoid cloud costs.

Buy Now
Questions 68

Imagine you're releasing open-source software for the first time. Which of the following is a valid semantic version?

Options:

A.

1.0

B.

2021-10-11

C.

0.1.0-rc

D.

v1beta1

Buy Now
Questions 69

What are the advantages of adopting a GitOps approach for your deployments?

Options:

A.

Reduce failed deployments, operational costs, and fragile release processes.

B.

Reduce failed deployments, configuration drift, and fragile release processes.

C.

Reduce failed deployments, operational costs, and learn git.

D.

Reduce failed deployments, configuration drift and improve your reputation.

Buy Now
Questions 70

What function does kube-proxy provide to a cluster?

Options:

A.

Implementing the Ingress resource type for application traffic.

B.

Forwarding data to the correct endpoints for Services.

C.

Managing data egress from the cluster nodes to the network.

D.

Managing access to the Kubernetes API.

Buy Now
Questions 71

Which option represents best practices when building container images?

Options:

A.

Use multi-stage builds, use the latest tag for image version, and only install necessary packages.

B.

Use multi-stage builds, pin the base image version to a specific digest, and install extra packages just in case.

C.

Use multi-stage builds, pin the base image version to a specific digest, and only install necessary packages.

D.

Avoid multi-stage builds, use the latest tag for image version, and install extra packages just in case.

Buy Now
Exam Code: KCNA
Exam Name: Kubernetes and Cloud Native Associate
Last Update: Feb 21, 2026
Questions: 239
KCNA pdf

KCNA PDF

$25.5  $84.99
KCNA Engine

KCNA Testing Engine

$30  $99.99
KCNA PDF + Engine

KCNA PDF + Testing Engine

$40.5  $134.99