Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCKADomainsServices and Networking
CKAFree — No Signup

Services and Networking

Practice CKA Services and Networking questions with full explanations on every answer.

169questions

Start practicing

Services and Networking — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CKA Domains

Cluster Architecture, Installation and ConfigurationServices and NetworkingWorkloads and SchedulingStorageTroubleshootingCluster Architecture, Installation & ConfigurationWorkloads & SchedulingServices & Networking

Practice Services and Networking questions

10Q20Q30Q50Q

All CKA Services and Networking questions (169)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which of the following service types exposes a service on a static port on each node's IP address?

2

You run 'kubectl get svc my-service -o yaml' and see 'type: ClusterIP'. The service has no endpoints. What is the most likely cause?

3

An administrator runs 'kubectl run nginx --image=nginx --port=80' and then 'kubectl expose pod nginx --port=80 --type=NodePort'. Later, they run 'kubectl get svc nginx' and see that the NodePort is set to 0. What is the most likely reason?

4

You have a Service named 'my-service' in namespace 'ns1'. Another pod in namespace 'ns2' needs to resolve 'my-service' using DNS. What FQDN should the pod use?

5

An Ingress resource is created with the following spec: spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 The backend service 'api-service' is in the same namespace as the Ingress. What must be true for the Ingress to route traffic to the service?

6

A cluster has a NetworkPolicy that denies all ingress traffic by default. An administrator wants to allow TCP traffic on port 8080 from pods with label 'app: web' in the same namespace. Which NetworkPolicy egress rule is needed?

7

What is the default DNS name for a service named 'my-svc' in namespace 'default'?

8

A developer runs 'kubectl port-forward service/my-service 8080:80'. What does this command do?

9

A pod cannot resolve a service DNS name. The cluster uses CoreDNS. Which of the following is the most likely cause if the pod's /etc/resolv.conf contains 'nameserver 10.96.0.10' and the CoreDNS pod is running?

10

Which of the following commands can be used to check the endpoints of a service named 'my-service'?

11

What is the default kube-proxy mode in Kubernetes v1.29?

12

You have a headless service named 'my-headless' with clusterIP: None. A pod in the same namespace queries the DNS name 'my-headless'. What will the DNS response contain?

13

Which TWO of the following are valid ways to expose a Deployment named 'web' as a service?

14

Which THREE of the following are requirements for an Ingress resource to work?

15

Which TWO of the following statements about NetworkPolicy are true?

16

Which kubectl command creates a service of type NodePort that exposes a deployment named 'web' on port 80?

17

A developer runs 'kubectl run nginx --image=nginx --expose --port=80'. What Kubernetes resources are created?

18

You have a NetworkPolicy that selects pods with label 'role: db' in the 'default' namespace. The policy has no ingress rules defined. What is the effect on traffic to the selected pods?

19

An ingress resource is defined with the following snippet: ```yaml spec: tls: - hosts: - app.example.com secretName: app-tls rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: app-service port: number: 80 ``` The secret 'app-tls' exists and contains a valid certificate. However, accessing https://app.example.com returns a certificate warning in the browser. What is the most likely cause?

20

Which of the following is a valid ClusterIP service definition that exposes port 80 and targets container port 8080?

21

A pod 'my-pod' in the 'default' namespace cannot resolve the service 'db-service' in the 'production' namespace. Which DNS name should be used to reach the service from 'my-pod'?

22

You apply the following NetworkPolicy: ```yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress - Egress ``` What is the result?

23

Which kube-proxy mode uses IP Virtual Server (IPVS) for load balancing and supports more algorithms than the default mode?

24

You need to temporarily access a pod's HTTP endpoint on port 8080 from your local machine on port 8080. Which kubectl command should you use?

25

An Ingress resource uses 'networking.k8s.io/v1' API. Which field specifies the hostname and path rules for routing traffic?

26

You have three pods selected by a service. One pod is in 'CrashLoopBackOff' state. How does the service's endpoints behave?

27

Which annotation is commonly used with the ExternalDNS project to manage DNS records for a Kubernetes service?

28

Which TWO statements about Headless services are correct? (Select TWO)

29

Which THREE components are part of the Gateway API resource model? (Select THREE)

30

Which TWO network plugins (CNI) are commonly used in Kubernetes clusters? (Select TWO)

31

Which of the following Service types exposes a Service on a static port on each node's IP address?

32

You want to debug a Service that is not reachable. Which kubectl command can you use to forward a local port to a pod in the Service?

33

A NetworkPolicy named 'deny-all' has only a podSelector matching all pods and no rules. What is the effect?

34

You create a Deployment with 3 replicas and a ClusterIP Service. You notice that some pods are not receiving traffic. What is the most likely cause?

35

You want to expose an application running in the cluster on a public IP address. Which Service type should you use?

36

You run `kubectl get endpoints my-service` and see no endpoints listed. The Service's selector matches labels on pods that are running. What is the most likely cause?

37

You have an Ingress resource with the following spec: spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 A client sends a request to http://example.com/api/v1/users. Which path is matched?

38

You want to configure NetworkPolicy to allow ingress traffic only from pods with label 'role: frontend' in the same namespace. Which podSelector should be in the ingress rule?

39

What is the default DNS name for a Service named 'my-svc' in namespace 'my-ns'?

40

You update a NetworkPolicy to add an egress rule. After applying, pods affected by the policy can no longer reach external IPs. What is the most likely reason?

41

A developer asks you to create a Service that resolves to an external database at 'db.example.com'. Which Service type should you use?

42

You have a Service with endpoints for pods in different zones. You want kube-proxy to use a mode that provides better performance for large clusters and supports scheduling algorithms like least-connection. Which mode should you use?

43

Which TWO of the following are valid ways to expose a Service externally? (Select TWO.)

44

Which THREE of the following are true about NetworkPolicy? (Select THREE.)

45

Which TWO of the following are components of the Ingress API? (Select TWO.)

46

Which of the following Service types exposes a Service on a static port on each node's IP?

47

A developer runs `kubectl run nginx --image=nginx --port=80` and then `kubectl expose pod nginx --port=80 --target-port=80 --type=NodePort`. What is the name of the created Service?

48

A NetworkPolicy named 'deny-all' is created with an empty podSelector and no rules. What does this policy accomplish?

49

Which of the following is the default DNS name for a Service named 'my-svc' in namespace 'my-ns'?

50

What is the purpose of a headless Service (clusterIP: None)?

51

An administrator runs `kubectl port-forward service/my-svc 8080:80`. What does this command do?

52

Which of the following CNI plugins typically uses BGP to distribute routing information across nodes?

53

What is the default kube-proxy mode in modern Kubernetes clusters?

54

Which resource type is used to configure HTTP/HTTPS routing to Services?

55

A pod cannot resolve a Service name 'my-svc' in the same namespace. The DNS pod is running. What is a likely cause?

56

Which of the following is true about IngressClass resources?

57

A NetworkPolicy allows ingress from pods with label 'role: frontend'. Which field is used to select those pods?

58

Which two statements are true about EndpointSlices? (Choose two.)

59

Which three components are part of the Gateway API? (Choose three.)

60

Which two of the following are valid service discovery methods in Kubernetes? (Choose two.)

61

Which of the following Service types does NOT assign a ClusterIP to the Service?

62

You run `kubectl expose deployment web --port=80 --target-port=8080 --type=NodePort` and the Service is created. What is the effect of this command?

63

A NetworkPolicy named 'deny-all' is applied to a namespace with podSelector: {}. The policy has no ingress rules. What is the effect?

64

What is the DNS name for a Service named 'api' in the 'default' namespace?

65

You want to temporarily access a pod's HTTP endpoint on port 8080 from your local machine on port 9090. Which command should you use?

66

Which Ingress resource field is used to specify the hostname for which traffic should be routed?

67

You have a kube-proxy running in ipvs mode. Which of the following is true about IPVS?

68

You deploy a pod named 'app' that listens on port 3000. You create a Service named 'app-svc' with selector 'app: app'. From another pod in the same namespace, which command will successfully reach the service?

69

Which DNS record type does Kubernetes use to resolve a Service's ClusterIP?

70

After creating a NetworkPolicy that selects pods with label 'role: db' and allows ingress on TCP port 3306 from pods with label 'role: api', you notice that pods with label 'role: db' are still reachable on port 3306 from pods without 'role: api' label. What is the most likely cause?

71

You are designing an Ingress to expose multiple services on the same hostname based on path. Which Ingress specification is valid?

72

Which component is responsible for implementing the NetworkPolicy rules?

73

Which TWO of the following are valid ways to expose a Service externally in a Kubernetes cluster running on-premises (no cloud provider)?

74

Which THREE of the following statements about Kubernetes DNS are correct?

75

Which TWO of the following are valid IngressClass annotations or fields?

76

You create a ClusterIP service named 'my-svc' in the 'default' namespace. A pod in the same namespace tries to reach the service using the DNS name 'my-svc'. Which fully qualified domain name (FQDN) should the pod use to resolve the service?

77

Which kubectl command will expose a deployment named 'web-app' as a NodePort service on port 80?

78

A developer runs 'kubectl port-forward service/my-svc 8080:80' and reports that connections to localhost:8080 fail. The service is a ClusterIP service that selects pods with label 'app: my-app'. What is the most likely cause?

79

Which NetworkPolicy rule will allow ingress traffic from pods with label 'role: frontend' in the same namespace?

80

You have a service 'my-svc' of type ClusterIP with no selector defined. You manually create an Endpoints object with the same name. Which statement is true?

81

Which of the following is a correct Ingress resource snippet that routes traffic to service 'web-svc' on port 80 for the host 'example.com'?

82

You apply the following NetworkPolicy to namespace 'ns1': apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-ingress spec: podSelector: {} policyTypes: - Ingress ingress: [] What effect does this policy have?

83

A pod is unable to resolve DNS names of services in other namespaces. Which DNS configuration is most likely missing?

84

Which kube-proxy mode uses iptables rules to handle service traffic?

85

You need to expose a service named 'my-svc' on a static port 30080 on every node. Which service type should you use?

86

You have a Deployment with 3 replicas. You create a headless service (clusterIP: None) with a label selector. Which of the following is true about DNS resolution for this service?

87

Which of the following is a valid CNI plugin for Kubernetes networking?

88

Which two of the following are valid methods for service discovery in Kubernetes?

89

Which three of the following are true about IngressClass?

90

Which two of the following are correct statements about EndpointSlices?

91

Which Kubernetes Service type exposes the Service on a static port on each Node's IP address, allowing external access without a LoadBalancer?

92

An administrator creates a Service of type ClusterIP named 'my-svc' in the namespace 'default'. A pod in the same namespace tries to resolve the hostname 'my-svc' but fails. The pod's resolv.conf shows 'search default.svc.cluster.local svc.cluster.local cluster.local'. What is the most likely cause?

93

A cluster administrator applies the following NetworkPolicy. What is the effect on pods matching the podSelector?

94

Which command forwards local port 8080 to port 80 of a pod named 'web-pod'?

95

A cluster has kube-proxy running in ipvs mode. An administrator creates a Service of type ClusterIP. Which of the following is true about how traffic is forwarded to the pods?

96

An Ingress resource is defined with the following spec snippet. What is the minimal requirement for this Ingress to work correctly?

97

Which kubectl command correctly retrieves the list of EndpointSlices for a Service named 'my-svc' in the 'default' namespace?

98

Which DNS record does CoreDNS create for a headless Service named 'headless-svc' in the namespace 'default'?

99

A NetworkPolicy allows ingress traffic from pods with label 'app: frontend' in any namespace. Which selector is used?

100

An administrator wants to expose an application running in a pod on port 3000 using a Service of type LoadBalancer. Which command creates the Service?

101

Which of the following is a valid use case for a Headless Service?

102

A pod is unable to communicate with a Service in the same namespace. The administrator checks kube-proxy logs and finds no errors. Which command would help diagnose whether the iptables rules for the Service are correctly programmed?

103

Which TWO statements are true about Ingress in Kubernetes?

104

Which THREE components are required for a pod to resolve a Service DNS name?

105

Which TWO of the following are valid ways to isolate a set of pods from all ingress traffic except from monitoring pods?

106

Which Service type exposes a Service externally via a cloud provider's load balancer?

107

An admin runs `kubectl run nginx --image=nginx --restart=Never` and then runs `kubectl expose pod nginx --port=80 --target-port=80`. Another pod in the same namespace tries to curl http://nginx:80 but gets connection refused. What is the most likely cause?

108

Which annotation is commonly used with ExternalDNS to specify the DNS hostname for a Service?

109

A NetworkPolicy with podSelector: {} and policyTypes: [Ingress] is applied to a namespace. What is the effect on pods in that namespace?

110

Which kube-proxy mode supports connection-based load balancing using Linux IPVS?

111

You create a Service with clusterIP: None. What is this called and what is its purpose?

112

An Ingress resource defines a TLS section with hosts: ["example.com"] and secretName: tls-secret. What must be true for TLS to work correctly?

113

What is the default DNS name for a Service named 'my-service' in namespace 'my-ns'?

114

A cluster uses Flannel as the CNI plugin. Which of the following best describes Flannel's networking model?

115

You run `kubectl port-forward service/my-svc 8080:80`. What does this command do?

116

You want to allow ingress traffic from pods with label 'app: frontend' in namespace 'web' to pods with label 'app: backend' in namespace 'api'. Which NetworkPolicy matches this requirement?

117

Which of the following is a core component of the Gateway API?

118

Which two of the following are valid methods for exposing a Service externally in Kubernetes? (Select TWO.)

119

Which three of the following are features of EndpointSlices compared to Endpoints? (Select THREE.)

120

Which two of the following are valid Ingress path types in networking.k8s.io/v1? (Select TWO.)

121

You create a Service of type LoadBalancer in a Kubernetes cluster that does not have an external load balancer provider (e.g., bare-metal). What will be the state of the EXTERNAL-IP field when you run 'kubectl get svc'?

122

Which command creates a temporary pod and forwards port 8080 from your local machine to port 80 of an existing pod named 'web-pod'?

123

You have a NetworkPolicy that selects pods with label 'app: db'. The policy has an ingress rule allowing traffic from pods with label 'app: frontend'. A pod with label 'app: frontend' is in a different namespace. No namespaceSelector is specified in the ingress rule. Will traffic from that pod be allowed?

124

You run 'kubectl run nginx --image=nginx --expose --port=80'. What resources are created?

125

Which Service type exposes a Service on each Node's IP at a static port in the range 30000-32767?

126

In a Kubernetes cluster using CoreDNS, what is the DNS name for a Service named 'api' in namespace 'backend'?

127

You have an Ingress resource with a TLS section specifying a secret named 'tls-secret'. The certificate in 'tls-secret' is expired. What happens when a client connects via HTTPS to the Ingress host?

128

Which kube-proxy mode uses iptables rules to handle service traffic and is the default in many distributions?

129

What is the purpose of a Headless Service (clusterIP: None)?

130

A NetworkPolicy named 'default-deny-ingress' is applied to all pods in a namespace. The policy has no rules. An administrator then creates a new NetworkPolicy that allows ingress traffic to pods with label 'app: web' from any source using a podSelector with '{}'. Will traffic be allowed to pods labeled 'app: web'?

131

You want to expose a Deployment named 'web' on port 80 internally within the cluster. Which command creates a ClusterIP Service?

132

Which resource is used to configure TLS termination and path-based routing for HTTP(S) traffic into a cluster?

133

Which TWO statements about EndpointSlices are true? (Choose 2)

134

Which THREE are correct ways to configure a default deny all ingress traffic NetworkPolicy? (Choose 3)

135

Which TWO commands can be used to test DNS resolution for a Service named 'my-svc' in namespace 'default' from within a temporary pod? (Choose 2)

136

You need to create a Service that exposes port 80 on each node's IP at a static port (30080). Which Service type should you use?

137

A developer reports that a pod can resolve 'my-service.my-namespace.svc.cluster.local' but not 'my-service'. Both the pod and the Service are in the same namespace. What is the most likely cause?

138

You run: kubectl expose deployment web --port=80 --target-port=8080 --type=LoadBalancer --name=web-svc. What is the effect of this command?

139

You are implementing NetworkPolicies. You have a namespace 'db' with a pod running PostgreSQL. You want to allow only pods with label 'role: frontend' in namespace 'app' to connect to PostgreSQL on TCP port 5432. What is the correct Ingress rule?

140

You need to expose multiple HTTP services on a single IP address with path-based routing. Which resource should you use?

141

Which of the following is the default DNS name for a Service named 'api' in namespace 'production'?

142

You create a Deployment with replicas=3 and a Service of type ClusterIP. You notice that traffic to the Service is not evenly distributed. What is the most likely cause?

143

You want to forward local port 8080 to port 80 of a pod named 'nginx-pod'. Which command should you use?

144

You have a NetworkPolicy that denies all ingress traffic by default, and you want to allow traffic only from pods with label 'app: monitoring' in the same namespace. What should the policy spec look like?

145

Which of the following is NOT a valid Service type in Kubernetes?

146

You need to expose a Service externally using an Ingress. The Ingress controller requires a specific IngressClass. How do you specify the IngressClass in the Ingress resource?

147

You have a Service 'my-svc' with ClusterIP None (headless). You create a StatefulSet with 3 replicas and a headless Service. How do you reach individual pods?

148

Which TWO of the following are valid CNI plugins used in Kubernetes? (Select 2)

149

Which THREE of the following are true about NetworkPolicy in Kubernetes? (Select 3)

150

Which TWO of the following are valid modes for kube-proxy? (Select 2)

151

You need to expose a Deployment named 'web' on port 80 inside the cluster. Which kubectl command creates a ClusterIP service?

152

A ClusterIP service named 'svc' in namespace 'default' is not reachable from a pod in the same namespace. The service selector matches the pod's labels. Which command should you run first to verify the endpoint list?

153

You apply the following NetworkPolicy: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress What effect does this policy have?

154

You have an Ingress resource with TLS configured. You verify that the TLS secret exists in the same namespace. However, accessing the service via HTTPS returns a certificate error. What is the most likely cause?

155

Which Service type is used to expose a service externally with a cloud provider's load balancer?

156

A pod in namespace 'ns1' cannot resolve the DNS name 'svc.ns2.svc.cluster.local'. What is the most likely cause?

157

You have a NodePort service. Which kube-proxy mode allows for better performance and more sophisticated load balancing algorithms like 'least connection'?

158

Which TWO statements about Ingress in Kubernetes are correct?

159

Which TWO statements about Headless Services are correct?

160

Which TWO statements about NetworkPolicy are correct?

161

Which THREE of the following are valid methods for service discovery in Kubernetes?

162

Which THREE components are part of the Gateway API?

163

Which TWO statements about EndpointSlices are correct?

164

Which THREE of the following are CNI plugins?

165

Which TWO of the following are valid kube-proxy modes?

166

A Kubernetes cluster has a Service of type ClusterIP named 'my-svc' in the 'default' namespace. You deploy a pod and want it to resolve the service's cluster IP using DNS. What FQDN should the pod use?

167

An administrator creates a NetworkPolicy in namespace 'app' with the following YAML. Which statement is true about the policy? apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress

168

You are troubleshooting a Service connectivity issue. A pod in namespace 'frontend' cannot reach a Service in namespace 'backend' by its DNS name. CoreDNS is running. Which statements are true? (Select TWO.)

169

Which of the following can be used to expose a set of pods externally to the internet in a Kubernetes cluster? (Select THREE.)

Practice all 169 Services and Networking questions

Other CKA exam domains

Cluster Architecture, Installation and ConfigurationWorkloads and SchedulingStorageTroubleshootingCluster Architecture, Installation & ConfigurationWorkloads & SchedulingServices & Networking

Frequently asked questions

What does the Services and Networking domain cover on the CKA exam?

The Services and Networking domain covers the key concepts tested in this area of the CKA exam blueprint published by CNCF. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CKA domains — no account required.

How many Services and Networking questions are in the CKA question bank?

The Courseiva CKA question bank contains 169 questions in the Services and Networking domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Services and Networking for CKA?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Services and Networking questions for CKA?

Yes — the session launcher on this page draws questions exclusively from the Services and Networking domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CKA domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CKADCKSKCNAEX200