Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Cluster Architecture, Installation and Configuration practice sets

CKA Cluster Architecture, Installation and Configuration • Complete Question Bank

CKA Cluster Architecture, Installation and Configuration — All Questions With Answers

Complete CKA Cluster Architecture, Installation and Configuration question bank — all 0 questions with answers and detailed explanations.

211
Questions
Free
No signup
Certifications/CKA/Practice Test/Cluster Architecture, Installation and Configuration/All Questions
Question 1easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which control plane component is responsible for storing the cluster state and configuration?

Question 2mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl drain node01 --ignore-daemonsets --force' to prepare node01 for maintenance. However, a pod running a critical application is evicted and becomes unschedulable. Which flag could prevent eviction of that specific pod?

Question 3hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A cluster was upgraded from v1.28 to v1.29 using kubeadm. After upgrading the control plane, nodes remain at v1.28. What is the correct next step to upgrade a worker node?

Question 4mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator creates a ServiceAccount named 'monitor' in the 'default' namespace. They want any pod using this ServiceAccount to be able to list pods cluster-wide. Which RBAC resource should be created and bound to this ServiceAccount?

Question 5mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You want to upgrade the control plane from v1.28.0 to v1.29.0 using kubeadm. After upgrading kubeadm on the control plane node, which command should you run first?

Question 6easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component runs on every node in a Kubernetes cluster and ensures containers are running in a pod?

Question 7hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A user reports that they can't authenticate to the cluster using a kubeconfig file. Running 'kubectl config view' shows the current context points to a user with client certificate and key. Which command checks the expiration date of the client certificate?

Question 8mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An admin runs 'kubectl get pods' and sees a pod in 'Pending' state for a long time. 'kubectl describe pod' shows '0/1 nodes are available: 1 node has memory pressure'. Which is the most likely cause?

Question 9mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A cluster is running etcd without TLS. The admin wants to take a snapshot backup. Which command is correct?

Question 10easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command creates a kubeconfig file that can be used to authenticate as a specific user?

Question 11hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod's YAML specifies 'restartPolicy: Never' and the container exits with code 0. What state will the pod be in?

Question 12mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

To make a node unschedulable without evicting existing pods, which command should be used?

Question 13easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO components are part of the Kubernetes control plane? (Select 2)

Question 14mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE are valid steps when upgrading a Kubernetes cluster using kubeadm? (Select 3)

Question 15hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE are valid methods to authenticate a user to the Kubernetes API server? (Select 3)

Question 16mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are preparing to upgrade a Kubernetes cluster from v1.27 to v1.28 using kubeadm. What is the correct order of operations for upgrading the control plane nodes?

Question 17hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl get nodes' and sees that one node is in the 'NotReady' state. Which component should be checked FIRST to diagnose the issue?

Question 18easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to take a snapshot of etcd using etcdctl?

Question 19mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A user needs to deploy a pod that requires access to the Kubernetes API server from within the pod. Which resource should be used to provide authentication credentials automatically?

Question 20mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubectl command is used to mark a node as unschedulable for new pods without affecting existing running pods?

Question 21hardmultiple choice
Read the full NAT/PAT explanation →

An administrator is setting up RBAC to allow a CI/CD pipeline to create and delete pods only in the 'ci' namespace. Which combination of resources should be created?

Question 22mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer wants to run a one-time batch job that processes data and then exits. Which Kubernetes resource should be used?

Question 23easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which of the following is NOT a control plane component in Kubernetes?

Question 24mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An admin runs 'kubectl get pods' and sees a pod in the 'Pending' state. Which is the most likely cause?

Question 25hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An admin attempts to restore an etcd snapshot using 'etcdctl snapshot restore' but encounters an error. Which environment variable must be set for etcdctl to work with v3 API?

Question 26easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for managing the network rules and forwarding on each node?

Question 27mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An admin wants to check the expiration date of all certificates used by kubeadm components. Which command should be used?

Question 28mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO components are part of the Kubernetes control plane? (Select two.)

Question 29hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE are valid methods to provide authentication to the Kubernetes API server? (Select three.)

Question 30easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands are valid for managing nodes in Kubernetes? (Select two.)

Question 31easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for managing the lifecycle of pods on a node?

Question 32mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A cluster was installed using kubeadm. You need to upgrade the cluster from v1.28 to v1.29. Which of the following is the correct order of operations?

Question 33hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have an etcd cluster with three members. You need to take a snapshot for disaster recovery. Which command correctly creates a snapshot?

Question 34mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer wants to create a ServiceAccount named 'app-sa' and mount its token into a pod. Which YAML snippet correctly configures the pod to use this ServiceAccount?

Question 35easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command allows you to view the current context in a kubeconfig file?

Question 36mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A node named 'node1' is having issues. You want to prevent any new pods from being scheduled onto it without affecting running pods. Which command should you use?

Question 37hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubeadm certs check-expiration' and sees that the kubelet client certificate expires in 7 days. What is the correct way to renew it?

Question 38easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which control plane component stores the entire cluster state?

Question 39mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You want to grant a user read-only access to all pods in the 'development' namespace. Which RBAC resource should you create?

Question 40mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

After upgrading the control plane using kubeadm, you need to update the kubelet configuration on the node. Which command should you run on the node?

Question 41hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to back up the etcd database for a kubeadm-created cluster. Which directory contains the etcd data?

Question 42easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component on a worker node is responsible for maintaining network rules and enabling service abstraction?

Question 43mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands can be used to interact with etcd snapshot operations? (Select TWO.)

Question 44hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid methods to configure a pod to use a specific ServiceAccount? (Select THREE.)

Question 45easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands are used to manage node schedulability? (Select TWO.)

Question 46easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command initializes a new Kubernetes control plane node using kubeadm?

Question 47mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl get nodes' and sees that a worker node is in the 'Ready,SchedulingDisabled' state. Which command was most likely executed on that node?

Question 48hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

During a cluster upgrade from v1.28 to v1.29, which component should be upgraded first on the control plane node?

Question 49easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to backup etcd data using etcdctl?

Question 50mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer needs to create a Role that allows listing pods in the 'dev' namespace. Which YAML snippet correctly defines this Role?

Question 51hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

After running 'kubeadm certs check-expiration', an admin sees that the 'apiserver' certificate expires in 30 days. Which command should be used to renew it?

Question 52mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ServiceAccount named 'my-sa' exists in the 'default' namespace. Which command creates a token for this ServiceAccount and stores it in a secret?

Question 53easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for running containers on a node?

Question 54mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An admin wants to view the current context in their kubeconfig. Which command should they use?

Question 55hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod is stuck in 'Pending' state. 'kubectl describe pod' shows '0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate'. What is the most likely cause?

Question 56easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubectl command is used to drain a node before performing maintenance?

Question 57mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ClusterRoleBinding grants cluster-admin access to a user. Which field in the ClusterRoleBinding specifies the user?

Question 58mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid methods to restore an etcd cluster from a snapshot? (Select 2)

Question 59hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid steps in a typical cluster upgrade procedure using kubeadm? (Select 3)

Question 60easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are control plane components? (Select 2)

Question 61mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?

Question 62easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which of the following is a core control plane component of Kubernetes?

Question 63hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a cluster with multiple worker nodes. You need to upgrade the cluster from v1.28.0 to v1.29.0 using kubeadm. What is the correct sequence of steps?

Question 64easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to create a backup of etcd data using etcdctl?

Question 65mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You run 'kubectl get nodes' and see that one node is marked as 'NotReady'. Which component is likely failing on that node?

Question 66mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl run test-pod --image=nginx' and the pod is created but stays in 'Pending' state. Which command would BEST help diagnose why the pod is not running?

Question 67hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to grant a ServiceAccount named 'jenkins' in the 'ci' namespace the ability to list pods in the 'production' namespace. Which RBAC resources should you create?

Question 68mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which of the following YAML snippets correctly defines a Kubernetes Deployment with 3 replicas and a rolling update strategy?

Question 69easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubectl command is used to mark a node as unschedulable so that no new pods are scheduled onto it?

Question 70mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a kubeconfig file with multiple contexts. How do you switch to the context named 'prod-cluster'?

Question 71hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A user reports that they cannot access a Service of type ClusterIP from within the cluster. The Service selects pods that are running and responding. Which of the following is the MOST likely cause?

Question 72easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for running containers on a node?

Question 73mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid ways to expose a set of pods as a network service in Kubernetes?

Question 74hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are true about etcd backup and restore?

Question 75mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid methods to authenticate to the Kubernetes API server?

Question 76easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A CKA candidate runs 'kubectl get nodes' and sees that a worker node is in the 'NotReady' state. Which command should be used to diagnose the node's kubelet health?

Question 77mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator needs to upgrade a Kubernetes cluster from v1.28 to v1.29 using kubeadm. Which of the following steps is performed FIRST?

Question 78hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator backs up etcd data using 'ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db'. Which command correctly restores this snapshot on a new etcd instance?

Question 79mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer is creating a Deployment with a single container that should restart only if the process exits with non-zero. Which restartPolicy should be used?

Question 80mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A kubeadm cluster was initialized with a custom certificate validity. You need to check the expiration date of the kube-apiserver certificate. Which command should you use?

Question 81hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ServiceAccount 'monitor-sa' needs to be able to list Pods in namespace 'monitoring'. Which RBAC configuration is appropriate?

Question 82easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for running containers on a Kubernetes node?

Question 83mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to drain a node 'node1' and ensure that pods are evicted gracefully. Which command should you use?

Question 84hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl get pods' and sees a pod stuck in 'Pending' state. Which of the following is NOT a typical cause?

Question 85easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have multiple kubeconfig files. Which command merges them into a single config file?

Question 86mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod is failing with 'CrashLoopBackOff'. You run 'kubectl logs mypod' and see no output. What is the first troubleshooting step?

Question 87mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator wants to use a ServiceAccount token that is mounted into a pod automatically. Which field enables token projection?

Question 88mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid methods to configure kubectl to use a specific context?

Question 89hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE components must be present in a high-availability control plane setup?

Question 90easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands are used to manage nodes in a cluster?

Question 91mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A Kubernetes cluster was upgraded from v1.28 to v1.29. After the upgrade, nodes report NotReady. You check kubelet logs and see: 'error: failed to run Kubelet: misconfiguration: kubelet cgroup driver: "systemd" is different from docker cgroup driver: "cgroupfs"'. What is the most likely cause?

Question 92hardmultiple choice
Review the full subnetting walkthrough →

You are setting up a new Kubernetes cluster using kubeadm. You run 'kubeadm init --pod-network-cidr=10.244.0.0/16' on the control plane node. The command fails with: '[preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running: output: time="..." level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint 'unix:///var/run/containerd/containerd.sock': rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService'"'. What is the most likely cause?

Question 93easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubectl command is used to view the current context in the kubeconfig file?

Question 94mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator needs to allow a service account 'monitor-sa' in namespace 'monitoring' to read pods across all namespaces. Which RBAC resources should be created?

Question 95hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are asked to backup the etcd database on a control plane node. The etcd is running as a static pod. Which command sequence will create a consistent snapshot?

Question 96easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component on a worker node is responsible for maintaining network rules and forwarding traffic to the correct pod?

Question 97mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A node has been cordoned. Which statement about the node is true?

Question 98mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are upgrading a cluster from v1.28 to v1.29. You have already drained and upgraded all worker nodes. The control plane nodes have not been upgraded yet. 'kubectl get nodes' shows the control plane nodes are still v1.28. What is the correct next step?

Question 99easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which of the following is NOT a control plane component?

Question 100hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to create a ServiceAccount named 'deployer' and grant it permission to create Deployments in namespace 'app'. Which YAML snippet correctly creates the necessary RBAC resources?

Question 101mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to check the expiration date of certificates used by the kube-apiserver. Which command should you use?

Question 102easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the purpose of the 'kubeadm reset' command?

Question 103mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid methods to provide a token to a Pod for authenticating to the Kubernetes API server?

Question 104hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid steps in a Kubernetes cluster upgrade procedure using kubeadm?

Question 105mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands can be used to view the configuration of a kubeconfig file?

Question 106easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which of the following is a core control plane component responsible for persisting cluster state?

Question 107mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are upgrading a Kubernetes cluster from v1.29.0 to v1.30.0 using kubeadm. What is the correct sequence of operations?

Question 108mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl get pods' and sees a pod in 'Pending' state. The output of 'kubectl describe pod pod-name' shows '0/1 nodes are available: 1 node(s) had taint that the pod didn't tolerate'. What is the most likely cause?

Question 109hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to back up etcd on a single control plane node. Which command correctly creates a snapshot?

Question 110mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ClusterRole named 'pod-reader' exists that grants get, list, and watch permissions on pods. You want to bind this ClusterRole to a user 'john' in the 'development' namespace only. Which resource should you create?

Question 111easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to mark a node as unschedulable and evict its pods?

Question 112hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a kubeconfig file with multiple contexts. You want to temporarily switch to a different context for a single kubectl command. Which flag should you use?

Question 113mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to create a ServiceAccount named 'my-sa' and a ClusterRoleBinding that binds the built-in 'view' ClusterRole to that ServiceAccount. Which set of commands achieves this?

Question 114easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for running containers on a node and reporting their status to the control plane?

Question 115mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You run 'kubectl logs pod-name' and get an error: 'Error from server (Forbidden): pods "pod-name" is forbidden: User "dev-user" cannot list resource "pods/log" in API group "" in the namespace "default"'. What RBAC configuration is missing?

Question 116mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You initialize a cluster with 'kubeadm init' and want to join a worker node. What is the correct command to generate the join command?

Question 117hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to renew all certificates on a kubeadm-managed cluster. Which command accomplishes this?

Question 118mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid ways to create a Role in the 'default' namespace that grants get and list on pods?

Question 119hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are steps required when restoring an etcd cluster from a snapshot?

Question 120easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands can be used to check the expiration of certificates managed by kubeadm?

Question 121easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command initializes a Kubernetes control plane node using kubeadm?

Question 122easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for maintaining network rules on worker nodes?

Question 123mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A node named 'worker-1' is unhealthy. You want to mark it as unschedulable and move workloads to other nodes. Which command sequence is correct?

Question 124mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to back up etcd data for a cluster with etcd running as a static Pod. Which command should you use?

Question 125mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You run `kubectl get pods` and get an error: 'error: You must be logged in to the server (Unauthorized)'. What is the most likely cause?

Question 126hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

During a cluster upgrade using kubeadm, after upgrading the control plane, you attempt to upgrade a worker node. The command `kubeadm upgrade node` fails with the error 'node is not ready'. What is the most likely cause?

Question 127mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to create a RoleBinding that grants a user access to read Pods in the 'dev' namespace. Which YAML manifest is correct?

Question 128hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have configured a ServiceAccount with an associated image pull secret. The Pod referencing this ServiceAccount still fails with ImagePullBackOff due to authentication errors. What is the most likely misconfiguration?

Question 129mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

To check the expiration date of all certificates managed by kubeadm, which command should you run?

Question 130hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A Pod is stuck in Pending state. Running 'kubectl describe pod' shows '0/3 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/control-plane: }, 2 node(s) had taint {node-role.kubernetes.io/master: }'. The Pod does not have tolerations. What is the most likely cause?

Question 131easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubeconfig context field defines the set of users, clusters, and namespaces for kubectl operations?

Question 132mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to upgrade a Kubernetes cluster from v1.28 to v1.29 using kubeadm. After upgrading the control plane, what should you do on each worker node?

Question 133mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid ways to set the namespace for a kubectl command?

Question 134hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid steps when restoring etcd from a snapshot using etcdctl?

Question 135mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are responsibilities of the kube-controller-manager?

Question 136easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to initialize a Kubernetes cluster using kubeadm?

Question 137mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A node in the cluster has been cordoned. Which of the following is true about the node?

Question 138hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are upgrading a Kubernetes cluster from version 1.28 to 1.29. What is the correct order of steps?

Question 139mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for maintaining network rules on each node?

Question 140easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the default port for the Kubernetes API server?

Question 141mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to check the expiration of certificates managed by kubeadm?

Question 142hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer needs to access the Kubernetes API from a pod using a ServiceAccount. Which of the following is the recommended way to mount the ServiceAccount token into a pod?

Question 143mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which subcommand of 'kubectl config' is used to switch between different contexts?

Question 144easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for assigning pods to nodes?

Question 145mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

To back up etcd, which command should be used with etcdctl?

Question 146hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ClusterRoleBinding grants permissions to a user, but the user is unable to perform the action. What is a possible cause?

Question 147mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the purpose of 'kubeadm reset'?

Question 148mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid resources for granting permissions in RBAC?

Question 149hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid options for the 'kubectl drain' command to safely evict pods from a node?

Question 150easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are control plane components?

Question 151mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are using kubeadm to initialize a Kubernetes cluster. After running 'kubeadm init', the control-plane node is not ready. You run 'kubectl get nodes' and see the node status as 'NotReady'. Which component is most likely not functioning correctly?

Question 152easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to take a snapshot of etcd data for backup?

Question 153hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a Kubernetes cluster with a single control-plane node and multiple worker nodes. You need to upgrade the cluster from v1.28.0 to v1.29.0. Which sequence of steps is correct?

Question 154mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer created a ClusterRole named 'pod-reader' with rules to get and list pods. They created a ClusterRoleBinding 'read-pods-global' binding this ClusterRole to a service account 'sa-pod-reader' in the 'default' namespace. Which of the following is true about the permissions of this service account?

Question 155mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are using kubeadm to initialize a cluster. After running 'kubeadm init', you follow the instructions to set up the kubeconfig for the regular user. Which of the following commands should you run to allow kubectl to communicate with the cluster?

Question 156easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the purpose of the kube-proxy component in a Kubernetes cluster?

Question 157hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are troubleshooting a pod that is in 'Pending' state. Running 'kubectl describe pod' shows the event: '0/3 nodes are available: 3 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.' What is the most likely cause?

Question 158easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command can you use to check the expiration date of certificates managed by kubeadm?

Question 159mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to allow a specific user to create and manage deployments in the 'development' namespace only. Which RBAC resources should you create?

Question 160mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a service account named 'my-sa' in the 'default' namespace. You want to mount its token into a pod automatically. Which field in the pod spec achieves this?

Question 161hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are performing a backup of etcd using the command: 'ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db'. You get an error: 'Error: context deadline exceeded'. What is the most likely cause?

Question 162easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the function of the 'kube-scheduler' in Kubernetes?

Question 163mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are valid methods to restore an etcd cluster from a snapshot? (Choose TWO.)

Question 164mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are components of the Kubernetes control plane? (Choose THREE.)

Question 165hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to prepare a worker node for maintenance. Which TWO actions should you perform? (Choose TWO.)

Question 166easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command correctly backs up etcd data using etcdctl with API version 3?

Question 167mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A new Kubernetes administrator runs 'kubeadm join --token <token> <control-plane-ip>:6443 --discovery-token-ca-cert-hash sha256:<hash>' on a worker node. The join fails with 'error execution phase preflight: couldn't validate the identity of the API Server'. What is the most likely cause?

Question 168mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator needs to grant a service account 'sa-monitor' in namespace 'monitoring' the ability to read pods and services cluster-wide. Which RBAC configuration is correct?

Question 169hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A cluster was upgraded from version 1.28 to 1.29. After the upgrade, you notice that a custom controller using the 'batch/v2alpha1' API for CronJobs no longer works. What is the most likely reason?

Question 170easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for maintaining network rules on each worker node to enable service discovery and load balancing?

Question 171mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

An administrator runs 'kubectl cordon node1' and then 'kubectl drain node1 --ignore-daemonsets'. What is the effect on node1?

Question 172mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to restore an etcd snapshot taken with 'etcdctl snapshot save'. You have a single control plane node. Which sequence of commands is correct?

Question 173hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod is stuck in 'Pending' state. 'kubectl describe pod' shows '0/1 nodes are available: 1 node(s) had taint {node.kubernetes.io/unreachable: }, that the pod didn't tolerate'. What does this indicate?

Question 174easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command displays the expiration date of all certificates managed by kubeadm?

Question 175hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to allow a specific pod running in namespace 'app' to communicate with a database pod in namespace 'db' only. Which NetworkPolicy configuration achieves this?

Question 176mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A cluster has multiple kubeconfig files. You want to set the current context to 'admin@production' for all future kubectl commands. Which command should you run?

Question 177mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

During a cluster upgrade, what is the correct order of operations for upgrading a node?

Question 178mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are control plane components? (Select 2)

Question 179hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE of the following are valid methods to authenticate to the Kubernetes API server? (Select 3)

Question 180easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO of the following are correct commands to view the current context in kubeconfig? (Select 2)

Question 181mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?

Question 182easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which component is responsible for maintaining the desired state of the cluster, such as ensuring the correct number of replicas for a Deployment?

Question 183mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to back up etcd data for a cluster running Kubernetes v1.29. Which command correctly creates a snapshot?

Question 184hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A kubeadm cluster is being upgraded from v1.28 to v1.29. You have upgraded the control plane components on the first master node. What is the NEXT step according to the recommended upgrade procedure?

Question 185easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command is used to prevent a node from being scheduled with new pods?

Question 186mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A developer created a ServiceAccount named 'app-sa' in the 'dev' namespace. They want a pod to use this ServiceAccount. Which field in the pod spec should be set?

Question 187hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You run 'kubeadm certs check-expiration' and see that the 'apiserver' certificate expires in 30 days. What is the correct way to renew just that certificate using kubeadm?

Question 188mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which kubeconfig context is currently active?

Question 189easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

What is the purpose of the kube-proxy component?

Question 190mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A ClusterRole named 'pod-reader' grants get, list, watch on pods. You want to bind it to a user 'john' cluster-wide. Which resource should you create?

Question 191hardmultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

During a cluster upgrade using kubeadm, after upgrading kubeadm on the node, which command upgrades the kubelet configuration?

Question 192easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

Which command initializes a new Kubernetes cluster using kubeadm?

Question 193mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO components run on worker nodes? (Select 2)

Question 194hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE are valid methods to restore an etcd cluster from a snapshot? (Select 3)

Question 195mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO are true about taints and tolerations? (Select 2)

Question 196mediummultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?

Question 197easymultiple choice
Read the full Cluster Architecture, Installation and Configuration explanation →

You are setting up a new Kubernetes cluster using kubeadm. After running 'kubeadm init', you want to start using the cluster with kubectl. Which of the following commands should you run to configure kubectl for the admin user?

Question 198mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO components are part of the Kubernetes control plane? (Choose TWO.)

Question 199mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to upgrade a Kubernetes cluster from v1.28 to v1.29 using kubeadm. Which TWO steps are REQUIRED as part of the upgrade process? (Choose TWO.)

Question 200hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You have taken an etcd snapshot using 'ETCDCTL_API=3 etcdctl snapshot save snapshot.db'. Which TWO commands are needed to restore this snapshot to a new etcd member? (Choose TWO.)

Question 201mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You are applying the following RBAC manifest:

--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: development name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"]

Which TWO statements are true about this Role? (Choose TWO.)

Question 202mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Your cluster has three control plane nodes. You suspect the etcd cluster has a leader election issue. Which TWO commands can help diagnose the etcd cluster health and membership? (Choose TWO.)

Question 203easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which THREE components run on every worker node in a Kubernetes cluster? (Choose THREE.)

Question 204hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to grant a ServiceAccount named 'monitor-sa' in namespace 'monitoring' the ability to read Pods and Services across all namespaces. Which TWO resources are needed? (Choose TWO.)

Question 205mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You run 'kubectl cordon node1'. Which TWO statements describe the effect of this command? (Choose TWO.)

Question 206mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You need to create a Kubernetes ServiceAccount named 'build-bot' and ensure that pods using this ServiceAccount can authenticate to the Kubernetes API using a long-lived token. Which TWO steps are necessary? (Choose TWO.)

Question 207hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a multi-node Kubernetes cluster. After upgrading the kubelet on a worker node, the node remains in 'NotReady' state. Which TWO actions should you take to troubleshoot? (Choose TWO.)

Question 208easymulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Which TWO commands are used to set the current context in kubeconfig? (Choose TWO.)

Question 209mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

You have a ClusterRole named 'deployer' that allows creating Deployments and Services. You want to grant a ServiceAccount 'ci-cd' in namespace 'app' the permissions defined in this ClusterRole. Which TWO resources are needed? (Choose TWO.)

Question 210hardmulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

Your kubeadm cluster was initialized with default certificates. You need to check the expiration of the API server certificate and renew it if necessary. Which TWO commands are appropriate? (Choose TWO.)

Question 211mediummulti select
Read the full Cluster Architecture, Installation and Configuration explanation →

A CKA candidate is troubleshooting a control plane node that was upgraded using kubeadm from v1.28 to v1.29. After the upgrade, the kube-apiserver pod fails to start. Which TWO actions should the candidate take to diagnose and resolve the issue? (Select TWO.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CKA Practice Test 1 — 10 Questions→CKA Practice Test 2 — 10 Questions→CKA Practice Test 3 — 10 Questions→CKA Practice Test 4 — 10 Questions→CKA Practice Test 5 — 10 Questions→CKA Practice Exam 1 — 20 Questions→CKA Practice Exam 2 — 20 Questions→CKA Practice Exam 3 — 20 Questions→CKA Practice Exam 4 — 20 Questions→Free CKA Practice Test 1 — 30 Questions→Free CKA Practice Test 2 — 30 Questions→Free CKA Practice Test 3 — 30 Questions→CKA Practice Questions 1 — 50 Questions→CKA Practice Questions 2 — 50 Questions→CKA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Cluster Architecture, Installation and ConfigurationServices and NetworkingWorkloads and SchedulingStorageTroubleshootingCluster Architecture, Installation & ConfigurationWorkloads & SchedulingServices & Networking

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Cluster Architecture, Installation and Configuration setsAll Cluster Architecture, Installation and Configuration questionsCKA Practice Hub