Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Cluster Architecture, Installation & Configuration practice sets

CKA Cluster Architecture, Installation & Configuration • Complete Question Bank

CKA Cluster Architecture, Installation & Configuration — All Questions With Answers

Complete CKA Cluster Architecture, Installation & Configuration question bank — all 0 questions with answers and detailed explanations.

34
Questions
Free
No signup
Certifications/CKA/Practice Test/Cluster Architecture, Installation & Configuration/All Questions
Question 1mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A company wants to install Kubernetes on a set of bare-metal servers with no existing orchestration tools. They need a solution that supports high availability for the control plane and uses etcd operators for cluster management. Which tool should they use?

Question 2hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A DevOps engineer notices that the kubelet on a node is unable to register with the Kubernetes API server. The kubelet logs show 'Failed to get bootstrap CA certificate' and the node is not yet part of the cluster. What is the most likely cause?

Question 3easymultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

An administrator needs to upgrade the kube-apiserver on a control plane node from version 1.22.0 to 1.23.0. Which of the following is the correct order of steps?

Question 4hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A Kubernetes cluster has been running for months. Recently, some pods are reporting 'FailedScheduling' due to insufficient memory. The administrator wants to add a new node with 32GB RAM. However, after joining the node, the new node shows 'NotReady' and the kubelet logs indicate 'Failed to update node status: context deadline exceeded'. What is the most likely cause?

Question 5mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A cluster administrator has configured a PodSecurityPolicy (PSP) that requires all pods to run with read-only root filesystem. However, a newly deployed pod is failing to start with the error 'container has runAsNonRoot and image will run as root'. The PSP is designed to prevent running as root. What is the most likely cause?

Question 6easymultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

An administrator is tasked with setting up a new Kubernetes cluster using kubeadm. They have two nodes: one control plane and one worker. After initializing the control plane with 'kubeadm init', the worker node fails to join with the error 'error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running'. What should the administrator check first?

Question 7hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A team is configuring etcd for a multi-node Kubernetes cluster. They want to ensure that etcd data is encrypted at rest. Which approach should they use?

Question 8mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A cluster is running on a cloud provider that supports load balancers. An administrator needs to expose a service externally using a cloud load balancer. However, the service remains in 'Pending' state. The cloud provider requires the cluster to be configured with the correct cloud provider flag. Which kube-controller-manager flag is required for this integration?

Question 9easymultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

During a 'kubeadm init', the administrator sees the message 'Your Kubernetes control-plane has been initialized successfully!' but the 'kubectl get nodes' shows the control plane node as 'NotReady'. What is the most likely missing step?

Question 10mediummulti select
Read the full Cluster Architecture, Installation & Configuration explanation →

Which TWO of the following are valid commands to upgrade a kubeadm cluster from version 1.22.x to 1.23.x on the control plane node? Assume the node is already drained.

Question 11hardmulti select
Read the full Cluster Architecture, Installation & Configuration explanation →

A cluster uses etcd with TLS encryption. Which THREE of the following are valid etcd client certificate authentication flags?

Question 12mediummulti select
Read the full Cluster Architecture, Installation & Configuration explanation →

Which TWO of the following are valid methods to configure the kubelet's node IP address?

Question 13hardmulti select
Read the full Cluster Architecture, Installation & Configuration explanation →

Which THREE of the following are valid steps to enable audit logging in a Kubernetes cluster?

Question 14mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A user tries to create a pod with the YAML file that requests 2 CPUs as a limit. The cluster has a ResourceQuota named 'compute-quota' with limits.cpu: 2. The user sees the above error. What is the likely issue?

Exhibit

Refer to the exhibit.

Error from server: error when creating "pod.yaml": pods "my-pod" is forbidden: exceeded quota: compute-quota, requested: limits.cpu=2, used: limits.cpu=1, limited: limits.cpu=2
Question 15hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

An administrator runs 'kubeadm init' on a machine that previously had a Kubernetes cluster. The command fails with the above errors. What is the best course of action?

Network Topology
$ kubeadm initpod-network-cidr=10.244.0.0/16apiserver-advertise-address=192.168.1.10[ERROR FileAvailableetc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already existsRefer to the exhibit.[init] Using Kubernetes version: v1.23.0[preflight] Running pre-flight checks[preflight] Some fatal errors occurred:
Question 16hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

You are a cluster administrator managing a multi-node Kubernetes cluster version 1.22. The cluster runs critical applications in the 'production' namespace. You have been asked to upgrade the control plane node to version 1.23 while minimizing downtime. The cluster uses a single control plane node (not HA). You have already backed up etcd and verified the backup is valid. You have also reviewed the upgrade notes and there are no breaking changes that affect your workloads.

You have drained the control plane node and ensured all pods are evicted. The node is now in 'Ready,SchedulingDisabled' state. You then run 'kubeadm upgrade plan' and see that upgrade to v1.23.0 is available. Next, you run 'kubeadm upgrade apply v1.23.0'. The command completes successfully. However, when you try to uncordon the node with 'kubectl uncordon <node>', you get an error: 'error: unable to update node: the object has been modified; please apply your changes to the latest version and try again'. What is the most likely cause and the correct next step?

Question 17hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A Kubernetes cluster has three control plane nodes and five worker nodes. The kube-apiserver is failing to start on one control plane node with the error 'etcdserver: request timed out'. The etcd cluster is healthy with three members. Which of the following is the most likely cause?

Question 18easymultiple choice
Review the full subnetting walkthrough →

An administrator needs to initialize a new Kubernetes control plane node using kubeadm. Which of the following is the correct command to initialize the control plane with a specific pod network CIDR of 10.244.0.0/16?

Question 19mediummulti select
Read the full Cluster Architecture, Installation & Configuration explanation →

Which TWO of the following are valid methods to add a worker node to an existing Kubernetes cluster that was initialized with kubeadm?

Question 20mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Based on the exhibit, what is the most likely cause of the worker2 node being NotReady?

Exhibit

Refer to the exhibit.
```
$ kubectl get nodes
NAME           STATUS   ROLES    AGE   VERSION
controlplane   Ready    master   10d   v1.25.0
worker1        Ready    <none>   10d   v1.25.0
worker2        NotReady <none>   10d   v1.25.0

$ kubectl describe node worker2 | grep -i condition
Conditions:
  Type                 Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----                 ------  -----------------                 ------------------                ------                       -------
  NetworkUnavailable   False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   CalicoIsUp                   Calico is running on this node
  MemoryPressure       False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure         False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure          False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready                Unknown Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   NodeStatusUnknown            Kubelet stopped posting node status.
```
Question 21hardmultiple choice
Read the full NAT/PAT explanation →

You are tasked with upgrading a Kubernetes cluster from version 1.24 to 1.25. The cluster has one control plane node and three worker nodes, all running Ubuntu 20.04 with kubeadm. You have already upgraded the control plane node to v1.25.0 and it is healthy. You now need to upgrade the first worker node. On the worker node, you run 'kubeadm upgrade node' and it completes successfully. However, when you run 'kubectl drain worker1 --ignore-daemonsets', the node drain hangs indefinitely. You check the node and find that a DaemonSet pod named 'fluentd-*' is stuck in Terminating state. The DaemonSet is from the logging system and must remain running during the upgrade. You cannot delete the DaemonSet. What is the best course of action to complete the upgrade of this worker node?

Question 22easymultiple choice
Review the full subnetting walkthrough →

A system administrator needs to install a Kubernetes cluster using kubeadm. The control plane node must be initialized with a specific Pod network CIDR of 10.244.0.0/16 for Flannel. Which command should be used?

Question 23mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A Kubernetes cluster is running with a single control plane node. The administrator wants to add a second control plane node for high availability. What is the first step after the new node has been provisioned with the required software?

Question 24hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A cluster administrator notices that nodes are not joining the cluster after a kubeadm init. The kubelet logs show: 'failed to run Kubelet: could not init service: open /var/lib/kubelet/config.yaml: permission denied'. What is the most likely cause?

Question 25mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

A DevOps engineer is designing a Kubernetes cluster for a production environment. Which of the following is a best practice for etcd deployment?

Question 26mediumdrag order
Read the full Cluster Architecture, Installation & Configuration explanation →

Drag and drop the steps to create a Kubernetes cluster using kubeadm into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 27mediumdrag order
Read the full Cluster Architecture, Installation & Configuration explanation →

Drag and drop the steps to deploy an application using a Deployment and expose it with a Service into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 28mediummatching
Read the full Cluster Architecture, Installation & Configuration explanation →

Match each Kubernetes resource to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Smallest deployable unit, runs containers

Stable network endpoint for a set of Pods

HTTP/HTTPS routing to Services

Non-sensitive configuration data

Storage resource provisioned by an administrator

Question 29mediummatching
Read the full Cluster Architecture, Installation & Configuration explanation →

Match each security context setting to its effect.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Specifies the user ID for the container's process

Prevents running as root (UID 0)

Grants elevated privileges to the container

Makes the container's root filesystem read-only

Adds or drops Linux capabilities

Question 30hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Refer to the exhibit. A Kubernetes cluster was initialized using kubeadm with the command shown. After initialization, the cluster nodes are in NotReady state. Which is the most likely missing step?

Network Topology
$ kubeadm initpod-network-cidr=10.244.0.0/16apiserver-advertise-address=192.168.1.100```[init] Using Kubernetes version: v1.28.0[certs] Using certificateDir folder "/etc/kubernetes/pki"[kubeconfig] Using kubeconfig folder "/etc/kubernetes"[kubeconfig] Writing "admin.conf" kubeconfig file[kubeconfig] Writing "kubelet.conf" kubeconfig file[kubeconfig] Writing "controller-manager.conf" kubeconfig file[kubeconfig] Writing "scheduler.conf" kubeconfig file[control-plane] Using manifest folder "/etc/kubernetes/manifests"
Question 31mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Refer to the exhibit. A pod named nginx-pod is stuck in Pending state. Based on the describe output, what is the most likely cause?

Exhibit

```
$ kubectl get nodes
NAME     STATUS   ROLES                  AGE   VERSION
master   Ready    control-plane,master   10d   v1.28.0
node1    Ready    <none>                 10d   v1.28.0
node2    Ready    <none>                 10d   v1.28.0
node3    Ready    <none>                 10d   v1.28.0

$ kubectl describe pod nginx-pod
Name:         nginx-pod
Namespace:    default
Priority:     0
Node:         node1/192.168.1.101
Start Time:   Mon, 01 Jan 2024 12:00:00 +0000
Labels:       run=nginx
Annotations:  <none>
Status:       Pending
IP:           
IPs:          <none>
Events:
  Type     Reason            Age   From               Message
  ----     ------            ----  ----               -------
  Warning  FailedScheduling  2m    default-scheduler  0/4 nodes are available: 1 node(s) had untolerated taint {node.kubernetes.io/not-ready: }, 3 node(s) had untolerated taint {node.kubernetes.io/unreachable: }. preemption: 0/4 nodes are available: 4 Preemption is not helpful for scheduling.
```
Question 32hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Refer to the exhibit. An etcd pod on the master node shows repeated rejected connections from node2 (192.168.1.102) and node3 (192.168.1.103). The error indicates non-TLS traffic. What is the most likely cause?

Exhibit

```
$ kubectl get pods -n kube-system | grep etcd
etcd-master                1/1     Running   0          10d

$ kubectl logs -n kube-system etcd-master | tail -5
2024-01-01 12:00:00.000000 I | embed: rejected connection from "192.168.1.102:45678" (error "tls: first record does not look like a TLS handshake", ServerName "")
2024-01-01 12:00:01.000000 I | embed: rejected connection from "192.168.1.103:45678" (error "tls: first record does not look like a TLS handshake", ServerName "")
2024-01-01 12:00:02.000000 I | embed: rejected connection from "192.168.1.102:45679" (error "tls: first record does not look like a TLS handshake", ServerName "")

$ kubectl get nodes -o wide
NAME     STATUS   ROLES                  AGE   VERSION   INTERNAL-IP     EXTERNAL-IP
master   Ready    control-plane,master   10d   v1.28.0   192.168.1.100   <none>
node1    Ready    <none>                 10d   v1.28.0   192.168.1.101   <none>
node2    Ready    <none>                 10d   v1.28.0   192.168.1.102   <none>
node3    Ready    <none>                 10d   v1.28.0   192.168.1.103   <none>
```
Question 33mediummultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Refer to the exhibit. The master node shows NotReady status. The kubelet is reporting 'container runtime is down'. Which command should be used to investigate and fix this issue?

Exhibit

```
$ kubectl get nodes
NAME     STATUS   ROLES                  AGE   VERSION
master   NotReady control-plane,master   10d   v1.28.0
node1    Ready    <none>                 10d   v1.28.0

$ kubectl describe node master | grep -A5 Conditions
Conditions:
  Type                 Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----                 ------  -----------------                 ------------------                ------                       -------
  NetworkUnavailable   False   Mon, 01 Jan 2024 12:00:00 +0000   Mon, 01 Jan 2024 12:00:00 +0000   CalicoIsUp                   Calico is running on this node
  MemoryPressure       False   Mon, 01 Jan 2024 12:00:00 +0000   Mon, 01 Jan 2024 12:00:00 +0000   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure         False   Mon, 01 Jan 2024 12:00:00 +0000   Mon, 01 Jan 2024 12:00:00 +0000   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure          False   Mon, 01 Jan 2024 12:00:00 +0000   Mon, 01 Jan 2024 12:00:00 +0000   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready                False   Mon, 01 Jan 2024 12:00:00 +0000   Mon, 01 Jan 2024 12:00:00 +0000   KubeletNotReady              container runtime is down
```
Question 34hardmultiple choice
Read the full Cluster Architecture, Installation & Configuration explanation →

Refer to the exhibit. A new worker node (node2) has been added to the cluster. It shows NotReady status, and a CertificateSigningRequest (CSR) is pending. What step must the cluster administrator take to make node2 ready?

Exhibit

```
$ kubectl get csr
NAME        AGE   SIGNERNAME                                    REQUESTOR          REQUESTDURATION   CONDITION
csr-node2   10m   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>            Pending

$ kubectl describe csr csr-node2
Name:               csr-node2
Labels:             <none>
Annotations:        <none>
CreationTimestamp:  Mon, 01 Jan 2024 12:00:00 +0000
Requesting User:    kubelet-bootstrap
Signer:             kubernetes.io/kube-apiserver-client-kubelet
Status:             Pending
Subject:
  Common Name:    system:node:node2
  Organization:   system:nodes
Groups:
  system:nodes
  system:authenticated

$ kubectl get nodes
NAME     STATUS     ROLES                  AGE   VERSION
master   Ready      control-plane,master   10d   v1.28.0
node1    Ready      <none>                 10d   v1.28.0
node2    NotReady   <none>                 1m    v1.28.0
```

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CKA Practice Test 1 — 10 Questions→CKA Practice Test 2 — 10 Questions→CKA Practice Test 3 — 10 Questions→CKA Practice Test 4 — 10 Questions→CKA Practice Test 5 — 10 Questions→CKA Practice Exam 1 — 20 Questions→CKA Practice Exam 2 — 20 Questions→CKA Practice Exam 3 — 20 Questions→CKA Practice Exam 4 — 20 Questions→Free CKA Practice Test 1 — 30 Questions→Free CKA Practice Test 2 — 30 Questions→Free CKA Practice Test 3 — 30 Questions→CKA Practice Questions 1 — 50 Questions→CKA Practice Questions 2 — 50 Questions→CKA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Cluster Architecture, Installation and ConfigurationServices and NetworkingWorkloads and SchedulingStorageTroubleshootingCluster Architecture, Installation & ConfigurationWorkloads & SchedulingServices & Networking

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Cluster Architecture, Installation & Configuration setsAll Cluster Architecture, Installation & Configuration questionsCKA Practice Hub