Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCKADDomainsServices and Networking
CKADFree — No Signup

Services and Networking

Practice CKAD Services and Networking questions with full explanations on every answer.

204questions

Start practicing

Services and Networking — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CKAD Domains

Application Design and BuildApplication DeploymentApplication Environment, Configuration and SecurityApplication Observability and MaintenanceServices and Networking

Practice Services and Networking questions

10Q20Q30Q50Q

All CKAD Services and Networking questions (204)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A developer deploys a set of Pods labeled app=frontend and wants to expose them internally within the cluster on a stable IP. Which resource should be used?

2

A team uses a Service named 'backend' in namespace 'prod' to reach Pods in namespace 'staging'. The Service in 'prod' has no endpoints. What is the most likely cause?

3

An application requires Pods to communicate using hostNetwork: true. Which Kubernetes resource is still necessary for stable DNS names?

4

A Pod needs to access an external database at db.example.com:3306. Which Service type allows Pods to resolve a cluster-local name to this external address?

5

A Service of type LoadBalancer is created but the external IP remains <pending>. What is the most likely reason?

6

A developer wants to expose a set of Pods on a specific port on each node's IP. Which Service type should be used?

7

An Ingress resource routes traffic to a Service 'web' on port 80. The Service has multiple endpoints but all return 503. What should be checked first?

8

A Pod needs to communicate with another Pod in the same cluster but in a different namespace. What is the correct DNS name to use?

9

A Service uses a selector to target Pods. After updating the Pod labels, you notice the endpoints list is empty. What is the most likely reason?

10

Which TWO of the following are valid ways to expose a Service externally in a Kubernetes cluster?

11

Which THREE of the following are valid use cases for a Headless Service (clusterIP: None)?

12

Which TWO of the following are required for Ingress to route HTTP traffic to a backend Service?

13

You are responsible for a multi-tier application running in a Kubernetes cluster. The frontend Pods communicate with backend Pods via a Service named 'backend' in the same namespace. Recently, the frontend team reported that the backend Service is intermittently unreachable. You inspect the backend Pods and notice that they are all running and ready, but the Endpoints object for the 'backend' Service shows only a subset of the Pod IPs. You also notice that the backend Pods have a readiness probe configured that checks an HTTP endpoint '/healthz'. The readiness probe has a periodSeconds of 5 and failureThreshold of 3. The application logs show occasional spikes in response time on the /healthz endpoint, sometimes exceeding 15 seconds. You need to resolve the intermittent unavailability without removing the readiness probe. Which action should you take?

14

You have deployed a microservices application in a Kubernetes cluster. One of the services, 'payment-service', needs to be accessed by other services within the cluster via a stable DNS name. You create a Service of type ClusterIP named 'payment' with selector app=payment. However, when you try to curl http://payment from another Pod, the connection times out. You verify that the Pods backing 'payment-service' are running and ready, and the Endpoints object lists the correct Pod IPs. You also confirm that the Pods are listening on port 8080, and the Service defines targetPort: 8080. The cluster uses a standard CNI plugin (Calico) and DNS is provided by CoreDNS. What is the most likely cause of the timeout?

15

A company runs a web application in a Kubernetes cluster. The application consists of a frontend service and a backend service. The frontend needs to communicate with the backend using a DNS name that does not change even if the backend pods are recreated. Which Kubernetes resource should the frontend use to reach the backend?

16

A DevOps engineer notices that traffic to a Service named 'api' is not being forwarded to newly created pods. The Service selects pods with label 'app: api'. The pods are running and have the correct label. However, the Service's endpoints list does not include the new pods. What is the most likely cause?

17

A user creates a Deployment with 3 replicas and a Service of type ClusterIP. The Service selects pods with label 'app: web'. The user wants external clients to access the application via a stable IP address. Which additional resource is required?

18

During a security audit, it is discovered that a pod running a database is accessible from any other pod in the cluster. The database should only be accessible by pods with label 'role: backend'. Which resource should be applied to enforce this restriction?

19

A developer creates a headless Service named 'db' to discover all database pod IPs. The Service selects pods with label 'app: db'. The pods are assigned IPs 10.0.0.1, 10.0.0.2, and 10.0.0.3. When a client performs a DNS lookup for 'db', what will it receive?

20

Which TWO statements about Kubernetes Services are correct? (Choose two.)

21

Which THREE components are required for a basic Ingress to route HTTP traffic to a Service? (Choose three.)

22

Refer to the exhibit. A user has created the Service shown. The application pods listen on port 8080. Which port should an external client use to access the application from outside the cluster?

23

You are a platform engineer managing a Kubernetes cluster version 1.28. A development team has deployed a microservice application called 'order-processor' in the 'prod' namespace. The application consists of a frontend Pod 'frontend' and a backend Pod 'backend', each with a single container. The frontend needs to communicate with the backend using a headless Service named 'backend-svc' that selects Pods with label 'app:backend'. The backend Pods are expected to scale horizontally, and the frontend uses a DNS lookup to discover all backend Pod IPs for client-side load balancing. However, after deploying, the frontend is unable to resolve 'backend-svc' to any IP addresses. The backend Pod is running and has the correct label 'app:backend'. The Service 'backend-svc' is defined as a ClusterIP with clusterIP: None. The frontend container has the 'default' DNS policy. What is the most likely cause of the failure?

24

A developer deploys a web application as a Deployment named 'web-app' with 3 replicas. The application listens on port 8080 and should be accessible from within the cluster via the service name 'web-svc' on port 80. Which Service YAML correctly exposes the application?

25

A DevOps engineer is setting up network policies in a Kubernetes cluster. The goal is to allow traffic from pods with label 'role=frontend' to pods with label 'role=backend' on TCP port 8080, and deny all other ingress to backend pods. Which two components are necessary to implement this? (Choose two.)

26

Order the steps to perform a rolling rollback of a Deployment to a previous revision.

27

Arrange the steps to create a multi-container Pod with a shared volume.

28

Match each YAML key in a Deployment manifest to its purpose.

29

Match each Kubernetes term to its description.

30

Which of the following Service types exposes a pod on a static port on each node's IP address?

31

You have a Service named 'web' in namespace 'default'. Which DNS name resolves to the Service's ClusterIP?

32

You need to create a NetworkPolicy that denies all ingress traffic to pods with label 'app: db' in namespace 'prod'. Which YAML snippet correctly implements this?

33

A StatefulSet named 'mysql' is deployed with 3 replicas. The administrator wants to create a headless Service so that each pod gets a unique DNS entry. Which Service specification should be used?

34

Which command creates a Service named 'my-svc' that exposes a deployment named 'my-deploy' on port 80?

35

You have an Ingress resource that routes traffic to two services: 'app1' and 'app2'. The requirement is that traffic for 'app.example.com' goes to app1, and traffic for any other host goes to app2. Which Ingress specification correctly achieves this?

36

A pod is unable to resolve the DNS name of a Service in the same namespace. The pod's /etc/resolv.conf shows 'nameserver 10.96.0.10'. What is the most likely cause?

37

Which TWO statements about Services are true? (Choose two.)

38

You want to restrict ingress traffic to pods with label 'app: web' in namespace 'frontend' to only come from pods in namespace 'backend'. Which NetworkPolicy YAML is correct?

39

You need to debug a Service that is not routing traffic to its endpoints. Which command shows the current endpoints of a Service?

40

An Ingress resource has the following spec. What is the effect? spec: tls: - hosts: - myapp.example.com secretName: myapp-tls rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp port: number: 80

41

Which command forwards port 8080 on the local machine to port 80 on a pod named 'web-pod'?

42

Which THREE statements about Ingress are correct? (Choose three.)

43

A Service named 'api' has no endpoints. 'kubectl describe svc api' shows the selector 'app: api', but no pods have that label. What is the most likely reason for missing endpoints?

44

Which TWO are valid ways to create a Service from a deployment named 'frontend'? (Choose two.)

45

Which command exposes a deployment named 'web' as a ClusterIP service on port 80?

46

A developer creates a Service named 'backend' in namespace 'default'. The service targets pods with label 'app: backend'. From within a pod in the same namespace, which DNS name resolves to the service's ClusterIP?

47

An ingress resource is created with the following spec. Which request will be routed to the 'green' service? ```yaml spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: blue port: number: 80 - path: /api/v1 pathType: Exact backend: service: name: green port: number: 80 ```

48

A NetworkPolicy named 'default-deny-ingress' is applied to a namespace but contains no rules. What is the effect on pods in that namespace?

49

To create a service that will be accessible from outside the cluster using a cloud provider's load balancer, what type should be used?

50

A pod in namespace 'default' cannot resolve the service name 'db' in namespace 'data'. Which DNS name should the pod use to reach the service?

51

A NetworkPolicy allows ingress traffic from pods with label 'role: frontend' in the same namespace. Which podSelector is correct?

52

A developer wants to test a service locally using kubectl. Which command forwards local port 8080 to the service's port 80?

53

Which service type is used to expose a service using an external DNS name, such as a database hosted outside Kubernetes?

54

A headless service is created with 'clusterIP: None'. What is the primary use case for such a service?

55

An Ingress resource uses the annotation 'kubernetes.io/ingress.class: nginx'. However, traffic is not being routed. The cluster has multiple ingress controllers. What is the most likely cause?

56

A NetworkPolicy allows egress traffic to pods with label 'db: mysql' in the same namespace. Which egress rule is correct?

57

Which TWO statements about Kubernetes Services are correct?

58

Which THREE components are typically involved when using Ingress to expose a service?

59

Which TWO are valid ways to create a Service in Kubernetes?

60

Which kubectl command creates a Service of type ClusterIP named 'my-service' that exposes port 80 on a set of pods selected by label 'app: web'?

61

A developer creates a headless Service with 'clusterIP: None' for a StatefulSet. What is the primary purpose of using a headless Service?

62

You create a Service named 'backend' in namespace 'prod'. A pod in namespace 'dev' tries to reach the service using the DNS name 'backend.prod.svc.cluster.local'. The pod cannot resolve the name. What is the most likely cause?

63

You apply the following Ingress manifest: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress spec: ingressClassName: nginx rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 The Ingress controller logs show a 404 error when accessing 'http://example.com/api'. The service 'api-service' exists and is reachable via ClusterIP. What is the most likely cause?

64

You are tasked with creating a NetworkPolicy that denies all ingress traffic to pods in the 'db' namespace by default. Which YAML snippet correctly implements this?

65

Which Service type is used to expose a service externally on a static port on each worker node?

66

You run 'kubectl port-forward pod/my-pod 8080:80' and try to access 'http://localhost:8080', but the connection is refused. The pod is running and port 80 is open. What is the most likely issue?

67

You have a NetworkPolicy that allows ingress from pods with label 'app: frontend' in any namespace, and also allows ingress from the IP range '10.0.0.0/8'. The policy is not working as expected. Which YAML snippet correctly implements both requirements?

68

A user runs 'kubectl get endpoints my-service' and sees no endpoints listed. The service has a selector 'app: my-app'. Pods with that label exist and are running. What is the most likely cause?

69

You have an Ingress with TLS configured. The Ingress controller returns a certificate error when accessing via HTTPS. The secret 'my-tls' exists in the same namespace. Which of the following is the most likely cause?

70

Which command creates a Service named 'web' of type ClusterIP that selects pods with label 'tier: frontend' and exposes port 80?

71

You need to allow ingress traffic to pods in namespace 'api' only from pods in namespace 'frontend' that have label 'role: proxy'. Which NetworkPolicy ingress rule correctly implements this?

72

Which TWO of the following are valid ways to expose a service externally on a Kubernetes cluster? (Select 2)

73

Which THREE of the following are valid rules for a NetworkPolicy that allows egress traffic from pods with label 'app: worker' to the external IP range '192.168.0.0/16' on port 53 UDP? (Select 3)

74

Which TWO of the following are true about headless services? (Select 2)

75

Which Service type is used to expose a Service on a static port on each node's IP address, allowing external traffic to reach the Service?

76

A developer runs `kubectl expose deployment web-deploy --port=80 --target-port=8080 --type=NodePort` and later wants to access the Service from outside the cluster. What is the correct way to find the external port?

77

An admin creates a Service without a selector. Which of the following is true about such a Service?

78

What is the primary purpose of a headless Service (clusterIP: None) in Kubernetes?

79

Which of the following Ingress controllers is commonly used in Kubernetes?

80

An admin applies the following NetworkPolicy: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress - Egress What effect does this policy have?

81

A pod in namespace 'app' needs to resolve the DNS name 'db-service.data.svc.cluster.local'. What is the likely namespace of the 'db-service' Service?

82

An admin wants to expose a Service only for internal cluster communication, without external access. Which Service type should they use?

83

What is the correct command to forward a local port to a pod for debugging?

84

An Ingress resource has the following spec: spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 What will the Ingress controller do for a request to http://example.com/api/v1/users?

85

Which of the following is a valid NetworkPolicy that allows ingress traffic only from pods with label 'role: frontend' in any namespace?

86

What is the purpose of the `IngressClass` resource in Kubernetes?

87

Which TWO of the following are valid methods to create a Service in Kubernetes? (Select 2)

88

Which THREE of the following are true about Kubernetes Services? (Select 3)

89

Which TWO of the following are valid Ingress path types? (Select 2)

90

A developer wants to expose a Deployment named 'web-app' (with label 'app: web') as a ClusterIP service on port 80. Which command achieves this?

91

You have a headless service 'db' in namespace 'data'. Pods in that namespace can resolve 'db.data.svc.cluster.local'. What is the effect of a headless service on DNS resolution?

92

An Ingress resource is defined as: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: test-ingress spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 tls: - hosts: - example.com secretName: tls-secret What must exist in the cluster for TLS termination to work?

93

A NetworkPolicy with the following spec is applied: spec: podSelector: {} policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: role: frontend What does this policy do?

94

You need to access a database pod 'db-pod' on port 5432 from your local machine. Which command forwards local port 15432 to the pod's port 5432?

95

What is the default service type in Kubernetes?

96

A ClusterIP service named 'svc' has no endpoints. Which command can you use to debug why the service is not routing traffic?

97

What annotation is required on an Ingress resource to use a specific IngressClass (e.g., 'nginx')?

98

A NetworkPolicy denies all ingress traffic to a namespace. Which rule would allow traffic only from pods in the same namespace?

99

You want to expose a Deployment 'app' externally on port 30080 on each node. What service type should you use?

100

A pod 'app' has an init container that fails. The pod status is Init:Error. What is the first step to diagnose?

101

Which of the following is true about Istio as a service mesh?

102

Which TWO of the following are valid ways to create a Service named 'web' that targets pods with label 'app: web' on port 80?

103

Which THREE statements about NetworkPolicy are correct?

104

Which TWO of the following are valid service types in Kubernetes?

105

Which of the following commands creates a Service named 'my-svc' of type ClusterIP that exposes TCP port 80 on a set of pods selected by the label 'app: web'?

106

A developer runs 'kubectl run nginx --image=nginx --port=80' and then creates a Service with the following YAML: apiVersion: v1 kind: Service metadata: name: nginx-svc spec: selector: app: nginx ports: - protocol: TCP port: 80 targetPort: 80 However, the Service has no endpoints. What is the most likely cause?

107

Given the following NetworkPolicy YAML: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress - Egress What is the effect of this policy?

108

What is the DNS name for a Service named 'backend' in the 'default' namespace?

109

An Ingress resource is created with the following YAML: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-svc port: number: 80 Which of the following requests will be routed to the api-svc Service?

110

A StatefulSet named 'web' is created with 3 replicas. What is the DNS name for the second pod (index 1)?

111

You have a Deployment with multiple replicas. You want to expose it via a Service that has a stable IP address and is accessible from outside the cluster on a static port on each node. Which Service type should you use?

112

Which of the following is true about headless services?

113

An administrator wants to allow ingress traffic to pods with label 'app: database' only from pods with label 'app: api' in the same namespace. Which NetworkPolicy rule is correct?

114

You run 'kubectl port-forward pod/my-pod 8080:80'. What does this command do?

115

An Ingress resource has the following annotation: 'kubernetes.io/ingress.class: nginx'. What is the purpose of this annotation?

116

What is the default Service type when creating a Service via 'kubectl create service' or YAML without specifying type?

117

Which TWO of the following are valid ways to expose a Deployment named 'web' as a Service?

118

Which THREE of the following are true regarding NetworkPolicy in Kubernetes?

119

Which TWO of the following are correct about the ExternalName Service type?

120

You create a Service with `kubectl expose deployment web --port=80 --target-port=8080`. What type of Service is created by default?

121

A developer creates a Deployment with 3 replicas and a Service with `clusterIP: None`. What is the primary use case for this headless Service?

122

A Pod named `my-pod` in namespace `ns1` tries to resolve `svc-a.ns2.svc.cluster.local`. The DNS query fails. The Service `svc-a` exists in namespace `ns2`. What is the most likely cause?

123

You apply the following Ingress manifest: ``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: ingressClassName: nginx rules: - host: app.example.com http: paths: - pathType: Prefix path: / backend: service: name: app-svc port: number: 80 ``` What is missing to enable TLS termination for this Ingress?

124

Which of the following commands creates a LoadBalancer Service named `web-svc` for a Deployment named `web` on port 80?

125

A NetworkPolicy is applied to a namespace with the following rules: ``` apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress ``` What is the effect on pods in that namespace?

126

You need to temporarily access a pod's HTTP endpoint on port 8080 from your local machine. Which command should you use?

127

A Service named `api` in namespace `default` has multiple endpoints. You run `kubectl get endpoints api` and see no IPs. What is the most likely cause?

128

Which Service type is used to expose a Service on a static port on each node in the cluster?

129

You create a Service with the following YAML: ``` apiVersion: v1 kind: Service metadata: name: my-service spec: ports: - name: http port: 80 targetPort: 8080 selector: app: my-app ``` What is the default Service type?

130

An Ingress has two rules: - host: app.example.com, path: /api -> service-a:80 - host: api.example.com, path: / -> service-b:80 A request to `app.example.com/api/v1` reaches which service?

131

What is the DNS name for a Service named `svc` in namespace `ns`?

132

Which TWO statements about NetworkPolicy are correct? (Choose two.)

133

Which THREE are valid fields in a NetworkPolicy spec? (Choose three.)

134

Which TWO are valid Service types? (Choose two.)

135

You have a Deployment named 'web' with label 'app: web'. You want to create a Service that exposes the Deployment on port 80 internally within the cluster. Which kubectl command achieves this?

136

A Service of type NodePort is created with 'spec.ports[0].nodePort: 30080'. The cluster nodes have IPs 10.0.0.1, 10.0.0.2. Which command can be used to test connectivity to the Service from outside the cluster?

137

A NetworkPolicy named 'deny-all' is applied in a namespace. Which YAML snippet correctly implements a default-deny-all ingress policy?

138

You have a Service named 'app-service' in namespace 'default'. You want a pod in namespace 'monitoring' to resolve the service DNS name. What is the correct fully qualified domain name (FQDN)?

139

You have a headless Service for a StatefulSet. What is the DNS resolution behavior for the StatefulSet pods?

140

Which Service type is used to expose a Service externally using a cloud provider's load balancer?

141

An Ingress resource is configured with TLS. Which field in the Ingress YAML specifies the secret containing the TLS certificate and key?

142

You need to allow ingress traffic to pods with label 'app: web' from pods with label 'role: frontend' in the same namespace, and also from any pod in namespace 'monitoring'. Which NetworkPolicy egress/ingress rule correctly implements this?

143

Which kubectl command forwards local port 8080 to port 80 of a pod named 'web-pod'?

144

You have a Service named 'api' with selectors that match pods. However, curl to the Service cluster IP times out. 'kubectl get endpoints api' shows no endpoints. What is the most likely cause?

145

An Ingress resource uses host-based routing. Which field in the Ingress YAML specifies the host header to match?

146

You have a Deployment with 3 replicas. You create a Service with 'clusterIP: None'. What is the effect on pod DNS?

147

Which TWO statements about Ingress are correct? (Select 2)

148

Which THREE statements about NetworkPolicy are correct? (Select 3)

149

Which TWO Service types allow external access to pods from outside the Kubernetes cluster? (Select 2)

150

You have a Deployment named 'web-app' with 3 replicas. You want to expose the pods on port 80 internally within the cluster using a ClusterIP service. Which kubectl command should you use?

151

You have a headless Service for a StatefulSet. The DNS query for the service returns no A records. What is the most likely cause?

152

You apply the following NetworkPolicy: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress - Egress After applying, pods in the namespace cannot reach the kube-dns service. What is the most likely reason?

153

You have an Ingress resource with TLS configured. The certificate is stored in a Secret named 'my-tls'. Which field in the Ingress YAML specifies the Secret name?

154

You need to forward a local port to port 8080 on a pod named 'my-pod' in the 'default' namespace. Which kubectl command should you use?

155

You have a Service named 'my-svc' in the 'prod' namespace. What is the fully qualified DNS name for this Service?

156

You want to block all ingress traffic to pods labeled 'app=api' except from pods labeled 'app=frontend'. Which NetworkPolicy rule is correct?

157

Which Service type exposes a Service externally via each Node's IP on a static port?

158

You have a Service that exposes a Deployment. Some pods are not receiving traffic. 'kubectl get endpoints my-service' shows only 2 out of 3 pod IPs. What is the most likely cause?

159

You want to expose a Deployment named 'nginx' on port 80 using a LoadBalancer service. Which YAML snippet is correct?

160

You have an Ingress that should route requests to 'api.example.com' to a service named 'api-svc' on port 80, and requests to 'www.example.com' to 'web-svc' on port 80. Which host-based routing rule is correct?

161

You have a Service named 'myservice' in namespace 'default'. A pod in the same cluster but different namespace 'other' wants to resolve the service's IP. What DNS name should it use?

162

Which TWO of the following are valid Service types in Kubernetes? (Select 2)

163

Which THREE of the following are true about NetworkPolicy? (Select 3)

164

Which TWO of the following are valid methods to create a Service in Kubernetes? (Select 2)

165

Which of the following commands creates a ClusterIP service named 'my-service' that exposes port 80 on the pod with label 'app=web'?

166

A ClusterIP service named 'db-service' in namespace 'data' is not reachable from a pod in the same namespace. The pod's /etc/resolv.conf shows 'search data.svc.cluster.local svc.cluster.local cluster.local'. Using the pod, which command tests DNS resolution for the service?

167

You create a headless service with 'clusterIP: None' for a StatefulSet. How does a client discover the individual pod IPs?

168

Which annotation is used to specify the IngressClass for an Ingress resource in Kubernetes v1.18+?

169

What is the default type of a Kubernetes Service when no type is specified in the YAML manifest?

170

You have an Ingress with the following spec: spec: rules: - host: app.example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 80 How does the Ingress controller route a request to http://app.example.com/api/v1/users?

171

A NetworkPolicy named 'default-deny-all' is applied to a namespace. It has no rules. Which statement is true?

172

Which command forwards local port 8080 to port 80 of a pod named 'web-pod'?

173

What is the purpose of the 'spec.externalName' field in a Service of type ExternalName?

174

You have a Deployment with pods labeled 'tier: frontend'. You create a Service with selector 'tier: frontend'. However, the Service has no endpoints. What is the MOST likely cause?

175

An Ingress resource specifies TLS termination using a secret. The secret must contain which keys?

176

When using 'kubectl expose', which flag creates a NodePort service?

177

Which TWO of the following are valid Ingress pathTypes in Kubernetes networking.k8s.io/v1?

178

Which THREE of the following are valid fields in a NetworkPolicy spec?

179

Which TWO of the following are correct statements about DNS in Kubernetes?

180

You have a Deployment running three replicas of a web application. You need to expose the application on port 80 of all cluster nodes. Which Service type should you use?

181

A developer wants to access a specific pod's port 8080 from their local machine using a temporary connection. Which command should they use?

182

An Ingress resource is configured with TLS termination. The secret referenced in the Ingress is present, but the Ingress controller returns 404. What is the most likely cause?

183

A ClusterIP Service named 'db' in namespace 'data' is not reachable from a pod in namespace 'app'. Which DNS name should the pod use to resolve the service?

184

You want to deny all incoming traffic to a set of pods except from pods with label 'role: frontend'. Which NetworkPolicy spec should you use?

185

A StatefulSet is deployed with a headless service (clusterIP: None). The pods are named 'web-0', 'web-1', 'web-2'. What DNS name resolves to the specific IP of 'web-1'?

186

You create a Service with the following manifest. What is the effect? service.yaml: apiVersion: v1 kind: Service metadata: name: ext-svc spec: type: ExternalName externalName: db.example.com

187

A NetworkPolicy with the following spec is applied to a namespace. What is the effect? spec: podSelector: {} policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 10.0.0.0/8 except: - 10.0.1.0/24 egress: - to: - ipBlock: cidr: 0.0.0.0/0

188

You need to expose a Deployment named 'web' on port 80 internally within the cluster. Which command creates the appropriate Service?

189

A Service of type LoadBalancer is created but the external IP remains pending. What is the most likely reason?

190

An Ingress is configured for host-based routing with two hosts: 'app1.example.com' and 'app2.example.com'. A request to 'app1.example.com' should go to service 'svc1'. Which field in the Ingress spec specifies the host?

191

Which TWO statements about headless services are correct?

192

Which THREE conditions must be met for a NetworkPolicy to effectively isolate a set of pods?

193

Which TWO commands can be used to list the endpoints of a Service named 'my-svc'?

194

Which TWO are valid port names in a Service definition?

195

A developer needs to expose a deployment named 'web-app' running in the 'default' namespace on port 8080 internally within the cluster. Which kubectl command creates a ClusterIP service that selects pods with label 'app: web'?

196

An administrator applies the following NetworkPolicy: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress - Egress After applying this policy, which traffic flows are affected?

197

Which TWO statements about Kubernetes Services are correct?

198

Which THREE items are required for Ingress to work correctly in a Kubernetes cluster?

199

Which TWO statements about Kubernetes DNS are correct?

200

Which THREE statements about NetworkPolicy are correct?

201

A pod named 'debug' is running. Which command forwards local port 4000 to port 80 on the pod?

202

A StatefulSet named 'mysql' is deployed with 3 replicas. The administrator wants each pod to have a stable network identity. Which service configuration is required?

203

Which TWO statements about Ingress are correct?

204

Which THREE are valid ways to expose a Service externally in Kubernetes?

Practice all 204 Services and Networking questions

Other CKAD exam domains

Application Design and BuildApplication DeploymentApplication Environment, Configuration and SecurityApplication Observability and Maintenance

Frequently asked questions

What does the Services and Networking domain cover on the CKAD exam?

The Services and Networking domain covers the key concepts tested in this area of the CKAD exam blueprint published by CNCF. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CKAD domains — no account required.

How many Services and Networking questions are in the CKAD question bank?

The Courseiva CKAD question bank contains 204 questions in the Services and Networking domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Services and Networking for CKAD?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Services and Networking questions for CKAD?

Yes — the session launcher on this page draws questions exclusively from the Services and Networking domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CKAD domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CKACKSDVA-C02