Practice CKS Supply Chain Security questions with full explanations on every answer.
Start practicing
Supply Chain Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Which TWO of the following are best practices for securing the container supply chain?
2Which THREE of the following are required to implement a secure software supply chain using Kubernetes native features?
3A DevOps team wants to ensure that only signed images from a trusted registry are deployed in the cluster. They plan to use a webhook to intercept pod creation. Which tool is best suited for this task?
4A security audit reveals that a container image running in production contains a critical vulnerability (CVE-2024-1234). The image was built from a base image that had the vulnerability. What is the MOST effective long-term solution to prevent such issues?
5An organization uses a private container registry and wants to ensure that only images built from a specific CI/CD pipeline are deployed. Which combination of measures provides the strongest guarantee?
6You are the lead security engineer for a large financial institution. The organization runs a Kubernetes cluster with 500+ microservices. The supply chain security team has implemented the following measures: (1) All images are built from a minimal base image (distroless) and scanned with Trivy before being pushed to a private registry. (2) Images are signed using cosign with a key stored in a hardware security module (HSM). (3) Kyverno policies enforce that only signed images from the private registry can run, and also enforce that containers run as non-root. (4) A binary authorization (binauthz) style admission controller verifies attestations. Recently, a critical vulnerability (CVE-2024-0001) was discovered in a popular open-source library used by several microservices. The library is included as a dependency in the base image. The vulnerability is remotely exploitable and has a CVSS score of 9.8. The security team needs to remediate this quickly. They have already patched the library and updated the base image. What is the BEST course of action to ensure all running pods use the new image?
7A development team uses a custom container image for their application, built from a base image that includes multiple CVEs. The security team requires that no container runs with known critical vulnerabilities. Which approach best ensures that only images with no critical vulnerabilities are deployed in production?
8An organization uses a GitOps workflow with Argo CD to deploy applications to Kubernetes. The security team wants to ensure that container images are immutable and signed. They currently use a private container registry (Harbor) with vulnerability scanning and Cosign for signing. Which combination of controls best enforces that only signed and scanned images are deployed?
9You are auditing a cluster's supply chain security. You find that many pods are running images from public registries without any pinning or verification. Which TWO actions would most effectively reduce the risk of pulling malicious images?
10You are a security engineer at a fintech startup. The company runs a Kubernetes cluster in production with hundreds of microservices. Recently, a container image from a public registry was compromised, and the attacker injected a backdoor that exfiltrated customer data. The CISO mandates that all images must come from an internal registry that only stores approved, scanned, and signed images. Currently, developers build images locally and push them to Docker Hub, then reference those images in Kubernetes manifests. You have deployed Harbor as a private registry with vulnerability scanning and Cosign for signing. However, you notice that some pods are still running images directly from Docker Hub. You need to enforce that only images from your internal Harbor registry can be used in the cluster. You cannot change the Kubernetes manifests immediately because of a large backlog. You have access to the cluster's kubelet configuration and can modify cluster-level components. Which single action will most effectively block any pod that tries to use an image not hosted on your internal registry?
11A DevOps team uses a CI/CD pipeline to build container images and push them to a private registry. To minimize the risk of supply chain attacks, which of the following is the most effective security control to implement?
12You are securing a Kubernetes cluster that runs workloads from multiple teams. The cluster uses a private container registry and an admission controller to enforce image policies. Which TWO of the following actions are most effective in preventing the use of unapproved or tampered container images? (Choose two correct answers.)
13Refer to the exhibit. A cluster has the ClusterImagePolicy shown. A developer creates a pod with an image from registry.example.com/myapp:v1, which was built and signed by a GitHub Actions workflow that is NOT defined in the policy (different workflow). Which behavior will occur when the pod is created?
14Arrange the steps to secure etcd in a Kubernetes cluster.
15Match each Kubernetes API server flag to its security function.
16You are tasked with ensuring that all container images in your cluster are scanned for vulnerabilities before being deployed. You have set up Trivy in your CI/CD pipeline and want to enforce that only images with no critical vulnerabilities are allowed. Which admission controller should you configure to reject pods using non-compliant images?
17Which of the following is a best practice for securing container images?
18A security engineer wants to ensure that only images signed with a specific key are allowed to run in the cluster. Which tool can be used to sign container images?
19A developer wants to create a Deployment that runs as a non-root user. Which YAML snippet correctly sets the security context to run the container with UID 1000?
20You are configuring an ImagePolicyWebhook admission controller to allow only images from a trusted registry 'trusted-registry.io'. Which flag must be set in the kube-apiserver configuration to enable the webhook?
21A security team wants to automatically reject any Pod that uses an image tagged with 'latest'. Which tool can be used to define this policy at the admission level?
22Developer A runs 'cosign verify --key cosign.pub myregistry/myimage:tag' and receives an error: 'No signatures found'. Developer B previously ran 'cosign sign --key cosign.key myregistry/myimage:tag'. What is the most likely cause of the verification failure?
23Which tool is commonly used to generate a Software Bill of Materials (SBOM) for a container image?
24A DevOps engineer is setting up a CI/CD pipeline to scan container images for vulnerabilities. They want to fail the pipeline if any critical vulnerabilities are found. Which command should they use to scan the image and produce a JSON output that can be parsed?
25You have configured Kyverno to enforce that all Pods must have an image from a trusted registry. However, a newly created Pod is not being rejected even though it uses an untrusted image. What is the most likely reason?
26Which of the following is a static analysis tool for Kubernetes manifests that can identify security misconfigurations?
27You need to ensure that all containers in your cluster run with a read-only root filesystem. Which field should be set in the container's security context?
28Which two of the following are best practices for container image security? (Select TWO.)
29Which three of the following are valid ways to enforce supply chain security in a Kubernetes cluster? (Select THREE.)
30Which two of the following are best practices for securing a CI/CD pipeline that builds and deploys container images? (Select TWO.)
31Which of the following is a best practice for securing container images in a CI/CD pipeline?
32An administrator runs 'trivy image myapp:1.0' and receives an output with several CRITICAL vulnerabilities. What is the best next step to ensure the image is secure before deployment?
33A cluster uses ImagePolicyWebhook admission controller. After configuring it, deployments referencing images from an unauthorized registry are blocked. However, some deployments are still being admitted. What is a possible cause?
34Which command is used to sign a container image with Cosign and store the signature in an OCI registry?
35A Kubernetes cluster has Kyverno installed. A policy requires that all images come from a trusted registry 'trusted.example.com'. A Deployment uses the image 'nginx:latest'. When the Deployment is created, it is blocked. What Kyverno policy action is being used?
36Which tool can be used to generate an SBOM (Software Bill of Materials) for a container image?
37A security policy requires that all container images use SHA-based digests instead of tags. Which approach ensures this in a Deployment YAML?
38A CI/CD pipeline uses cosign attest to add an SBOM attestation to an image. Later, during deployment, which command verifies the attestation?
39Which of the following is a recommended Dockerfile best practice to improve container security?
40An OPA/Gatekeeper constraint requires that all images' registries match a pattern. A Deployment uses 'myregistry.io/app:v1'. The admission controller rejects it. The admin runs 'kubectl get constraints' and sees the constraint is active. What is the next debugging step?
41A cluster has both ImagePolicyWebhook and a mutating webhook that adds a sidecar. The admin notices that even when ImagePolicyWebhook rejects an image, the mutating webhook has already added the sidecar. What admission ordering issue is occurring?
42Which tool can be used to perform static analysis of Kubernetes manifests for security issues?
43Which TWO of the following are valid methods to ensure only signed images are deployed in a Kubernetes cluster?
44Which THREE of the following are best practices for securing the software supply chain in a CI/CD pipeline?
45Which TWO of the following admission controllers are relevant for supply chain security in Kubernetes?
46You want to scan a container image for vulnerabilities before deploying it. Which command uses the Trivy tool to scan an image?
47A security team wants to ensure that only signed images are deployed in the cluster. They have set up an ImagePolicyWebhook admission controller. After configuring the webhook, they notice that pods with unsigned images are still being created. What is the most likely cause?
48Which of the following is a best practice for securing container images?
49A developer wants to ensure that a pod always uses a specific version of an image that cannot be changed without updating the manifest. Which image reference should be used?
50You are auditing your cluster's supply chain security. You need to generate a Software Bill of Materials (SBOM) for a container image. Which tool should you use?
51An administrator applies the following Kyverno policy to the cluster. What is the effect of this policy? apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: require-non-root spec: validationFailureAction: enforce rules: - name: check-runAsNonRoot match: resources: kinds: - Pod validate: message: "Running as root is not allowed." pattern: spec: securityContext: runAsNonRoot: true
52A security engineer wants to integrate image scanning into a CI/CD pipeline. They are using a tool that can scan the filesystem of the build context before building the image. Which tool is best suited for this purpose?
53You want to allow only images from a specific registry (e.g., myregistry.io) to be deployed in your cluster. Which tool or approach is best suited for this requirement?
54What is the purpose of using a non-root user in a container image?
55A cluster administrator notices that a pod using an image from a public registry is failing to start. The image was signed with Cosign, and the cluster has an ImagePolicyWebhook configured to require signatures. The error message from the webhook indicates 'signature verification failed'. What is the most likely cause?
56You are tasked with creating a Kubernetes admission controller that validates image signatures before allowing pods to run. Which admission controller should you configure?
57Which of the following is a static analysis tool for Kubernetes manifests that can be used to find misconfigurations?
58Which TWO of the following are benefits of using an SBOM (Software Bill of Materials) in supply chain security?
59Which TWO of the following are correct methods to verify a signed container image using Cosign?
60Which THREE of the following are best practices for writing Dockerfiles?
61An administrator runs 'trivy image --severity HIGH,CRITICAL myapp:v1.0' and sees no vulnerabilities. However, a security scan of the same image using a different tool reports several HIGH severity CVEs. What is the MOST likely reason for this discrepancy?
62A security policy requires that all container images must be signed using Cosign. Which admission controller enforces signature verification at pod creation time?
63A developer wants to ensure the container image used in a Deployment is immutable. Which approach BEST guarantees that the exact same image is used every time, preventing tag mutation?
64Which tool is specifically designed to generate a Software Bill of Materials (SBOM) for container images?
65A security engineer runs 'kubesec scan deployment.yaml' and receives a score of -1. What does this score indicate?
66An OPA/Gatekeeper constraint is configured to allow only images from 'trusted-registry.io'. A pod is created with image 'trusted-registry.io/app:v1' but is denied. Which is the MOST likely cause?
67Which of the following is a BEST practice for container images to reduce the attack surface?
68An administrator wants to verify that an image was signed by a specific key before deploying. Which Cosign command should be used?
69Which Kyverno policy action is used to automatically mutate a resource to add a sidecar container for security?
70A CI pipeline fails with the error 'cosign: error: unable to verify image: no matching signatures' when running 'cosign verify --key pubkey.pem myregistry/myapp:latest'. The image was previously signed with a private key. What is the MOST likely cause?
71Which admission controller runs FIRST in the Kubernetes admission flow?
72A security best practice for Dockerfiles is to avoid hardcoded secrets. Which Dockerfile instruction is MOST likely to contain a hardcoded secret?
73Which TWO are benefits of using a distroless base image over a full OS image like Ubuntu? (Select two.)
74Which THREE are valid methods to enforce that only images from a specific registry can be deployed in a Kubernetes cluster? (Select three.)
75Which TWO are recommended practices for securing a CI/CD pipeline that builds container images? (Select two.)
76A security engineer wants to scan a container image for vulnerabilities using Trivy. Which command should they use?
77A DevOps engineer wants to enforce that all container images running in the cluster are signed using Cosign. Which Kubernetes admission controller is designed for this purpose?
78An administrator runs 'kubectl describe pod secure-pod' and sees that the pod is in a Pending state with the event 'Error: ImagePullBackOff' and the message 'unauthorized: authentication required'. The image is stored in a private registry. What is the most likely cause?
79Which of the following is a best practice for securing a Dockerfile?
80An administrator wants to ensure that only images from a specific registry (e.g., myregistry.internal) can run in the cluster. Which tool can be used to enforce this via admission control?
81A security team wants to generate an SBOM for a container image. Which tool should they use?
82An administrator runs 'kubectl run test-pod --image=nginx:latest' and the pod fails to start. The event log shows 'ImagePullBackOff' with error 'manifest for nginx:latest not found: manifest unknown'. The image 'nginx:latest' exists in the registry. What is the most likely cause?
83Which admission controller is responsible for invoking external webhooks to validate or mutate resources?
84An organization wants to implement supply chain security by signing all container images and verifying them before deployment. Which combination of tools is appropriate?
85A pod is running in a namespace that has a Kyverno policy requiring all images to come from a trusted registry. The pod is using an image from an untrusted registry. What will happen when the pod is created?
86Which of the following is a static analysis tool for Kubernetes manifests?
87An administrator wants to ensure that a Deployment uses a specific image digest (SHA256) instead of a tag. Which field in the Deployment YAML should be modified?
88Which TWO of the following are valid methods to verify the integrity of a container image before deployment?
89Which THREE of the following are best practices for securing the software supply chain in Kubernetes?
90Which TWO of the following are tools that can be used to generate an SBOM for a container image?
91A security admin runs 'trivy image --severity CRITICAL,HIGH myrepo/myapp:latest' and sees many CVEs. The admin wants to ensure that only images with no CRITICAL or HIGH severity vulnerabilities are deployed to the cluster. Which admission controller should be configured to enforce this policy?
92A developer wants to sign a container image using Cosign. Which command should they run after building and pushing the image to a registry?
93An administrator wants to ensure that all containers in a deployment run as a non-root user. Which YAML snippet correctly sets the security context to run as user ID 1000?
94A security engineer wants to enforce that all images in the cluster must come from a trusted registry 'trusted-registry.io'. They are using OPA/Gatekeeper. Which constraint template and constraint combination would achieve this?
95Which tool is used to generate a Software Bill of Materials (SBOM) for a container image?
96A CI/CD pipeline builds a Docker image and pushes it to a registry. To ensure supply chain security, the pipeline should scan the image for vulnerabilities before deployment. Which of the following is the correct command to scan a local Docker image using Trivy?
97A Kyverno policy is written to require all images to use SHA256 digests instead of tags. The policy uses a 'validate' rule with 'pattern' on 'spec.containers[*].image'. Which pattern would match an image reference like 'registry.example.com/myapp@sha256:abc123...'?
98Which admission controller is responsible for validating and modifying images based on an external webhook in Kubernetes?
99A DevOps engineer wants to ensure that a container image is signed and the signature is verified before deployment. Which Cosign command verifies an image signature?
100An administrator wants to perform static analysis on Kubernetes manifest files to find security misconfigurations. Which tool is specifically designed for this?
101A pod is stuck in Pending state. 'kubectl describe pod' shows '0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/control-plane: }, that the pod didn't tolerate.' The pod does not specify any tolerations. What is the most likely cause?
102Which of the following is a best practice when writing a Dockerfile for a containerized application?
103Which TWO of the following are valid methods to verify the integrity of a container image in a Kubernetes supply chain? (Select 2)
104Which THREE of the following are correct statements about Kubernetes admission controllers in the context of supply chain security? (Select 3)
105Which TWO of the following tools can be used to generate or analyze SBOMs? (Select 2)
106An administrator wants to ensure that only images from a trusted registry 'myregistry.io' can run in the cluster. Which admission controller should be configured?
107Which command is used with Cosign to sign a container image?
108A DevOps engineer runs 'trivy image myapp:latest' and finds a critical CVE in the base image. Which Dockerfile change would BEST address this?
109An OPA/Gatekeeper constraint is configured to require all container images to be from a specific registry. A user creates a Pod with image 'gcr.io/myimage:v1'. Which admission controller will first reject this Pod?
110A security policy requires that all container images must have a signed attestation. Which Cosign command would an admin add to the CI pipeline to create this attestation?
111Which tool is used to generate an SBOM (Software Bill of Materials) for a container image?
112An admin runs 'kubectl run test-pod --image=nginx:latest' and the Pod is created but immediately enters 'CrashLoopBackOff'. 'kubectl describe pod test-pod' shows 'Back-off restarting failed container'. Which admission controller might cause this if misconfigured?
113A security scan report shows that a container image has several high-severity CVEs. The team wants to implement automated scanning in CI/CD pipeline. Which tool would you recommend for scanning container images in a CI pipeline?
114An organization uses Kyverno to enforce policies. Which Kyverno rule action would you use to require that all images come from a specific registry?
115A user creates a Deployment with image 'alpine:3.18' and the Pod status is 'ErrImagePull'. The admin checks the image policy and sees that only images with SHA digests are allowed. What is the fix?
116Which command would scan a Kubernetes Pod manifest for security issues?
117An administrator wants to enforce that all pods run with read-only root filesystem. Which admission controller can achieve this without writing custom code?
118Which TWO are best practices for Dockerfile security? (Select 2)
119Which THREE are valid methods to verify the integrity and origin of a container image? (Select 3)
120Which TWO are tools for static analysis of Kubernetes manifests? (Select 2)
121A security admin wants to ensure that all container images in a Kubernetes cluster are scanned for known vulnerabilities before being deployed. Which tool can be integrated into a CI/CD pipeline to scan container images for CVEs?
122An administrator wants to ensure that only signed container images are deployed in the cluster. Which admission controller can be used to enforce this policy?
123Which command is used to sign a container image with Cosign?
124You have a Kyverno policy that validates image registries. The policy should allow only images from `myregistry.example.com`. Which Kyverno rule field should be used to check the image registry?
125An administrator runs `kubectl run nginx --image=nginx:latest` and the pod remains in ImagePullBackoff. The cluster uses containerd as the container runtime. What is the most likely cause?
126Which of the following is a best practice for Dockerfiles to improve supply chain security?
127A DevOps team wants to enforce that all Deployments must have a specific label 'app.kubernetes.io/name'. Which tool can be used to validate this in the admission controller stage?
128What does SBOM stand for in the context of supply chain security?
129An admin wants to scan a local filesystem for vulnerabilities using Trivy. Which command should they use?
130Which tool can generate an SBOM for a container image?
131A cluster has the ImagePolicyWebhook admission controller enabled. A pod creation is denied with the message 'image policy check failed'. The webhook server returns an error. Which of the following could be a valid reason?
132Which Kubernetes admission controller ensures that a pod only uses images from a specific registry?
133Which TWO of the following are best practices for securing the container supply chain? (Select 2)
134Which THREE of the following can be used to enforce policies on container images in a Kubernetes cluster? (Select 3)
135Which TWO of the following are valid methods to verify the integrity of a container image? (Select 2)
136You are implementing supply chain security for container images. Which tool would you use to scan a local directory of Dockerfiles and Kubernetes manifests for known vulnerabilities?
137Which of the following is a best practice for securing container images in a Kubernetes environment?
138You need to enforce that all images deployed in the cluster are signed by a trusted key. Which Kubernetes admission control mechanism would you use?
139A cluster administrator wants to allow only images from a specific registry (e.g., 'myregistry.io') to be deployed in the cluster. Which tool can be used to enforce this via admission control?
140What is the purpose of an SBOM (Software Bill of Materials) in the context of supply chain security?
141Which command would you use to sign a container image with Cosign?
142You run 'trivy image myapp:latest' and the scan reports several critical CVEs. What is the best action to take?
143A security engineer wants to ensure that all container images in a Kubernetes cluster have a non-root user. Which admission controller can enforce this requirement?
144What is the correct way to specify a container image using a SHA digest instead of a tag for immutable deployments?
145Which static analysis tool can be used to check Kubernetes manifests for security misconfigurations?
146In a CI/CD pipeline, at which stage should container image scanning be performed?
147You need to generate an SBOM for a container image. Which command should you use?
148Which TWO of the following are valid admission controllers in Kubernetes? (Select TWO)
149Which THREE of the following are best practices for Dockerfile security? (Select THREE)
150Which TWO of the following are tools for image signing and verification? (Select TWO)
151Which command scans a Docker image for CVEs using Trivy?
152A security admin wants to ensure that only images signed with a specific key can run in the cluster. Which admission controller should be enabled?
153A developer creates a Dockerfile with 'FROM ubuntu:latest'. The security team recommends using a minimal base image. Which change minimizes the attack surface?
154An admin runs 'kubectl run nginx --image=nginx' and the pod fails with 'ImagePullBackOff'. The cluster has an OPA/Gatekeeper constraint that only allows images from 'myregistry.io'. How can the admin quickly test the restriction?
155Which tool can generate an SBOM (Software Bill of Materials) from a container image?
156A security audit reveals that a Deployment uses an image with a mutable tag 'app:latest'. Which change ensures the image is immutable and traceable?
157Which kubectl command signs a container image using Cosign?
158Which YAML field in a Deployment specifies the container user should not run as root?
159A cluster uses Kyverno to enforce that all images come from a trusted registry. A new Deployment fails with a message that the image 'docker.io/library/nginx:latest' is not allowed. What Kyverno policy rule likely caused this?
160To verify a signed container image, which command should be used?
161Which static analysis tool is specifically designed to evaluate Kubernetes manifests against security best practices?
162In a CI/CD pipeline, which step is MOST effective for detecting known vulnerabilities in a container image before deployment?
163Which TWO practices improve supply chain security for container images? (Select two.)
164Which THREE are valid admission controllers in Kubernetes? (Select three.)
165Which TWO tools can generate an SBOM for a container image? (Select two.)
166A security team wants to ensure that all container images in a cluster are scanned for critical CVEs before they are run. They decide to use an admission controller. Which Kubernetes built-in admission controller should they configure?
167A developer runs 'trivy image myapp:latest' and gets a report with several CRITICAL CVEs. Which action would BEST address the supply chain security risk?
168An administrator wants to enforce that only images signed by a trusted key can run in the cluster. They have configured cosign and want to use a Kubernetes admission controller. Which tool should they deploy?
169You are asked to generate an SBOM for a container image and attach it as an attestation using cosign. Which two commands would you run in sequence?
170A Kubernetes cluster has Kyverno installed. You want to enforce that all container images come from a trusted registry 'trusted-registry.example.com'. Which Kyverno policy rule type would you use?
171Which of the following is a BEST practice for securing container images in a Dockerfile?
172A CI pipeline uses 'checkov' to scan Kubernetes manifests. Which of the following is a common checkov check related to supply chain security?
173A pod is stuck in Pending state. 'kubectl describe pod' shows the event: '0/4 nodes are available: 1 node had taint {node-role.kubernetes.io/control-plane: }, that the pod didn't tolerate, 3 Insufficient memory.' The pod YAML does not specify any tolerations. Which command would allow the pod to schedule on the control-plane node?
174You need to sign a container image using cosign with a key stored in an environment variable. Which command should you use?
175What is the primary purpose of an SBOM in supply chain security?
176You have a Kyverno policy that validates images are from a specific registry. However, a pod using an image from that registry is still blocked. The pod YAML includes 'imagePullPolicy: Always'. What could be the issue?
177Which TWO of the following are valid ways to verify a container image signature using cosign?
178Which TWO of the following are best practices for securing the software supply chain in a CI/CD pipeline?
179Which THREE of the following are valid approaches to prevent containers from running as root in a Kubernetes cluster?
180Which THREE of the following are tools used for static analysis of Kubernetes manifests?
181A security team wants to ensure that only container images from a trusted registry (mytrustedregistry.io) are deployed in the cluster. They plan to use OPA/Gatekeeper. Which kind of Gatekeeper constraint template and constraint should they create?
182You are configuring ImagePolicyWebhook admission controller to reject images not signed by a trusted authority. After deploying the webhook, you notice that pods are being rejected even for images that are properly signed. Which configuration change is MOST likely to fix this?
183A developer wants to verify the signature of a container image before deploying it. Which command should they use along with Cosign?
184During a CI/CD pipeline, you run 'trivy image myapp:latest' and get a high number of vulnerabilities. What is the BEST action to reduce the vulnerability count?
185A security policy requires that all container images must reference a specific SHA256 digest instead of a tag. You need to enforce this using Kyverno. Which Kyverno rule type and pattern would you use?
186Which TWO of the following are valid methods to supply a Kubernetes manifest to kubesec for static analysis?
187Which TWO of the following are best practices for Dockerfile security according to CKS guidelines?
188Which THREE of the following are valid admission controllers involved in the Kubernetes admission flow that can be used for supply chain security?
189Which TWO of the following tools can generate an SBOM (Software Bill of Materials) for a container image?
190Which THREE of the following are valid flags for the 'trivy image' command to output results in different formats?
The Supply Chain Security domain covers the key concepts tested in this area of the CKS exam blueprint published by CNCF. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CKS domains — no account required.
The Courseiva CKS question bank contains 190 questions in the Supply Chain Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Supply Chain Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included