Practice KCNA Container Orchestration questions with full explanations on every answer.
Start practicing
Container Orchestration — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A team deploys a microservice that requires sticky sessions. The service runs on Kubernetes with multiple replicas. Which Kubernetes resource should be used to ensure requests from a client are consistently routed to the same pod?
2A Kubernetes cluster is experiencing network latency. The team suspects that the number of services and endpoints is causing iptables performance degradation. Which CNI plugin or network policy approach is most likely to improve performance?
3A developer wants to ensure that a pod runs only on nodes with SSDs. Which mechanism should be used?
4An application running in a Kubernetes pod needs to access a database that is deployed on a VM outside the cluster. The database IP is stable. Which is the best way to expose the database to the pod?
5A team notices that a ReplicaSet is not creating the desired number of pods. The ReplicaSet YAML is correctly configured with replicas: 3. The cluster has sufficient resources. What is the most likely cause?
6Which TWO of the following are valid ways to expose a set of pods as a network service in Kubernetes?
7Which THREE of the following are correct statements about Kubernetes Deployments?
8A DevOps team notices that a new deployment of a web application is not receiving traffic even though the pods are running. The deployment has a selector matching the pod labels, and a Service of type ClusterIP exists. What is the most likely cause?
9An administrator needs to ensure that Pods from two different Deployments cannot communicate with each other. Which Kubernetes resource should be used?
10A developer wants to run a one-time task that creates a database schema and then exits. Which Kubernetes workload type is most appropriate?
11An application requires stable network identities and persistent storage. Which workload type should be used?
12Which TWO of the following are valid methods to expose a set of pods to external traffic in Kubernetes?
13Refer to the exhibit. How many containers are defined in this Pod?
14Your organization runs a microservices application in a Kubernetes cluster with 5 worker nodes. Each microservice is deployed as a Deployment with 3 replicas. Recently, users report intermittent timeouts when accessing the frontend service. The frontend communicates with a backend service via ClusterIP. You check the backend pods and find that one of the three replicas is in CrashLoopBackOff. The other two backend pods are healthy. The frontend deployment has no readiness or liveness probes. You notice that the frontend's connection pool to the backend has a timeout of 5 seconds. The crashing backend pod logs show an occasional NullPointerException that causes the container to restart, but the pod becomes ready after restart within 2 seconds. However, the frontend's connection pool does not evict unhealthy connections quickly. What is the best course of action to reduce timeouts?
15A company is deploying a microservices application on Kubernetes. They want to ensure that configuration data, such as database URLs and feature flags, can be updated without rebuilding container images. Which Kubernetes resource should they use?
16Which TWO statements accurately describe Kubernetes scheduling?
17Based on the exhibit, why is the pod web-pod not running?
18Drag and drop the steps for a rolling update of a Kubernetes Deployment into the correct order.
19Drag and drop the steps to update a Kubernetes Secret and ensure Pods use the new value into the correct order.
20Match each Kubernetes component to its role in the control plane.
21Match each Kubernetes command (kubectl) to its primary function.
22A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?
23Which of the following best describes a key advantage of containers over virtual machines?
24You are designing a microservices application that requires each service to be independently deployable and scalable. The services communicate over HTTP and need service discovery. Which orchestration feature BEST addresses the need for service discovery?
25A developer creates a Deployment with replicas: 3 and strategy type: RollingUpdate with maxSurge: 1 and maxUnavailable: 1. During a rolling update, the Deployment controller creates a new ReplicaSet. After the new ReplicaSet has 2 pods ready, the node running one of the original ReplicaSet's pods fails. What is the MOST likely number of total pods running after the node failure, assuming no other actions?
26Which of the following is a container runtime that implements the Container Runtime Interface (CRI)?
27You need to run a batch job that processes a queue of 1000 items. The job should run to completion and then terminate. Which Kubernetes resource is BEST suited for this workload?
28A company wants to adopt immutable infrastructure for its containerized applications. Which practice BEST exemplifies immutability?
29Which command correctly creates a Deployment named 'web-app' with the image 'nginx:1.21' and 3 replicas?
30What is the primary purpose of the Open Container Initiative (OCI)?
31You have a microservices application where Service A needs to communicate with Service B running in a different namespace ('backend'). Both namespaces have a NetworkPolicy that denies all ingress by default. You create a NetworkPolicy in the 'backend' namespace allowing ingress from pods with label 'app: frontend'. What else is needed for Service A to reach Service B?
32A container image is built from a Dockerfile with multiple layers. Which statement about container image layers is TRUE?
33You need to run a stateful application that requires stable network identities and persistent storage per pod. Which Kubernetes resource is BEST suited?
34Which TWO statements about Docker Compose and Kubernetes are correct?
35Which THREE are benefits of using container orchestration platforms like Kubernetes?
36Which TWO are characteristics of the microservices architecture that are supported by container orchestration?
37Which of the following is a key benefit of using containers over virtual machines?
38What is the purpose of the Container Runtime Interface (CRI) in Kubernetes?
39Which Kubernetes resource is used to run a batch job that runs to completion?
40A user wants to ensure that a pod is automatically restarted if its main process crashes. Which Kubernetes controller should they use?
41A pod is stuck in 'Pending' state. You run 'kubectl describe pod mypod' and see the event '0/4 nodes are available: 4 Insufficient cpu'. What is the most likely cause?
42Which command would you use to view the logs of a specific container in a multi-container pod?
43What is the role of etcd in a Kubernetes cluster?
44A developer wants to expose a set of pods running a web application on a stable IP address. Which Kubernetes resource should they create?
45A pod is in CrashLoopBackOff. You check the logs and see 'Error: container process not found'. What is the most likely cause?
46An administrator wants to ensure that a Deployment named 'webapp' always has exactly 3 replicas running across distinct nodes to improve fault tolerance. Which field in the Deployment spec should they configure?
47A user creates a Service of type ClusterIP with a selector matching pods labeled 'app: myapp'. However, a pod named 'myapp-pod' with label 'app: myapp' is not receiving traffic. What is a possible reason?
48Which of the following is a characteristic of immutable infrastructure?
49Which TWO of the following are valid container runtimes that implement the CRI? (Choose two.)
50Which THREE of the following are benefits of using container orchestration? (Choose three.)
51Which TWO statements about container images are correct? (Choose two.)
52What is the primary difference between a container and a virtual machine (VM)?
53Which Kubernetes resource is best suited for running a batch processing job that must complete successfully exactly once?
54A pod named 'web-app' is not able to resolve the hostname 'db-service' from another namespace 'data'. The 'db-service' Service exists in the 'data' namespace. What is the most likely cause?
55What is the Container Runtime Interface (CRI)?
56Which of the following is a benefit of container orchestration?
57A Deployment manages 3 replicas of a pod. During a rolling update, one of the new pods enters CrashLoopBackOff. What happens next?
58Which of the following is a valid use case for a DaemonSet?
59What is the purpose of a readiness probe in a Kubernetes pod?
60A developer wants to run a containerized application locally for development. Which tool is most appropriate?
61Which Kubernetes resource can be used to define network policies that control traffic between pods?
62What is the concept of 'immutable infrastructure' as applied to Kubernetes?
63Which component of Kubernetes is responsible for maintaining the desired state of the cluster?
64Which TWO of the following are benefits of using a container orchestration platform like Kubernetes? (Select 2)
65Which THREE of the following are true about the Open Container Initiative (OCI)? (Select 3)
66Which TWO of the following are characteristics of a microservices architecture? (Select 2)
67A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?
68What is the primary purpose of a container orchestration platform like Kubernetes?
69A developer wants to deploy a stateful application that requires stable network identities and persistent storage per pod instance. Which Kubernetes resource is most appropriate?
70You have a microservices application with a frontend service that needs to communicate with a backend service running in a different namespace ('backend-ns'). The default namespace for the frontend is 'frontend-ns'. What DNS name should the frontend use to reach the backend service named 'backend-svc'?
71Which component is responsible for running containers in a Kubernetes node and implements the Container Runtime Interface (CRI)?
72An administrator wants to ensure that a specific pod only runs on nodes that have solid-state drives (SSDs). Nodes with SSDs are labeled with 'disktype=ssd'. Which pod specification field should be used?
73What is a key benefit of using containers over virtual machines for application deployment?
74A Kubernetes cluster has a Service named 'my-svc' in the 'default' namespace. Which command would correctly expose this service as an external endpoint using a cloud load balancer?
75You have a multi-container pod with a main application container and a sidecar container that handles log shipping. The sidecar container should start before the main container and stop after the main container finishes. Which pod configuration should you use?
76What is the purpose of a readiness probe in a Kubernetes pod?
77Which of the following is a key principle of microservices architecture?
78You run the command 'kubectl get pods -n default' and see no pods listed. However, you are sure there should be pods. What is the most likely cause?
79Which TWO of the following are characteristics of immutable infrastructure? (Select two.)
80Which THREE of the following are benefits of using a container orchestration platform like Kubernetes? (Select three.)
81Which TWO of the following are valid ways to expose a set of pods as a network service in Kubernetes? (Select two.)
82What is the primary difference between a container and a virtual machine (VM)?
83A DevOps engineer wants to deploy a stateful application that requires stable network identities and persistent storage. Which Kubernetes resource is most appropriate?
84A pod is stuck in the Pending state. Running 'kubectl describe pod <pod-name>' shows the event: '0/3 nodes are available: 1 node had taint {node.kubernetes.io/disk-pressure: }, 2 nodes had taint {node.kubernetes.io/memory-pressure: }'. What is the most likely cause?
85Which component in Kubernetes is responsible for managing the lifecycle of pods and ensuring the desired number of replicas are running?
86An application requires that a specific set of pods be placed on nodes labeled with 'gpu=true'. Which Kubernetes field should be used in the pod spec to enforce this?
87Which of the following is a benefit of using container orchestration platforms like Kubernetes?
88A user runs 'kubectl exec -it pod1 -- /bin/sh' and gets the error: 'error: unable to upgrade connection: container not found ("app")'. The pod has one container named 'app'. What is the most likely cause?
89Which command is used to create a Deployment that runs an nginx container with 3 replicas?
90A company wants to run a batch job that processes data and then terminates. Which Kubernetes resource should they use?
91When using a Service of type ClusterIP, how do pods reach the service?
92What is the purpose of a readiness probe in a Kubernetes pod?
93An administrator needs to expose a set of pods running a web application on a static port on each node's IP address. Which Service type should they use?
94Which TWO statements about containers are true compared to virtual machines? (Select TWO.)
95Which THREE are valid ways to perform a rolling update of a Deployment in Kubernetes? (Select THREE.)
96Which TWO are benefits of using a container orchestration platform like Kubernetes? (Select TWO.)
97A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?
98What is the primary benefit of using containers over virtual machines?
99A Kubernetes cluster has a Deployment running three replicas of an application. You need to update the container image to a new version with zero downtime. Which approach is most appropriate?
100You have a microservices application where Service A needs to discover the IP of Service B. Both services run in the same Kubernetes cluster. Which approach is the most Kubernetes-native way for Service A to reach Service B?
101Which component is responsible for running containers on a Kubernetes node?
102A container image built using a Dockerfile with multiple layers is stored in a registry. When a node pulls this image, which statement about layers is true?
103What is the purpose of the Container Runtime Interface (CRI) in Kubernetes?
104Which of the following is a benefit of using an orchestrator like Kubernetes?
105You have a Kubernetes cluster with multiple nodes. You need to ensure that a pod runs on a node that has an SSD. How should you achieve this?
106Your application consists of a frontend and a backend. The frontend needs to communicate with the backend using a stable DNS name. The backend is deployed as a Deployment with 3 replicas. Which Kubernetes resource should you create to provide a stable DNS name for the backend?
107What is the OCI (Open Container Initiative) responsible for?
108A developer wants to run a container image locally for testing before deploying to a Kubernetes cluster. Which tool is most appropriate for this task?
109Which TWO statements accurately describe the concept of immutable infrastructure in the context of container orchestration? (Select two.)
110Which THREE of the following are valid container runtimes that can be used with Kubernetes via the Container Runtime Interface (CRI)? (Select three.)
111Which TWO statements correctly describe how Kubernetes handles self-healing? (Select two.)
112Which of the following is a key benefit of container orchestration compared to running containers manually?
113A developer wants to deploy a stateful application that requires stable network identities and persistent storage. Which Kubernetes resource is best suited for this workload?
114A Kubernetes cluster has a single control plane node and two worker nodes. The control plane node fails. What is the immediate impact on the workloads running on the worker nodes?
115An administrator wants to ensure that a pod only runs on nodes that have a specific GPU. Which mechanism should be used to achieve this?
116Which statement accurately describes a key difference between containers and virtual machines?
117A pod spec includes a liveness probe that runs 'cat /tmp/healthy'. The probe is configured with initialDelaySeconds: 10, periodSeconds: 5. At what point does the kubelet first execute the probe?
118An application requires that a pod must not be scheduled on the same node as another pod from the same Deployment. Which configuration should be used?
119What is the primary purpose of the Container Runtime Interface (CRI) in Kubernetes?
120You create a Service of type ClusterIP with the name 'my-service' in the 'default' namespace. What DNS name resolves to the service's cluster IP from a pod in the same namespace?
121A pod is running but its container exits with code 137. The pod logs show 'Killed'. What is the most likely cause?
122Which component in Kubernetes is responsible for maintaining the desired state of the cluster?
123A DevOps engineer wants to update a Deployment's container image from 'v1' to 'v2' with zero downtime. Which kubectl command should they use?
124What is the primary benefit of containers over virtual machines?
125You have a microservices application deployed as a set of Pods in a Kubernetes cluster. You need to ensure that Pods can discover each other using stable DNS names. Which Kubernetes resource should you create?
126A pod is stuck in the 'Pending' state. You run 'kubectl describe pod mypod' and see the event: '0/3 nodes are available: 1 node had taint that the pod didn't tolerate, 2 Insufficient cpu.' What is the most likely cause?
127Which component is responsible for managing the lifecycle of containers on a Kubernetes node?
128You need to deploy a batch job that processes a queue and runs to completion. The job should run exactly once and create exactly one pod per work item, but some items may fail. Which Kubernetes resource is best suited?
129Which of the following is a container runtime that implements the Container Runtime Interface (CRI)?
130You have a Deployment with three replicas. You want to update the container image but ensure that only one pod is updated at a time, and the update proceeds only if the new pod becomes healthy. Which update strategy should you configure?
131What is the purpose of the 'kubectl scale' command?
132You are troubleshooting a service that is not accessible from within the cluster. The service has a label selector that matches the pods. You run 'kubectl get endpoints myservice' and see that the ENDPOINTS column is empty. What is the most likely cause?
133Which of the following best describes immutable infrastructure?
134Which command would you use to view the logs of a specific container in a pod?
135A pod is in the 'CrashLoopBackOff' state. You run 'kubectl logs mypod' and see an error related to missing environment variables. The pod is part of a Deployment. What is the best way to fix this without recreating the entire Deployment?
136Which TWO of the following are benefits of container orchestration?
137Which THREE of the following are key characteristics of microservices architecture?
138Which TWO of the following are true about the Open Container Initiative (OCI)?
139What is a key advantage of containers compared to virtual machines?
140Which component implements the Container Runtime Interface (CRI) to manage container lifecycle in Kubernetes?
141You need to ensure that a set of pods in a Deployment can be reached by other pods using a stable IP address and DNS name. Which Kubernetes object should you use?
142A Kubernetes cluster has two nodes: control-plane and worker. The worker node runs several pods. The control-plane node becomes unreachable. What is the immediate impact on the pods running on the worker node?
143What is the purpose of a readiness probe in a Kubernetes pod?
144You are writing a Deployment YAML (apps/v1) for a stateless web application. The application should have 3 replicas and use rolling updates with maxSurge=1 and maxUnavailable=0. Which field should you set under spec.strategy?
145You run 'kubectl get pods' and see that a pod named 'web-frontend' is in 'Pending' state for more than 5 minutes. What is the most likely cause?
146Which of the following is a benefit of container orchestration?
147You need to run a batch job that processes data every hour and exits upon completion. Which Kubernetes resource should you use?
148Which command would you use to get the logs of a pod named 'backend' in the 'production' namespace?
149You are asked to deploy a Kubernetes service that exposes a set of pods internally within the cluster only. The service should not be accessible from outside the cluster. Which Service type should you choose?
150Which of the following describes the Open Container Initiative (OCI) image specification?
151Which TWO of the following are benefits of using a container orchestration platform like Kubernetes? (Select 2)
152Which TWO of the following are valid reasons to use a DaemonSet instead of a Deployment? (Select 2)
153Which THREE of the following are characteristics of a microservices architecture? (Select 3)
154What is a key benefit of container orchestration platforms like Kubernetes?
155Which component is responsible for running containers on a Kubernetes node?
156Which Open Container Initiative (OCI) specification defines the format of container images?
157A developer wants to deploy a stateless web application that should scale to 5 replicas. Each replica must be identical and should be automatically replaced if it fails. Which Kubernetes resource should be used?
158A pod is in the 'Pending' state. Which of the following is a likely cause?
159An administrator runs 'kubectl get pods' and sees that a pod named 'app-pod' is in 'CrashLoopBackOff'. They run 'kubectl logs app-pod' and see a segmentation fault error. What is the most likely cause?
160A team wants to deploy a batch job that runs once to process a large dataset. The job should run to completion and then terminate. Which Kubernetes resource should be used?
161A Kubernetes administrator needs to restrict inbound traffic to a set of pods. Only pods with the label 'app: frontend' in the same namespace should be allowed to reach the pods on TCP port 8080. Which resource should be used?
162A pod has resource requests of 512Mi memory and 500m CPU, and limits of 1Gi memory and 1 CPU. The node has 4Gi memory and 2 CPU cores. If the pod tries to use 700m CPU, what will happen?
163A developer creates a Deployment with 3 replicas. After updating the pod template, they run 'kubectl rollout status deployment/my-deployment' and see that the rollout is stuck. Which command should they use to investigate the rollout history?
164A user runs 'kubectl exec -it pod1 -- /bin/sh' and gets an error: 'error: unable to upgrade connection: container not found'. The pod is running and has one container named 'app'. What is the most likely issue?
165A pod uses a ServiceAccount that has a RoleBinding to a Role with 'get', 'list', 'watch' on 'pods'. The pod tries to list pods in the same namespace. Will the request succeed?
166Which TWO statements about containers compared to virtual machines are correct? (Select 2)
167Which THREE are benefits of using a container orchestration platform? (Select 3)
168Which TWO statements about the Container Runtime Interface (CRI) are correct? (Select 2)
169What is a primary benefit of using containers over virtual machines?
170Which Kubernetes component is responsible for maintaining the desired state of the cluster?
171What is the purpose of the Container Runtime Interface (CRI)?
172You have a Deployment running 3 replicas. You need to update the container image without downtime. Which command updates the image while performing a rolling update?
173A Pod is stuck in 'Pending' state. Which command is most helpful to diagnose the issue?
174You need to run a batch job that processes a queue and then terminates. Which Kubernetes resource should you use?
175What is the difference between a liveness probe and a readiness probe?
176You want to ensure that a Pod runs on every Node in the cluster. Which resource should you use?
177A Service of type ClusterIP is created for a Deployment, but Pods in other namespaces cannot reach it. What is the most likely cause?
178In a container image built from a Dockerfile, what is the purpose of the CMD instruction?
179You are designing a microservices application. Which of the following is a key principle of microservices architecture?
180Which of the following is an example of immutable infrastructure?
181Which two of the following are container runtimes that implement the Container Runtime Interface (CRI)? (Choose two.)
182Which three of the following are benefits of container orchestration? (Choose three.)
183Which two of the following are characteristics of container images built using OCI standards? (Choose two.)
184Which of the following is a key benefit of container orchestration?
185What is the Container Runtime Interface (CRI)?
186Which of the following is a key difference between containers and virtual machines?
187A Kubernetes Deployment manages a set of pods. What is the primary purpose of a Deployment?
188A pod is stuck in 'Pending' state. Which of the following is a likely cause?
189Which command would you run to get a list of all pods in all namespaces?
190What is the purpose of a Readiness Probe in a Kubernetes pod?
191Which Kubernetes resource should be used to run a one-time task that performs a computation and then exits?
192What is the Open Container Initiative (OCI) responsible for?
193A microservices application has multiple services that need to discover each other by name. Which Kubernetes object provides built-in service discovery via DNS?
194You need to deploy an application that requires exactly one pod per cluster node for logging purposes. Which Kubernetes workload resource should you use?
195Which of the following correctly describes the concept of 'immutable infrastructure' in the context of container orchestration?
196Which TWO of the following are benefits of using a container orchestration platform like Kubernetes? (Choose two.)
197Which THREE are valid container runtimes that implement the Kubernetes CRI? (Choose three.)
198Which TWO statements about container images are correct? (Choose two.)
199A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?
200Which TWO of the following are benefits of using containers over virtual machines? (Choose 2)
201Which TWO of the following are required fields when defining a container in a Kubernetes Pod spec? (Choose 2)
202Which THREE of the following are true about the Open Container Initiative (OCI)? (Choose 3)
203Which TWO of the following are characteristics of microservices architecture? (Choose 2)
204Which THREE of the following are key benefits of container orchestration? (Choose 3)
205Which TWO of the following correctly describe the difference between Docker Compose and Kubernetes? (Choose 2)
206Which THREE of the following are true about the Container Runtime Interface (CRI)? (Choose 3)
207Which TWO of the following are true about container images? (Choose 2)
208Which THREE of the following are core principles of immutable infrastructure? (Choose 3)
209Which TWO of the following are true about service discovery in Kubernetes? (Choose 2)
210Which TWO of the following are true about container networking basics? (Choose 2)
211Which THREE of the following are true about container lifecycle? (Choose 3)
The Container Orchestration domain covers the key concepts tested in this area of the KCNA exam blueprint published by CNCF. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all KCNA domains — no account required.
The Courseiva KCNA question bank contains 211 questions in the Container Orchestration domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Container Orchestration domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included