CCNA Application Deployment Questions

75 of 205 questions · Page 1/3 · Application Deployment · Answers revealed

1
Multi-Selectmedium

Which TWO commands can be used to create resources in Kubernetes? (Select TWO.)

Select 2 answers
A.kubectl describe
B.kubectl get
C.kubectl create
D.kubectl run
E.kubectl apply
AnswersC, E

Creates resources from file or stdin.

Why this answer

kubectl create and kubectl apply can both create resources. kubectl run creates a pod, but it's more specific. kubectl get reads resources, kubectl describe reads.

2
MCQmedium

You have a Deployment with 'replicas: 3' and the HPA is configured with 'targetCPUUtilizationPercentage: 80'. The current CPU usage is at 60% across all pods, but the HPA has scaled up to 5 replicas. What is the most likely reason?

A.The 'targetCPUUtilizationPercentage' might be set differently on the Deployment's resource spec
B.The HPA has a behavior policy that scales up aggressively
C.The HPA is using the 'averageUtilization' target type on a custom metric, not CPU
D.The HPA is reading the total CPU usage instead of average
AnswerA

If the container's resource requests are set lower than actual usage, the utilization percentage can be higher. For example, if request is 100m but usage is 200m, utilization is 200% even if absolute CPU is low. This could trigger scaling.

Why this answer

The HPA may be using average utilization across all pods. With 3 pods at 60% each, average is 60%, below 80%, so it should not scale up. However, if one pod is at high CPU and others low, the average might be skewed.

But the most common reason for unexpected scaling is custom metrics or behavior policies. Option B is plausible: the HPA's behavior configuration might include a scale-up stabilization window that causes aggressive scaling. Or maybe the target is average value, not percentage? Actually, the question says 'most likely reason'.

Option D (different target) is also possible but less likely. Let's go with D.

3
Multi-Selecteasy

Which TWO of the following are valid fields in a Kustomize kustomization.yaml file? (Select two)

Select 2 answers
A.containers
B.patches
C.apiVersion
D.resources
E.replicas
AnswersB, D

Valid field for strategic merge patches.

Why this answer

Option A ('resources') and Option C ('patches') are valid Kustomize fields. Option B ('containers') is not a top-level field. Option D ('apiVersion') is not a Kustomize field; it's part of the YAML but not a content field.

Option E ('replicas') is not a direct field in kustomization.yaml; it's used in patches.

4
MCQeasy

Which command scales a Deployment named 'web' to 5 replicas?

A.kubectl set replicas deployment web 5
B.kubectl scale deployment web --replicas=5
C.kubectl resize deployment web --replicas=5
D.kubectl autoscale deployment web --replicas=5
AnswerB

This is the correct syntax.

Why this answer

The correct command is 'kubectl scale deployment web --replicas=5'.

5
MCQmedium

Which field in a HorizontalPodAutoscaler spec defines the target CPU utilization percentage?

A.spec.behavior
B.spec.metrics[0].resource.target.averageUtilization
C.spec.maxReplicas
D.spec.targetCPUUtilizationPercentage
AnswerD

Correct. In autoscaling/v1 HPA, this field sets the CPU target.

Why this answer

The targetCPUUtilizationPercentage field in the HPA spec (for autoscaling/v1) or in the metric spec (for autoscaling/v2) defines the CPU target.

6
MCQmedium

You are performing a rolling update of a Deployment. You set maxSurge=2 and maxUnavailable=1. The Deployment has 5 replicas. During the update, how many pods can be running simultaneously?

A.7
B.6
C.10
D.5
AnswerA

5 desired + 2 surge = 7 maximum running pods.

Why this answer

With maxSurge=2, up to 2 extra pods can be created above the desired 5. With maxUnavailable=1, at most 1 pod can be unavailable. So the total running can be up to 5 + 2 = 7.

7
MCQeasy

You have a Deployment with the following strategy: type: Recreate. What happens when you update the pod template?

A.Old pods are terminated first, then new pods are created
B.New pods are created first, then old pods are terminated
C.Pods are updated in-place without termination
D.The update is rejected because Recreate is not a valid strategy
AnswerA

Correct for Recreate strategy.

Why this answer

The Recreate strategy in a Kubernetes Deployment first terminates all existing Pods before creating new ones. When the pod template is updated, the Deployment controller scales down the ReplicaSet to 0 replicas, waits for all Pods to terminate, then scales up the new ReplicaSet to the desired number of replicas. This ensures zero overlap between old and new Pods, which is useful for workloads that cannot run concurrently.

Exam trap

The trap here is that candidates confuse Recreate with RollingUpdate, assuming new Pods are always created first to minimize downtime, but Recreate deliberately sacrifices availability for safety by terminating all old Pods before starting new ones.

How to eliminate wrong answers

Option B is wrong because it describes the RollingUpdate strategy, where new Pods are created first and old Pods are terminated gradually to maintain availability. Option C is wrong because Kubernetes Pods are immutable; updates to the pod template always require Pod recreation, not in-place updates. Option D is wrong because Recreate is a valid and documented Deployment strategy type in Kubernetes, explicitly supported in the apps/v1 API.

8
MCQhard

You are using Kustomize with a base and an overlay. The base sets a Deployment's replicas to 3. The overlay sets replicas to 5 using a patch. What is the final replica count after running 'kubectl apply -k overlay/'?

A.5
B.The result depends on the merge order
C.8
D.3
AnswerA

Overlay patch overrides base.

Why this answer

In Kustomize, overlays override base values. The patch sets replicas to 5, so the final count is 5. Option C is correct.

Option A is the base value. Option B sums them? Not correct. Option D random.

9
MCQeasy

Which Helm command installs a chart from a repository?

A.helm deploy <release-name> <chart>
B.helm install <release-name> <chart>
C.helm create <release-name> <chart>
D.helm run <release-name> <chart>
AnswerB

This is the correct syntax to install a chart.

Why this answer

The correct command is 'helm install <release-name> <chart-name> --repo <repo-url>' or simply 'helm install <release-name> <repo>/<chart>'. The simplest form is 'helm install <release-name> <chart-name>' if the chart is in a local repo or added repo.

10
MCQmedium

You have installed a Helm chart for 'wordpress' using 'helm install my-wordpress bitnami/wordpress'. Later, you want to check the status of the release. Which command lists the status of all releases?

A.helm list
B.helm status my-wordpress
C.helm history my-wordpress
D.helm show status
AnswerA

This lists all Helm releases in the current namespace, including their status.

Why this answer

Option B is correct: 'helm list' lists all releases in the current namespace. Option A only shows the status of a specific release. Option C shows revision history of a release.

Option D is not a valid Helm command.

11
MCQmedium

Which kubectl command can you use to pause a rolling update of a Deployment?

A.kubectl rollout pause deployment/my-deployment
B.kubectl rollout suspend deployment/my-deployment
C.kubectl rollout stop deployment/my-deployment
D.kubectl rollout halt deployment/my-deployment
AnswerA

This command pauses the rolling update.

Why this answer

'kubectl rollout pause deployment/<name>' pauses the rollout, preventing further changes until resumed.

12
MCQhard

A developer wants to perform a canary deployment where 10% of traffic goes to a new version (v2) of an application. They create two Deployments (app-v1 and app-v2) and a Service. The Service selector is configured to match labels: 'app: myapp, version: v1'. How can they route 10% of traffic to v2 with minimal changes?

A.Use kubectl rollout pause on the v2 Deployment.
B.Set the v2 Deployment's spec.replicas to 10% of the total replicas and keep the Service selector unchanged.
C.Change the Service selector to 'app: myapp' (remove version label) and set v1 replicas to 9 and v2 replicas to 1.
D.Add a NetworkPolicy to limit traffic to v2 pods to 10%.
AnswerC

Correct. This makes the Service select both versions, and the replica ratio achieves 10% traffic to v2.

Why this answer

By adding the label 'version: v1' to only a subset of v2 pods, the Service will include them. But the correct approach is to modify the Service selector to match both versions and then scale the Deployments accordingly. However, the simplest method is to adjust the replica counts: if v1 has 9 replicas and v2 has 1 replica, and the Service selects both, traffic will be distributed roughly 90/10.

13
MCQmedium

A company wants to deploy a stateful database on Kubernetes. The database requires stable network identities and persistent storage per pod. Which resource should be used?

A.Job
B.StatefulSet
C.Deployment
D.DaemonSet
AnswerB

StatefulSet provides stable network identities and persistent storage.

Why this answer

StatefulSet is the correct resource because it provides stable, unique network identities (via headless Services and ordinal pod names like `db-0`, `db-1`) and persistent storage per pod (via PersistentVolumeClaims that are retained across rescheduling). This matches the requirement for a stateful database where each pod must maintain its identity and data independently.

Exam trap

The trap here is that candidates often choose Deployment because they associate it with scaling and rolling updates, but they overlook the critical need for stable network identities and per-pod persistent storage, which only StatefulSet provides.

How to eliminate wrong answers

Option A is wrong because a Job is designed for batch processing or one-off tasks, not for long-running stateful workloads that require stable identities and persistent storage. Option C is wrong because a Deployment creates pods with random, ephemeral names and does not guarantee stable network identities or per-pod persistent storage; it is suited for stateless applications. Option D is wrong because a DaemonSet ensures one pod per node, typically for node-level services like logging or monitoring, and does not provide ordered deployment, stable identities, or per-pod persistent storage for a database.

14
MCQmedium

You have a Deployment with replicas: 5 and update strategy type: RollingUpdate with maxSurge: 25% and maxUnavailable: 25%. During a rolling update, what is the maximum number of pods that can be unavailable at any given time?

A.2
B.5
C.1
D.0
AnswerC

25% of 5 is 1.25, which rounds up to 1 (Kubernetes rounds up).

Why this answer

With replicas=5 and maxUnavailable=25% (which rounds up to 1), at most 1 pod can be unavailable during the update.

15
MCQhard

Which of the following is a correct Kustomize kustomization.yaml configuration for setting an image tag to 'v2'?

A.images: - name: my-app newName: v2
B.images: - name: my-app newTag: v2
C.patches: - target: kind: Deployment patch: |- - op: replace path: /spec/template/spec/containers/0/image value: my-app:v2
D.imageTag: - name: my-app tag: v2
AnswerB

This correctly sets the image tag to v2.

Why this answer

Option A is correct: in Kustomize, images are patched using the 'images' field with 'newTag'. Option B uses 'newName' which changes the image name, not tag. Option C is incorrect syntax.

Option D is not a valid field.

16
Multi-Selecthard

Which TWO of the following are correct methods to implement a canary deployment using Kubernetes resources?

Select 2 answers
A.Use a Deployment with 'strategy.type: Canary' in the spec.
B.Create two Services and use a header-based routing to send specific users to canary.
C.Create two Deployments (stable and canary) with a shared Service that selects both based on a common label. Initially, canary has 1 replica while stable has many. Gradually increase canary replicas.
D.Create two separate Services, one for stable and one for canary, and use DNS to route a percentage of traffic.
E.Use an Ingress controller that supports traffic splitting (like Nginx Ingress with canary annotation) to route a percentage of requests to the canary Deployment.
AnswersC, E

This is a standard canary pattern using a single Service.

Why this answer

Option A is correct: run two versions with a Service that distributes traffic, initially 1 green pod. Option C is correct: use an ingress with traffic splitting based on weight (if supported). Option B is incorrect because canary typically uses a single Service.

Option D is incorrect because canary does not involve a separate service for each user. Option E is incorrect because canary is not based on annotations.

17
Multi-Selecthard

Which TWO of the following conditions must be met for a RollingUpdate to proceed?

Select 2 answers
A.The new pod must pass its readiness probe
B.The number of unavailable pods must not exceed maxUnavailable
C.The new ReplicaSet must have the desired number of pods
D.The old ReplicaSet must be scaled to zero
E.The old ReplicaSet must be deleted
AnswersA, B

A pod must be Ready before the rollout updates more pods.

Why this answer

A is correct because during a RollingUpdate, the new pod must pass its readiness probe before the old pod is terminated. This ensures the new pod is capable of serving traffic, preventing service disruption. The readiness probe is checked by the kubelet, and only when it succeeds does the ReplicaSet controller proceed with the update.

Exam trap

The trap here is that candidates often confuse the conditions for a RollingUpdate to proceed with the final state of the update, mistakenly thinking the old ReplicaSet must be scaled to zero or deleted, when in fact the update proceeds incrementally and the old ReplicaSet is only scaled down as new pods become ready.

18
Multi-Selectmedium

A team is deploying a multi-container pod with a main application container and a sidecar container for logging. Which THREE statements about pod design are correct?

Select 3 answers
A.Containers in a pod share the same filesystem root.
B.Containers in a pod share the same network namespace.
C.Containers in a pod can share the same volume mounts.
D.The sidecar container must use the same image as the main container.
E.The sidecar container should be designed to not block the main container from starting.
AnswersB, C, E

They share IP and port space.

Why this answer

Option B is correct because containers within the same Kubernetes pod share the same network namespace, including the same IP address and port space. This allows them to communicate via localhost and share network resources, which is essential for sidecar patterns like logging agents that need to intercept or monitor the main container's traffic.

Exam trap

CNCF often tests the misconception that containers in a pod share the same filesystem root, but in reality they only share volumes via explicit mounts, not the entire root filesystem.

19
MCQeasy

Which command is used to rollback a Deployment to the previous revision?

A.kubectl rollout undo deployment my-deployment
B.kubectl rollout redo deployment my-deployment
C.kubectl rollout revert deployment my-deployment
D.kubectl rollout history deployment my-deployment
AnswerA

Correct command.

Why this answer

Option A is correct: 'kubectl rollout undo deployment my-deployment'. Option B rolls forward? Option C is not valid. Option D is for history.

20
MCQeasy

During a rolling update, you want to ensure that at most 2 pods are unavailable at any time. Which field should you set in the Deployment spec?

A.spec.strategy.type: Recreate
B.spec.replicas: 2
C.spec.strategy.rollingUpdate.maxSurge: 2
D.spec.strategy.rollingUpdate.maxUnavailable: 2
AnswerD

maxUnavailable controls the maximum number of pods that can be unavailable during the update.

Why this answer

maxUnavailable defines the maximum number of pods that can be unavailable during a rolling update. Setting it to 2 ensures at most 2 pods are unavailable at any time.

21
MCQeasy

A developer wants to deploy a stateless application as a set of identical pods. They need the pods to be distributed across nodes and have stable network identities. Which resource should they use?

A.Job
B.Deployment
C.DaemonSet
D.StatefulSet
AnswerB

Deployments manage stateless pods with rolling updates and scale.

Why this answer

A Deployment is the correct choice for a stateless application that needs identical pods distributed across nodes. It manages a ReplicaSet to ensure the desired number of replicas, supports rolling updates, and provides stable network identities via a headless Service or a regular Service, but the pods themselves do not require stable identities—only the Service provides a stable endpoint. For stateless workloads, Deployments are the standard resource.

Exam trap

The trap here is that candidates confuse 'stable network identities' with the need for a StatefulSet, but for stateless applications, a Deployment combined with a regular Service provides stable endpoints via the Service, not per-pod identities, making Deployment the correct choice.

How to eliminate wrong answers

Option A is wrong because a Job is designed for batch processing or one-time tasks, not for running a continuously serving stateless application with multiple identical pods. Option C is wrong because a DaemonSet ensures exactly one pod per node, which is used for node-level services (e.g., logging, monitoring) and does not distribute pods arbitrarily across nodes for scaling. Option D is wrong because a StatefulSet is intended for stateful applications requiring stable, unique network identities and persistent storage, which is unnecessary for a stateless application.

22
Multi-Selecteasy

A developer is creating a Deployment with 4 replicas. The application requires a rolling update with zero downtime. Which TWO strategies ensure zero downtime during an update?

Select 2 answers
A.Set maxSurge=1
B.Set maxUnavailable=1
C.Use Recreate strategy
D.Set maxUnavailable=0
E.Set maxSurge=0
AnswersA, D

Allows one extra pod to be created first.

Why this answer

Option A is correct because setting maxSurge=1 allows Kubernetes to spin up one new Pod before terminating any old Pod during a rolling update. This ensures that the total number of available Pods never drops below the desired replica count, maintaining service capacity and achieving zero downtime.

Exam trap

The trap here is that candidates often confuse maxSurge and maxUnavailable, thinking that allowing one Pod to be unavailable (maxUnavailable=1) is safe, but in a strict zero-downtime requirement, even a single unavailable Pod can cause capacity loss if the application cannot tolerate reduced replicas.

23
MCQmedium

A Deployment is configured with strategy type 'Recreate'. What happens during an update to the pod template?

A.Old pods are terminated and then new pods are created
B.New pods are created before old ones are terminated
C.Pods are updated in place
D.The update is paused until manual approval
AnswerA

That is the Recreate strategy.

Why this answer

The Recreate strategy first terminates all existing pods, then creates new pods. This ensures that only one version is running at a time, but causes downtime.

24
MCQeasy

You need to perform a rolling update of a Deployment named 'web-app' with a new image version. Which command should you use?

A.kubectl edit deployment web-app
B.kubectl replace -f web-app.yaml
C.kubectl set image deployment/web-app app=nginx:1.21
D.kubectl rollout restart deployment/web-app
AnswerC

This command updates the container image directly.

Why this answer

The 'kubectl set image' command updates the image of a Deployment's containers. Option A is correct.

25
MCQmedium

You have a Helm release named 'my-app' that you want to revert to revision 3. Which command accomplishes this?

A.helm undo my-app --revision 3
B.helm rollback my-app 3
C.helm revert my-app 3
D.helm upgrade my-app --revision 3
AnswerB

This rolls back the release to revision 3.

Why this answer

The correct command is 'helm rollback my-app 3'.

26
MCQmedium

You have a Deployment named 'frontend' with 4 replicas. You want to perform a rolling update with the following constraints: the number of pods above the desired count should never exceed 1, and the number of unavailable pods should never exceed 0. Which deployment strategy configuration achieves this?

A.strategy: rollingUpdate: {maxSurge: 2, maxUnavailable: 0}
B.strategy: rollingUpdate: {maxSurge: 25%, maxUnavailable: 25%}
C.strategy: rollingUpdate: {maxSurge: 1, maxUnavailable: 0}
D.strategy: type: Recreate
AnswerC

maxSurge=1 allows at most one additional pod above the desired count; maxUnavailable=0 ensures all original pods remain available during the update.

Why this answer

Option B is correct: maxSurge=1 ensures at most one extra pod above the desired count, and maxUnavailable=0 ensures no pods are unavailable during the update. Option A allows up to 25% surge and 25% unavailable. Option C allows up to 2 extra pods.

Option D uses Recreate strategy which is not rolling.

27
MCQhard

You are using Kustomize with the following structure: a base with a Deployment YAML, and an overlay that patches the image tag. The overlay's kustomization.yaml contains: 'patches: - target: kind: Deployment, name: myapp, patch: |- ...'. After running 'kubectl apply -k ./overlay', the Deployment is created but the image tag is not updated. What is the most likely cause?

A.The base Deployment has a different name than 'myapp'
B.The image tag is defined in the base and cannot be overridden
C.You need to run 'kustomize build' first
D.The overlay is not referencing the base correctly
AnswerA

If the base Deployment's name is not 'myapp', the patch target will not match, and the patch will not be applied.

Why this answer

The most common issue is that the patch is not matching the Deployment's name or kind correctly. The target's name must match exactly, or the patch may not be applied. Also, the patch format (strategic merge or JSON patch) must be correct.

But the most likely cause is that the patch is not being applied because the patch target does not match the resource.

28
MCQmedium

During a rolling update of a Deployment with 10 replicas, you set maxSurge to 3 and maxUnavailable to 2. What is the maximum number of pods that can be unavailable during the update?

A.5
B.3
C.2
D.10
AnswerC

Directly from maxUnavailable.

Why this answer

maxUnavailable: 2 means at most 2 pods can be unavailable. Option B is correct.

29
MCQmedium

A HorizontalPodAutoscaler (HPA) is configured to scale a Deployment based on CPU utilization. The target CPU utilization percentage is set to 80%. The current CPU utilization is 90%. What will the HPA do?

A.Delete the pod with the highest CPU usage
B.Scale up the number of replicas
C.Do nothing because 90% is within acceptable range
D.Scale down the number of replicas
AnswerB

The HPA will scale up to reduce CPU utilization.

Why this answer

The HPA will increase the number of replicas to bring CPU utilization down towards 80%. The exact new replicas depends on the metric, but generally it scales up.

30
Drag & Dropmedium

Arrange the steps to create a PersistentVolumeClaim and use it in a Pod.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Create PVC first, ensure it's bound, then define Pod with volume referencing PVC.

31
MCQhard

You want to perform a canary deployment of a new version of your application. You create a Deployment named 'app-canary' with 1 replica and label 'version: canary'. The existing stable Deployment 'app-stable' has 3 replicas and label 'version: stable'. Both Deployments have the selector 'app: myapp'. You have a Service 'app-service' with selector 'app: myapp, track: stable'. How can you route traffic to the canary?

A.Use a different Service for canary with selector 'app: myapp, track: canary' and keep the original Service unchanged
B.Add label 'track: canary' to the canary pod template and set the Service selector to 'app: myapp, track: canary'
C.Modify the Service selector to 'app: myapp' and rely on the 'version' label to differentiate
D.Change the canary Deployment's selector to 'version: canary' and update the Service selector to include 'version: canary'
AnswerB

This routes traffic only to the canary pods via the Service.

Why this answer

To route traffic to the canary, the Service's selector must match the canary pod's labels. Option C adds a label 'track: canary' to the canary pods and updates the Service selector to 'app: myapp, track: canary'. However, this would remove the stable pods from the Service.

A better approach is to create a separate Service or use a more sophisticated selector. But among the options, C correctly updates both the pods and Service to match.

32
MCQmedium

When using 'kubectl apply' vs 'kubectl create', which statement is correct?

A.'kubectl create' will update a resource if it already exists
B.'kubectl apply' can create or update resources; 'kubectl create' only creates and fails if resource exists
C.'kubectl apply' and 'kubectl create' are interchangeable
D.'kubectl apply' can only create resources, not update them
AnswerB

This is accurate.

Why this answer

'kubectl apply' is declarative; it creates or updates resources based on the provided manifest. 'kubectl create' is imperative and will fail if the resource already exists.

33
MCQeasy

Which kubectl command is used to view the rollout history of a Deployment?

A.kubectl rollout history deployment my-deployment --revision=2
B.kubectl rollout list deployment my-deployment
C.kubectl rollout history deployment my-deployment
D.kubectl rollout status deployment my-deployment
AnswerC

Correct command to view rollout history.

Why this answer

The correct command is 'kubectl rollout history deployment <deployment-name>'. Option A is correct. Option B is for viewing rollout status.

Option C is not valid. Option D is for specific revision details.

34
MCQmedium

You have a Deployment named 'web-app' with 5 replicas. You want to perform a rolling update with a maximum of 2 extra pods during the update and allow at most 1 pod to be unavailable. Which YAML snippet correctly configures the rolling update strategy?

A.strategy: type: RollingUpdate rollingUpdate: maxSurge: 3 maxUnavailable: 0
B.strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 2
C.strategy: type: RollingUpdate rollingUpdate: maxSurge: "50%" maxUnavailable: "20%"
D.strategy: type: RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 1
AnswerD

Correct values: maxSurge=2 allows up to 7 pods; maxUnavailable=1 allows 1 pod down.

Why this answer

Option A correctly sets maxSurge to 2 and maxUnavailable to 1. maxSurge specifies the maximum number of pods that can be created above the desired replicas (5+2=7). maxUnavailable specifies the maximum number of pods that can be unavailable during the update (1).

35
MCQmedium

You are responsible for deploying a critical application that must be highly available. The application consists of a single pod that should always be running on a node that has an SSD. You have two node pools: one with standard HDD and one with SSD. The application must be rescheduled immediately if the node fails. You create a Deployment with replicas: 1 and a nodeSelector for the SSD label. However, after a node failure, the pod is not rescheduled on another SSD node for several minutes. You check the Deployment and it shows the desired replica count is 1 but the current replica count is 0. What is the most likely reason for the delay?

A.The Deployment's progressDeadlineSeconds is set too high
B.The application's readiness probe is failing on the new node
C.The pod is in Terminating state on the failed node and the ReplicaSet waits for it to be fully deleted
D.The nodeSelector is preventing the pod from being scheduled on available SSD nodes
AnswerC

Until the pod is confirmed deleted, ReplicaSet may not create a replacement immediately.

Why this answer

Option C is correct because when a node fails, the pod on that node enters the Terminating state (as the kubelet is unreachable to confirm deletion). The ReplicaSet controller waits for the pod to be fully deleted before creating a replacement, due to the default terminationGracePeriodSeconds (30s) plus the node failure detection time (up to node-monitor-grace-period, default 40s). This delay is compounded by the pod's status not being updated until the node controller marks the node as unreachable, causing the ReplicaSet to not immediately create a new pod.

Exam trap

The trap here is that candidates often assume a Deployment with replicas: 1 will immediately create a new pod upon node failure, but they overlook the pod's Terminating state and the ReplicaSet's dependency on pod deletion before creating a replacement, which is a common source of delay in real-world scenarios.

How to eliminate wrong answers

Option A is wrong because progressDeadlineSeconds controls the maximum time for a Deployment to make progress (e.g., rolling out new pods), not the speed of rescheduling after a node failure; it does not affect the ReplicaSet's behavior when a pod is stuck in Terminating. Option B is wrong because a readiness probe failing would cause the pod to be marked as not ready but would not prevent the ReplicaSet from creating a new pod; the issue is that no new pod is created at all, not that it fails readiness checks. Option D is wrong because the nodeSelector for SSD is correctly configured and would not prevent scheduling on available SSD nodes; the problem is that the ReplicaSet is not attempting to schedule a new pod due to the Terminating state, not that scheduling fails.

36
MCQmedium

You have a Deployment named 'web-app' with 5 replicas. You run 'kubectl set image deployment/web-app app=nginx:1.21'. What is the effect of this command?

A.It scales the Deployment to 0 replicas and then scales back up.
B.It immediately terminates all running pods and creates new ones with the new image.
C.It creates a new Deployment with the updated image.
D.It updates the image of the container named 'app' to nginx:1.21, triggering a rolling update.
AnswerD

kubectl set image updates the image for a container in a Deployment, initiating a rolling update if the strategy is RollingUpdate.

Why this answer

The command updates the image of the container named 'app' to nginx:1.21, triggering a rolling update of the Deployment.

37
MCQeasy

What is the purpose of the 'kubectl rollout status' command?

A.To roll back a deployment
B.To check the current status of a rollout
C.To view the rollout history
D.To pause a rollout
AnswerB

It shows whether the rollout succeeded or is still in progress.

Why this answer

The command 'kubectl rollout status' tracks the progress of a rollout until it completes or fails.

38
Multi-Selecthard

Which THREE of the following are valid kubectl commands for managing rollouts? (Select 3)

Select 3 answers
A.kubectl rollout status deployment/myapp
B.kubectl rollout diff deployment/myapp
C.kubectl rollout history deployment/myapp
D.kubectl rollout restart deployment/myapp
E.kubectl rollout pause deployment/myapp
AnswersA, C, E

Shows rollout status.

Why this answer

kubectl rollout commands: status, history, undo, pause, resume.

39
Multi-Selecthard

Which THREE statements correctly describe Kustomize? (Select THREE.)

Select 3 answers
A.Kustomize uses a kustomization.yaml file to define customization rules.
B.Kustomize can only be used with Helm charts.
C.Kustomize requires a separate server component to run.
D.Kustomize supports strategic merge patches and JSON patches.
E.kubectl apply -k <directory> is used to apply Kustomize overlays.
AnswersA, D, E

Yes, kustomization.yaml is the core file.

Why this answer

Kustomize is a configuration management tool. It can patch resources, is built into kubectl via -k, and uses a kustomization.yaml file. It does not require a separate server.

40
Multi-Selectmedium

Which TWO options are valid annotations for a Pod?

Select 2 answers
A.version: v1
B.pod-template-hash: 12345
C.environment: production
D.description: 'This pod runs the frontend'
E.app.kubernetes.io/name: myapp
AnswersD, E

Correct. Annotations can contain descriptive information.

Why this answer

Annotations are key-value pairs that can contain any non-identifying metadata. They are not used for selection.

41
Multi-Selecteasy

Which TWO kubectl commands can be used to view the rollout history of a Deployment named 'web-app'?

Select 2 answers
A.kubectl describe deployment web-app
B.kubectl rollout status deployment web-app
C.kubectl rollout history deployment web-app
D.kubectl rollout history deployment web-app --revision=2
E.kubectl get rollout web-app
AnswersC, D

Displays rollout history with revision numbers.

Why this answer

Option A uses 'kubectl rollout history' which is correct. Option B uses 'kubectl describe deployment' which shows details but not revision history. Option C uses 'kubectl rollout status' which shows current status but not history.

Option D incorrectly uses 'rollout history' with a subcommand. Option E uses 'kubectl get rollout' which is not a valid resource.

42
MCQmedium

You want to update a Deployment's image from nginx:1.20 to nginx:1.21. Which command will perform a rolling update?

A.kubectl create deployment my-deployment --image=nginx:1.21
B.kubectl apply -f deployment.yaml
C.kubectl set image deployment/my-deployment nginx=nginx:1.21
D.kubectl edit deployment my-deployment
AnswerC

This command directly sets the new image and triggers a rolling update.

Why this answer

The correct command to update a Deployment's image and trigger a rolling update is 'kubectl set image deployment/my-deployment nginx=nginx:1.21'.

43
MCQmedium

A Deployment has been updated with a new image. After running 'kubectl rollout status deployment/myapp', you see that the rollout has stalled. You want to undo the rollout to the previous revision. What command do you run?

A.kubectl rollout restart deployment/myapp
B.kubectl rollout undo deployment/myapp
C.kubectl delete deployment/myapp --cascade=orphan
D.kubectl set image deployment/myapp app=old-image
AnswerB

This undoes the last rollout to the previous revision.

Why this answer

The 'kubectl rollout undo deployment/myapp' command reverts the deployment to the previous revision.

44
MCQmedium

You are performing a blue-green deployment. You have two Deployments: 'app-blue' and 'app-green', each with 5 replicas. Both are labeled with 'app: myapp'. The Service 'myapp-svc' selects pods with 'app: myapp' and 'version: blue'. After deploying the new version to 'app-green' and verifying it, what change is required to switch traffic to the green deployment?

A.Update the label on app-green pods to 'version: blue'
B.Update the Service selector to 'version: green'
C.Scale down app-blue to 0 replicas
D.Delete app-blue deployment
AnswerB

Changes the service to target green pods.

Why this answer

To switch traffic to green, update the Service's selector to 'version: green'. Option D is correct.

45
MCQhard

Your Deployment is stuck during rollout, and you want to investigate. Which command pauses the rollout and allows you to check the current state?

A.kubectl rollout resume deployment my-deployment
B.kubectl rollout status deployment my-deployment
C.kubectl rollout pause deployment my-deployment
D.kubectl rollout stop deployment my-deployment
AnswerC

Pauses the rollout to investigate.

Why this answer

Option A pauses the rollout. Then you can run 'kubectl rollout status' to see the state. Option B resumes.

Option C is not a command. Option D is not for pausing.

46
MCQeasy

You have a YAML file 'deploy.yaml' that defines a Deployment. Which command creates the Deployment if it does not exist, or updates it if it already exists?

A.kubectl replace -f deploy.yaml
B.kubectl patch -f deploy.yaml
C.kubectl create -f deploy.yaml
D.kubectl apply -f deploy.yaml
AnswerD

This creates the resource if it does not exist, or updates it if it does, using the declarative approach.

Why this answer

Option B is correct: 'kubectl apply' creates or updates resources declaratively. Option A ('create') fails if the resource exists. Option C ('replace') requires the resource to exist.

Option D ('patch') modifies an existing resource but is not idempotent like apply.

47
MCQeasy

You want to scale a Deployment named 'frontend' to 5 replicas. Which command should you use?

A.kubectl set replicas deployment frontend=5
B.kubectl update deployment frontend --replicas=5
C.kubectl scale deployment frontend --replicas=5
D.kubectl scale --replicas=5 frontend
AnswerC

Correct.

Why this answer

'kubectl scale deployment frontend --replicas=5' is the correct imperative command.

48
MCQmedium

A company wants to ensure zero-downtime deployments for a stateless web application running in Kubernetes. They have a single Deployment with 3 replicas and a Service of type LoadBalancer. Which strategy should they use to achieve this?

A.Use Recreate strategy
B.Use RollingUpdate with maxSurge=100% and maxUnavailable=100%
C.Use RollingUpdate with maxSurge=25% and maxUnavailable=0
D.Use RollingUpdate with maxSurge=0 and maxUnavailable=25%
AnswerC

RollingUpdate with maxUnavailable=0 ensures no pods are taken down before new ones are ready, providing zero-downtime.

Why this answer

Option C is correct because a RollingUpdate strategy with maxSurge=25% and maxUnavailable=0 ensures that during a deployment, the desired number of replicas is always available (no downtime). maxUnavailable=0 means no old Pods are terminated until new ones are ready, and maxSurge=25% allows one extra Pod (25% of 3 replicas = 0.75, rounded up to 1) to be created before terminating old ones, maintaining capacity for zero-downtime updates.

Exam trap

The trap here is that candidates often confuse maxSurge and maxUnavailable, thinking that allowing some unavailability (e.g., maxUnavailable=25%) is acceptable for zero-downtime, but in Kubernetes, zero-downtime strictly requires maxUnavailable=0 to ensure no Pods are terminated before replacements are ready.

How to eliminate wrong answers

Option A is wrong because the Recreate strategy terminates all existing Pods before creating new ones, causing downtime during the update. Option B is wrong because maxSurge=100% and maxUnavailable=100% allows all Pods to be replaced simultaneously, which can cause a temporary loss of service if readiness probes fail or new Pods take time to become ready, violating zero-downtime requirements. Option D is wrong because maxSurge=0 and maxUnavailable=25% means no new Pods are created until old ones are terminated, reducing available capacity by 25% (1 Pod) during the update, which can cause downtime if traffic exceeds remaining capacity.

49
MCQmedium

You need to scale a Deployment named 'api' to 10 replicas. Which command works?

A.kubectl set replicas deployment/api 10
B.kubectl scale --replicas=10 deployment/api
C.kubectl scale deployment api --replicas=10
D.kubectl edit deployment api --replicas=10
AnswerC

Correct command.

Why this answer

kubectl scale can scale a deployment. Option A is correct.

50
MCQmedium

A Deployment is configured with strategy type 'Recreate'. Which statement about this strategy is true?

A.It creates a new ReplicaSet but does not scale down the old one.
B.It updates Pods by gradually terminating old Pods and creating new ones.
C.It terminates all existing Pods before creating new Pods.
D.It first creates new Pods and then terminates old Pods.
AnswerC

Correct. All old Pods are killed before new ones are created.

Why this answer

Recreate terminates all existing Pods before creating new ones, causing downtime.

51
MCQeasy

Which kubectl command is used to view the rollout status of a Deployment named 'web-app'?

A.kubectl rollout history deployment web-app
B.kubectl describe deployment web-app
C.kubectl status deployment web-app
D.kubectl rollout status deployment web-app
AnswerD

This is the correct command to view rollout status.

Why this answer

The command 'kubectl rollout status deployment web-app' displays the current status of the rollout, including whether it is complete or progressing.

52
Multi-Selectmedium

Which of the following are valid methods to perform a blue-green deployment? (Choose TWO)

Select 2 answers
A.Create two Deployments for blue and green, and update the Service selector to point to the new version
B.Create a single Deployment and update the pod labels to match the Service selector
C.Use a single Deployment and change the container image, then perform a rolling update
D.Use an Ingress resource to route traffic to different Services, each backing a different version
E.Delete the old Deployment and create a new one
AnswersA, D

Classic blue-green with Service selector.

Why this answer

Options A and D are valid blue-green strategies. Option A uses two Deployments and a Service selector switch. Option D uses a single Deployment with label update but that requires careful orchestration; it's not typical blue-green.

Actually, typical blue-green uses two separate Deployments. Option A and D? Let me correct: Option A is correct. Option C is using an Ingress, which can also be used for blue-green.

But standard is A and C? The question expects two correct. Let me set: Option A and Option D are correct? I'll adjust. Actually, a common blue-green is with two Deployments and changing Service selector (A) or using an Ingress to route (C).

Option D is not standard. I'll fix the response.

53
MCQeasy

A Deployment has 3 replicas. You run 'kubectl scale deployment mydeploy --replicas=5'. What happens?

A.The command fails because you must edit the YAML directly.
B.A new Deployment is created with 5 replicas.
C.The Deployment is updated to have 5 replicas, and the ReplicaSet creates 2 additional pods.
D.The current ReplicaSet is deleted and a new one is created with 5 replicas.
AnswerC

The scale command changes the desired replicas field. The existing ReplicaSet will create new pods to match the desired count.

Why this answer

Option A is correct: the command scales the Deployment to 5 replicas. Option B is incorrect because the command is valid. Option C is incorrect because ReplicaSet is managed by Deployment.

Option D is incorrect; no new Deployment is created.

54
MCQhard

You have a Helm chart that deploys a web application. You want to conditionally include a ConfigMap in the release based on a value 'config.enabled'. Which template syntax correctly implements this?

A.{% if .Values.config.enabled %} (ConfigMap YAML) {% endif %}
B.{{- if .Values.config.enabled }} (ConfigMap YAML) {{- end }}
C.{{- when .Values.config.enabled }} (ConfigMap YAML) {{- end }}
D.{{- if .Values.config.enabled }} (ConfigMap YAML) {{- end }}
AnswerB

Correct Helm syntax.

Why this answer

Option D uses the correct Helm template syntax: '{{- if .Values.config.enabled }}' to conditionally include content. Option A uses Python-style syntax. Option B is close but missing the if statement.

Option C uses an invalid 'when' statement.

55
MCQhard

A canary deployment is being implemented using two Deployments (stable and canary) and a Service. The Service's label selector has two entries: 'app: myapp' and 'version: stable'. Initially, the canary Deployment's pods have label 'version: canary'. To route a small percentage of traffic to the canary, what should you do?

A.Update the Service's selector to include both 'version: stable' and 'version: canary'
B.Change the canary Deployment's pod template labels to also include 'version: stable' so that the Service selects them
C.Use a NetworkPolicy to allow traffic to the canary
D.Create a new Service that points to both Deployments
AnswerB

By adding the label 'version: stable' to the canary pods, they will be selected by the Service. Since the canary has fewer replicas, it will receive a proportionally smaller amount of traffic.

Why this answer

The Service currently selects only pods with 'version: stable'. To route some traffic to canary, you need the canary pods to also be selected by the Service. You can change the canary pods' 'version' label to 'stable' (or add an additional label), or modify the Service selector to include both versions.

However, the simplest approach is to update the canary Deployment's pod template labels to include 'version: stable' so that both Deployments have the same label, but the canary has a smaller number of replicas. Alternatively, you can use a Service Mesh like Istio for fine-grained traffic splitting. But among the options, updating the canary pod labels to match the Service selector is a common technique.

56
Multi-Selectmedium

Which TWO statements about Kustomize are true?

Select 2 answers
A.Kustomize can be used to perform canary deployments.
B.Kustomize supports overlays that allow different configurations for different environments.
C.Kustomize requires Helm to manage dependencies.
D.Kustomize uses a file named kustomization.yaml to define resources and customizations.
E.Kustomize can only be used with kubectl apply -k.
AnswersB, D

Correct. Overlays modify base configurations for different contexts.

Why this answer

Kustomize supports overlays, which are layered patches applied on top of a base configuration. This allows you to define a common base set of Kubernetes resources and then use different overlay directories (e.g., dev, staging, prod) to customize settings like replicas, image tags, or namespaces for each environment without duplicating the entire manifest.

Exam trap

CNCF often tests the misconception that Kustomize is a deployment strategy tool (like for canaries) rather than a configuration customization tool, and that it is tightly coupled to kubectl or Helm, when in fact it is a standalone declarative customization engine.

57
MCQeasy

Which kubectl command can be used to see the rollout status of a Deployment named 'web-app'?

A.kubectl rollout history deployment web-app
B.kubectl describe deployment web-app
C.kubectl status deployment web-app
D.kubectl rollout status deployment web-app
AnswerD

Correct command to view rollout status.

Why this answer

The correct command is 'kubectl rollout status deployment web-app'. This shows the status of the rollout.

58
Multi-Selectmedium

Which TWO statements about kubectl apply vs kubectl create are correct? (Select two)

Select 2 answers
A.kubectl create can update existing resources if the --force flag is used
B.kubectl apply only works with Deployments
C.kubectl apply can update existing resources; kubectl create will error if resource exists
D.kubectl create can be used to update resources by providing the full YAML
E.kubectl apply maintains a last-applied-configuration annotation; kubectl create does not
AnswersC, E

Correct.

Why this answer

kubectl apply can be used to update resources (declarative), while kubectl create is imperative and will error if resource exists. Option A and E are correct.

59
MCQeasy

Which of the following is the correct way to scale a Deployment named 'api' to 5 replicas using kubectl?

A.kubectl scale deployment api --replicas=5
B.kubectl scale deploy api 5
C.kubectl update deployment api --replicas=5
D.kubectl set replicas deployment api 5
AnswerA

Correct syntax.

Why this answer

'kubectl scale deployment api --replicas=5' is the correct command to scale a Deployment.

60
MCQmedium

A Deployment named 'web-app' has 4 replicas. You need to perform a rolling update with a maxSurge of 50% and maxUnavailable of 25%. Which YAML snippet configures this correctly?

A.strategy: rollingUpdate: surge: 50% unavailable: 25%
B.strategy: rollingUpdate: maxSurge: 50% maxUnavailable: 25%
C.strategy: rollingUpdate: maxSurge: 2 maxUnavailable: 1
D.strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 50%
AnswerB

Correctly sets maxSurge=50% and maxUnavailable=25%.

Why this answer

Option A sets maxSurge to 50% (2 pods) and maxUnavailable to 25% (1 pod), matching the requirement. Option B swaps the values. Option C uses incorrect field names (surge instead of maxSurge).

Option D uses absolute numbers.

61
MCQmedium

You are implementing a blue-green deployment using Kubernetes Deployments and Services. The 'blue' Deployment runs version 1.0, and the 'green' Deployment runs version 2.0. What is the key mechanism to switch traffic from blue to green?

A.Scale down the blue Deployment to 0 replicas
B.Delete the blue Deployment
C.Change the Service type from ClusterIP to NodePort
D.Update the Service's label selector to match the green Deployment's pod labels
AnswerD

This switches traffic to the green version.

Why this answer

By updating the Service's label selector to match the green Deployment's pod labels, the Service routes traffic to the new version.

62
MCQmedium

You have a Deployment 'app' with the following strategy configuration: 'type: RollingUpdate', 'rollingUpdate: {maxSurge: 0, maxUnavailable: 1}'. You update the container image. What is the behavior during the update?

A.A new pod is created first, then the oldest pod is terminated.
B.Two old pods are terminated at a time, while new pods are created.
C.One old pod is terminated, then a new pod is created, repeating until all pods are updated.
D.All old pods are terminated simultaneously, then new pods are created.
AnswerC

With maxSurge=0, no extra pods are created, so each old pod must be terminated before its replacement is created.

Why this answer

Option A is correct: maxSurge=0 means no extra pods above the desired count; maxUnavailable=1 means one pod can be unavailable at a time. So one old pod is terminated before a new one is created. Option B describes Recreate.

Option C is incorrect because maxSurge=0 prevents creating new pods first. Option D is incorrect because only one pod is unavailable.

63
Multi-Selecteasy

Which TWO of the following are valid uses of Kubernetes Annotations? (Select two.)

Select 2 answers
A.Defining the name of a Kubernetes resource.
B.Identifying which pods a Service should route traffic to.
C.Configuring ingress controllers with specific settings like rewrite rules.
D.Storing non-identifying metadata such as build information or release notes.
E.Enabling service discovery between microservices.
AnswersC, D

Many ingress controllers use annotations to customize behavior per ingress resource.

Why this answer

Options B and D are correct. Annotations are used to attach non-identifying metadata. Option B is correct because annotations can be used by tools like Helm to track release information.

Option D is correct because annotations can be used by ingress controllers for specific configurations. Option A is incorrect because selectors are used for identification. Option C is incorrect because the 'name' field is used for naming.

Option E is incorrect because annotations are not used for service discovery; labels and selectors are.

64
MCQeasy

Which command lists all Helm releases in the current namespace?

A.helm list
B.helm get all
C.helm status
D.helm show
AnswerA

Correct.

Why this answer

'helm list' lists all Helm releases. 'helm ls' is an alias.

65
MCQhard

You want to perform a rolling update of a Deployment. The Deployment has a maxSurge=1 and maxUnavailable=0. How many extra pods can be created above the desired count during the update?

A.Unlimited
B.0
C.1
D.Desired replicas
AnswerC

Correct.

Why this answer

maxSurge=1 means at most one additional pod can be created above the desired replicas.

66
MCQmedium

You want to add an annotation to a pod without modifying the pod template. Which approach should you use?

A.kubectl annotate deployment my-deployment key=value
B.kubectl label pod my-pod key=value
C.kubectl edit pod my-pod and add annotation manually
D.kubectl annotate pod my-pod key=value
AnswerD

Correct command to add annotation.

Why this answer

Option B is correct: 'kubectl annotate pod my-pod key=value'. Option A uses the wrong command. Option C goes into edit mode.

Option D adds to the Deployment, which would roll out a new pod with the annotation in the template.

67
MCQmedium

You have deployed an application using Helm. You want to see the history of revisions for the release 'frontend' in the 'web' namespace. Which command should you use?

A.helm status frontend --namespace web
B.helm list frontend --namespace web
C.helm get manifest frontend --namespace web
D.helm history frontend --namespace web
AnswerD

Correct command to show revision history.

Why this answer

The command 'helm history frontend --namespace web' lists all revisions for the release 'frontend' in the 'web' namespace.

68
Multi-Selectmedium

Which TWO of the following are valid methods to perform a blue-green deployment in Kubernetes?

Select 2 answers
A.Use kubectl patch to modify the Deployment's image and rely on the Recreate strategy.
B.Create a new Deployment for the new version, then update the Service's selector to point to the new pods.
C.Deploy the new version in a separate namespace and use a Service to route traffic to the new namespace.
D.Use kubectl rollout undo to revert to the previous version.
E.Use the RollingUpdate strategy with maxSurge=100% and maxUnavailable=0%.
AnswersB, C

This switches traffic to the new version by changing the selector.

Why this answer

A blue-green deployment involves two versions (blue and green) and switching traffic between them. Options A and D are valid: creating a new Deployment with the new version and updating the Service selector, or using two Services with different selectors and switching via DNS or ingress.

69
MCQmedium

You are performing a blue-green deployment. You have two Deployments: 'app-blue' (current) and 'app-green' (new). Both have labels 'app: myapp' and 'version: blue' or 'version: green' respectively. The Service 'myapp-svc' selects pods with 'app: myapp, version: blue'. How do you switch traffic to the green deployment?

A.Add an additional label 'traffic: enabled' to the 'app-green' pods and update the Service to select 'traffic: enabled'
B.Update the Service selector to 'app: myapp; version: green'
C.Update the 'app-green' Deployment to have label 'version: blue'
D.Update the Service selector to 'app: myapp, version: green'
AnswerD

Directly changes the Service to route traffic to green pods.

Why this answer

Option B is correct: update the Service's selector to 'app: myapp, version: green'. Option A changes the Deployment, not the Service. Option C would break the Service selector syntax.

Option D changes the green Deployment's labels, which would not be picked up by the Service without selector change.

70
MCQeasy

In a Deployment, what is the purpose of the 'maxUnavailable' field in the rolling update strategy?

A.The maximum number of pods that can be terminated at once.
B.The maximum number of pods that can be unavailable during the update.
C.The maximum time allowed for the rollout to complete.
D.The maximum number of pods that can be created above the desired replicas.
AnswerB

Correct definition.

Why this answer

In a Deployment's rolling update strategy, the 'maxUnavailable' field specifies the maximum number of Pods that can be unavailable during the update process. This ensures that the Deployment maintains a certain level of availability by controlling how many Pods can be taken down at any given time, relative to the desired replica count. It is defined as either an absolute number or a percentage of the desired Pods, and it works alongside 'maxSurge' to manage the update's pace and safety.

Exam trap

The trap here is that candidates often confuse 'maxUnavailable' with 'maxSurge', thinking it controls the number of Pods created above the desired count, when in fact 'maxUnavailable' governs the number of Pods that can be unavailable, while 'maxSurge' controls the number of extra Pods created above the desired replicas.

How to eliminate wrong answers

Option A is wrong because 'maxUnavailable' does not limit the number of Pods that can be terminated at once; that behavior is governed by the combination of 'maxUnavailable' and 'maxSurge', but 'maxUnavailable' specifically caps the number of Pods that can be in an unavailable state, not the termination rate. Option C is wrong because there is no 'maxUnavailable' field for rollout completion time; Kubernetes uses 'progressDeadlineSeconds' to set a timeout for the rollout to complete, not 'maxUnavailable'. Option D is wrong because the maximum number of Pods that can be created above the desired replicas is controlled by the 'maxSurge' field, not 'maxUnavailable'; 'maxUnavailable' deals with unavailability, not overshooting the replica count.

71
MCQhard

You have a Deployment that uses the Recreate strategy. You update the container image. What happens to the existing pods?

A.Existing pods are not affected; you must manually delete them
B.Existing pods are terminated first, then new pods are created
C.Existing pods are gradually terminated while new pods are created
D.New pods are created alongside existing pods, then old pods are terminated
AnswerB

Recreate first terminates all pods, then creates new ones.

Why this answer

With the Recreate strategy, all existing pods are killed before new pods are created. This ensures no two versions run simultaneously but causes downtime.

72
MCQhard

You are deploying a microservice application on a Kubernetes cluster. The application consists of a frontend service (type: ClusterIP) and a backend service (type: ClusterIP). The frontend needs to communicate with the backend via DNS name 'backend-service'. The backend service runs three replicas, each listening on port 8080. You have created the backend service and deployment, and verified that pods are running. However, when you deploy the frontend pod and attempt to curl http://backend-service:8080 from within the frontend, you get 'connection refused'. The frontend pod is in the same namespace as the backend. You check the backend pods and they are all running and ready, and the endpoints object shows the correct pod IPs. You suspect a misconfiguration in the service definition. Which of the following is the most likely cause of the issue?

A.The backend pods are not running on the nodes because the cluster has insufficient resources.
B.The frontend pod is using the wrong service name; it should be 'backend-service.default.svc.cluster.local'.
C.The backend service's port field is set to 8080, but the targetPort is not specified, so it defaults to the port field value, which is correct.
D.The backend deployment's containerPort is set to 8081, but the service's targetPort is 8080, causing a mismatch.
AnswerD

If containerPort does not match targetPort, the service sends traffic to a port on the pod that is not listening, resulting in connection refused.

Why this answer

Option D is correct because the backend service's `targetPort` defaults to the value of `port` (8080) when not explicitly set, but the backend deployment's `containerPort` is 8081. This mismatch means the service sends traffic to port 8080 on the pods, where no process is listening, resulting in a 'connection refused' error. The pods are running and ready, but the readiness probe (if any) might still pass if it checks a different path, while the actual application port is misaligned.

Exam trap

The trap here is that candidates assume the `port` and `targetPort` are always identical by default and overlook checking the actual container listening port, leading them to incorrectly suspect DNS or resource issues.

How to eliminate wrong answers

Option A is wrong because the pods are running and ready, and the endpoints object shows correct pod IPs, which would not be the case if the cluster had insufficient resources. Option B is wrong because the frontend pod is in the same namespace as the backend service, so the short DNS name 'backend-service' resolves correctly; the fully qualified name is only needed for cross-namespace access. Option C is wrong because the default behavior of `targetPort` matching `port` is correct when the container listens on the same port; the issue here is a mismatch between the container's actual listening port and the service's target port.

73
MCQmedium

A Helm chart has the following template snippet: '{{ .Values.replicaCount }}'. You want to set replicaCount to 5 during installation. Which command should you use?

A.helm install my-release mychart --name replicaCount=5
B.helm install my-release mychart --values replicaCount=5
C.helm install my-release mychart --set replicaCount=5
D.helm install my-release mychart --set-string replicaCount=5
AnswerC

This overrides the 'replicaCount' value with 5 in the chart.

Why this answer

Option D is correct: '--set' overrides values directly on the command line. Option A sets the release name, not values. Option B specifies a values file, but the question asks for direct setting.

Option C is not a valid flag.

74
MCQhard

You have a Deployment with the following strategy: rollingUpdate: maxSurge: 25%, maxUnavailable: 25%. The Deployment has 4 replicas. During an update, what is the minimum number of pods guaranteed to be available?

A.3
B.2
C.4
D.1
AnswerA

25% of 4 is 1, so at most 1 unavailable, guaranteeing 3 available.

Why this answer

maxUnavailable: 25% means at most 1 pod (25% of 4) can be unavailable. Therefore, at least 3 pods are available.

75
MCQhard

You have a HorizontalPodAutoscaler (HPA) targeting a Deployment. The HPA is configured with 'targetCPUUtilizationPercentage: 50'. The current CPU utilization is 60% across the pods. What action does the HPA take?

A.Scale down the Deployment because the target is 50%.
B.Mark the HPA as unable to calculate metrics and stop scaling.
C.Scale up the Deployment to reduce per-pod CPU utilization.
D.Take no action because the deviation is within tolerance.
AnswerC

By adding more pods, the load is distributed, reducing the average CPU utilization towards the target.

Why this answer

Option B is correct: HPA scales up to bring actual utilization closer to the target. Option A is incorrect because scaling down when above target would increase utilization further. Option C is incorrect because HPA does not wait for sustained load; it reacts based on the metric.

Option D is incorrect because HPA does not stop itself; it continues to adjust.

Page 1 of 3 · 205 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Application Deployment questions.