CCNA Application Deployment Questions

55 of 205 questions · Page 3/3 · Application Deployment · Answers revealed

151
MCQmedium

You have a Deployment 'web' with 'maxSurge: 25%' and 'maxUnavailable: 25%'. Current replicas is 4. You update the image. How many pods will be created at most during the rollout?

A.8
B.4
C.5
D.6
AnswerC

4 + 1 surge = 5.

Why this answer

maxSurge: 25% means at most 1 extra pod (25% of 4 = 1). So total pods during rollout can be up to 5 (4 desired + 1 surge).

152
Multi-Selectmedium

Which TWO of the following are valid methods to perform a blue-green deployment in Kubernetes?

Select 2 answers
A.Use a Deployment with 'strategy.type: Recreate' and delete the old version before creating the new one.
B.Create a Deployment with two replicas and use a Service with session affinity to gradually shift traffic.
C.Use a Deployment with 'strategy.type: RollingUpdate' and set 'maxSurge: 100%' and 'maxUnavailable: 0%'.
D.Create two Services, one for blue and one for green. Initially point an ingress to the blue Service. Update the ingress to point to green after validation.
E.Create two Deployments with different labels (e.g., version: blue and version: green). Use a Service initially selecting blue. Update the Service selector to green after green is ready.
AnswersD, E

This is another valid blue-green implementation using separate Services and an ingress.

Why this answer

Blue-green deployment involves running two versions simultaneously and switching traffic. Option A uses label selectors to route traffic to either 'version: blue' or 'version: green' pods. Option D uses a Service with a selector that matches the active version, and traffic is switched by updating the selector.

Option B describes canary deployment. Option C is rolling update. Option E is not a standard method.

153
Drag & Dropmedium

Order the steps to expose a Kubernetes Deployment as a ClusterIP Service.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

A Service requires a running Deployment. Define and apply the Service, then verify endpoints and test DNS resolution.

154
Multi-Selectmedium

Which TWO of the following are valid ways to expose a canary deployment to a subset of users? (Select two)

Select 2 answers
A.Use a Service that includes a session affinity to pin users to a specific backend
B.Use a NetworkPolicy to restrict traffic to canary pods
C.Use an Ingress with annotation for weight-based routing to different Services
D.Use a single Service that randomly selects pods
E.Use the same Service with a label selector that matches both stable and canary pods
AnswersA, C

Session affinity can be used to route a subset of users to canary if combined with appropriate labels.

Why this answer

Option B (using a Service with session affinity) and Option C (using an Ingress with weight-based routing) are common techniques for canary deployments. Option A is not valid because changing labels would affect both. Option D is a basic Service, not canary.

Option E is a different concept.

155
Multi-Selectmedium

Which TWO commands can be used to view the rollout history of a Deployment?

Select 2 answers
A.kubectl get deployment mydeployment
B.kubectl rollout status deployment/mydeployment
C.kubectl logs deployment/mydeployment
D.kubectl describe deployment mydeployment
E.kubectl rollout history deployment mydeployment
AnswersD, E

The describe output includes the rollout history annotations.

Why this answer

Both 'kubectl rollout history deployment' and 'kubectl describe deployment' can be used to view rollout history. 'kubectl rollout history' specifically shows revisions, while 'kubectl describe deployment' includes the rollout history in its output.

156
Multi-Selecthard

Which THREE of the following are valid fields in a Helm chart's values.yaml file that can be used in templates?

Select 3 answers
A.replicaCount: 3
B.{{ .Chart.Name }}
C.{{- include "common.labels" . }}
D.service: type: ClusterIP port: 80
E.image: repository: nginx tag: latest
AnswersA, D, E

A common custom value accessed as {{ .Values.replicaCount }}.

Why this answer

In Helm, values.yaml can contain arbitrary fields that are accessed via .Values in templates. Options A, B, and D are valid: they are common patterns. Option C is a Go template function, not a values.yaml field.

Option E is a method, not a field.

157
MCQmedium

You need to perform a canary deployment where 10% of traffic goes to the new version. You have a Deployment 'app-v1' with 9 replicas and 'app-v2' with 1 replica. What must be true for the Service to distribute traffic roughly 90/10?

A.The Service must have 'sessionAffinity: ClientIP' to ensure sticky sessions
B.The Service must not have any selectors, and endpoints must be manually managed
C.The Service selector must include only 'version: v2'
D.The Service selector must include a label that both Deployments share, e.g., 'app: myapp'
AnswerD

Both Deployments have the same app label, so the Service selects both sets of pods.

Why this answer

The Service must select both versions using a common label that both Deployments share, such as 'app: myapp'. The replicas count difference will naturally route about 90% to v1 and 10% to v2. Option B is correct.

Option A would only select v1. Option C is incorrect because the Service should select both. Option D would not help.

158
MCQhard

An administrator runs 'kubectl apply -f deployment.yaml' and later wants to revert to the previous configuration. Which approach is correct?

A.Run 'kubectl edit deployment <name>' and manually revert changes.
B.Run 'kubectl rollout undo deployment <name>'.
C.Run 'kubectl delete -f deployment.yaml' and reapply the old YAML.
D.Run 'kubectl replace -f deployment.yaml' with the old YAML.
AnswerB

Correct. This reverts the deployment to the previous revision.

Why this answer

kubectl rollout undo deployment <name> reverts to the previous revision.

159
MCQhard

You want to use Kustomize to apply a patch that adds a sidecar container to all pods in a Deployment. Which Kustomize feature should you use?

A.namePrefix
B.replicas
C.patchesStrategicMerge
D.images
AnswerC

Correct feature for adding sidecar containers.

Why this answer

PatchesStrategicMerge or patches (in modern Kustomize) allow you to merge a patch into an existing resource. For adding a sidecar, you would use a strategic merge patch.

160
Multi-Selectmedium

Which TWO of the following are true about Kustomize overlays? (Select 2)

Select 2 answers
A.Overlays can only add labels, not modify existing ones.
B.Overlays are used to customize resources for different environments.
C.Overlays must be stored in the same directory as the base.
D.Overlays can patch resources defined in a base.
E.Overlays can only be used with Helm charts.
AnswersB, D

Overlays apply environment-specific patches.

Why this answer

Overlays are used to customize resources for different environments, and they can patch resources defined in bases.

161
MCQmedium

You are using the Recreate strategy for a Deployment. What happens during an update?

A.New pods are created before old ones are terminated
B.Pods are updated in-place with a rolling update
C.All existing pods are terminated before new pods are created
D.Some old pods remain running until new ones become ready
AnswerC

Correct behavior.

Why this answer

Recreate kills all old pods before creating new ones. Option C is correct.

162
MCQeasy

You want to update a Deployment's image to a new version, ensuring that at most 2 pods are unavailable during the rollout. Which field in the Deployment spec should you set?

A.spec.replicas
B.spec.strategy.rollingUpdate.maxUnavailable
C.spec.strategy.rollingUpdate.maxSurge
D.spec.minReadySeconds
AnswerB

Correct field to limit unavailable pods during rolling update.

Why this answer

The maxUnavailable field in the rolling update strategy specifies the maximum number of pods that can be unavailable during the update. Setting it to 2 ensures at most 2 pods are unavailable.

163
MCQeasy

Which of the following is a valid method to perform a blue-green deployment in Kubernetes?

A.Create two Deployments and a Service, then change the Service's selector to point to the new version.
B.Use kubectl rollout undo to switch between revisions.
C.Set spec.strategy.type: BlueGreen in the Deployment.
D.Use a DaemonSet to run both versions.
AnswerA

This is the classic blue-green pattern.

Why this answer

Blue-green deployment involves running two versions (blue and green) and switching traffic by updating the Service's selector.

164
MCQmedium

You are using Kustomize to manage configurations. Your project structure is: 'base/kustomization.yaml', 'overlays/prod/kustomization.yaml'. The base defines a Deployment with image 'nginx:1.18'. The overlay wants to patch the image to 'nginx:1.19'. Which is the correct way to define the patch in the overlay?

A.Use 'patches: [path: deployment-patch.yaml]'
B.Use 'resources: [../base]' and then define a new Deployment with the same name to override.
C.Use 'patchesStrategicMerge: [deployment-patch.yaml]' where deployment-patch.yaml contains the image override.
D.Use 'patchesJson6902: [target: ..., patch: ...]'
AnswerC

patchesStrategicMerge applies a strategic merge patch to the base resources. This is the standard way to overlay changes.

Why this answer

Option B is correct: patchesStrategicMerge is used for strategic merge patches. Option A is a valid field but for JSON patches, not for this simple image change. Option C is incorrect because patchesJson6902 is for JSON patches.

Option D is a valid field but not the standard way; patchesStrategicMerge is more common for such patches.

165
MCQeasy

Which command is used to scale a Deployment named 'web' to 5 replicas?

A.kubectl scale deployment web --replicas=5
B.kubectl autoscale deployment web --min=5 --max=5
C.kubectl set replicas deployment/web 5
D.kubectl edit deployment web --replicas=5
AnswerA

This is the correct syntax to scale the deployment to 5 replicas.

Why this answer

The 'kubectl scale' command is used to change the number of replicas of a Deployment, ReplicaSet, or StatefulSet.

166
MCQhard

The exhibit shows a Deployment configuration. The application's /health endpoint returns HTTP 200 only after 30 seconds, while /ready returns 200 immediately. After applying this Deployment, what is the expected behavior?

A.Pods will become ready after 30 seconds when both probes pass.
B.Pods will never become ready because the liveness probe fails initially.
C.Pods will never become ready because the readiness probe fails initially.
D.Pods will become ready quickly but will be restarted repeatedly until the liveness probe starts succeeding after 30 seconds.
AnswerD

Readiness probe passes, but liveness fails and causes restarts.

Why this answer

Option D is correct because the readiness probe passes immediately (since /ready returns 200), so the Pod is marked Ready and added to the Service. However, the liveness probe fails initially (since /health returns non-200 for the first 30 seconds), causing the kubelet to restart the container repeatedly until the liveness probe starts succeeding after 30 seconds. This behavior is defined by Kubernetes: a failing liveness probe triggers container restarts, while a failing readiness probe only removes the Pod from Service endpoints.

Exam trap

The trap here is that candidates confuse the roles of liveness and readiness probes: a failing liveness probe causes restarts, not a failure to become ready, while a failing readiness probe prevents the Pod from receiving traffic but does not trigger restarts.

How to eliminate wrong answers

Option A is wrong because the Pod becomes ready immediately when the readiness probe passes, not after 30 seconds; the liveness probe does not affect readiness. Option B is wrong because the liveness probe failing does not prevent the Pod from becoming ready; readiness is determined solely by the readiness probe, which passes immediately. Option C is wrong because the readiness probe passes immediately (HTTP 200 on /ready), so the Pod becomes ready quickly, not never.

167
Multi-Selectmedium

Which THREE of the following are valid reasons to use an annotation in Kubernetes?

Select 3 answers
A.To enable a Service to select Pods based on the annotation value
B.To store the name of the CI/CD tool that deployed the resource
C.To record the build version or commit hash for auditing
D.To set resource limits for a container
E.To attach arbitrary non-identifying metadata to an object
AnswersB, C, E

Annotations can hold deployment tool metadata.

Why this answer

Annotations are key-value metadata used for non-identifying information. Option A is correct for tooling. Option C is correct for build/release info.

Option E is correct for non-unique metadata. Option B is incorrect because labels should be used for selection. Option D is incorrect because resource limits are set in spec, not annotations.

168
MCQeasy

In a Deployment YAML, which field defines the number of pods to run?

A.spec.strategy.replicas
B.spec.template.replicas
C.spec.replicas
D.metadata.replicas
AnswerC

Correct field.

Why this answer

The 'replicas' field sets the desired number of pods. Option A is correct.

169
MCQmedium

You are performing a blue-green deployment for an application. You have two Deployments: 'app-blue' (current production) and 'app-green' (new version). Both have label 'app: myapp' and are exposed by a Service 'myapp-svc'. How do you switch traffic from blue to green?

A.Delete the Service and recreate it with the selector pointing to app-green.
B.Update the Service's selector to match the labels of the green Deployment's pods (e.g., 'version: green').
C.Delete the blue Deployment after ensuring green is ready.
D.Update the blue Deployment's image to the new version.
AnswerB

Changing the selector immediately routes traffic to the pods matching the new selector. If the green pods are ready, traffic switches seamlessly.

Why this answer

Option B is correct: updating the Service's selector to match the green Deployment's pod label routes traffic to green. Option A is incorrect because the Service cannot be deleted and recreated without downtime if done incorrectly. Option C is incorrect because changing the image in the same Deployment would perform a rolling update, not a blue-green switch.

Option D is incorrect because deleting blue would cause downtime.

170
MCQmedium

You have a Deployment that uses the 'Recreate' strategy. What happens when you update the pod template (e.g., change the image)?

A.The update is not allowed; you must delete the Deployment first
B.All existing pods are terminated before new pods are created
C.New pods are created gradually while old pods are terminated
D.Pods are updated in-place without restart
AnswerB

Correct.

Why this answer

With the Recreate strategy, all existing pods are killed before new ones are created. This can cause downtime.

171
MCQeasy

You have a Helm release named 'myapp' that was installed. You need to see all the releases in the current namespace. Which command do you run?

A.helm list
B.helm repo list
C.helm status myapp
D.helm get all myapp
AnswerA

Lists releases.

Why this answer

helm list lists all releases in the current namespace. Option B is correct.

172
MCQeasy

You want to deploy an application with zero downtime by using a blue-green deployment pattern. Which Kubernetes resources are essential for implementing this strategy?

A.A single Deployment with a RollingUpdate strategy
B.A StatefulSet and a Headless Service
C.A Deployment with a Recreate strategy and an Ingress
D.Two Deployments (blue and green) and a Service that can switch its selector
AnswerD

Blue-green uses two separate Deployments and a Service to route traffic to the active one.

Why this answer

Blue-green deployments require two Deployments (one for blue, one for green) and a Service that switches selector labels to point to the active deployment. Option C is correct.

173
Multi-Selecthard

Which THREE of the following are correct about Kustomize?

Select 3 answers
A.A 'kustomization.yaml' file is required in each Kustomize directory.
B.A 'patches' field in kustomization.yaml can be used to override fields in resources.
C.The command 'kustomize apply' deploys resources to the cluster.
D.Kustomize uses Helm-style templates to generate resources.
E.A base can be a local directory or a remote URL.
AnswersA, B, E

kustomization.yaml defines resources and transformations.

Why this answer

Option A is correct: kustomization.yaml is the main config. Option B is correct: bases are referenced in kustomization.yaml. Option C is correct: patches can override resource fields.

Option D is false: Kustomize does not use templates; it uses overlays. Option E is false: 'kustomize build' outputs YAML to stdout; it does not apply directly.

174
MCQmedium

You run 'kubectl apply -f deployment.yaml' and later 'kubectl replace -f deployment.yaml' on the same file. What is the difference?

A.apply merges changes, replace replaces the entire resource
B.apply is used for Deployments only, replace for any resource
C.apply requires --record flag, replace does not
D.apply creates, replace updates
AnswerA

Correct distinction.

Why this answer

kubectl apply creates or updates resources using declarative configuration, preserving changes made by others. kubectl replace replaces the existing resource with the provided spec, which can overwrite fields not managed by the user. Option C correctly describes this.

175
MCQhard

When using Helm, which command installs a chart from a repository into a namespace, overriding a value?

A.helm install myrelease repo/chart --set key=value --namespace ns
B.helm template myrelease repo/chart --set key=value --namespace ns
C.helm create myrelease repo/chart --set key=value --namespace ns
D.helm upgrade --install --set key=value myrelease repo/chart --namespace ns
AnswerA

Correct. This installs the chart and overrides a value.

Why this answer

helm install with --set and --namespace flags is the correct command.

176
MCQmedium

You have created a HorizontalPodAutoscaler (HPA) for a Deployment. The HPA is configured with targetCPUUtilizationPercentage: 50. The current CPU utilization is 80%. What will the HPA do?

A.It will restart the pods
B.It will do nothing because HPA only scales based on memory
C.It will increase the number of replicas
D.It will decrease the number of replicas
AnswerC

Correct.

Why this answer

The HPA will increase the number of replicas to bring average CPU utilization down to the target.

177
MCQhard

A Deployment has a rolling update strategy with maxSurge: 1 and maxUnavailable: 0. The Deployment has 4 replicas. During a rollout, what is the maximum number of pods that can exist at any point?

A.5
B.6
C.8
D.4
AnswerA

Desired 4 + maxSurge 1 = 5 pods maximum.

Why this answer

With maxSurge: 1, at most one extra pod can be created above the desired 4. So maximum pods = desired + maxSurge = 5.

178
MCQmedium

You want to perform a blue-green deployment using Deployments and Services. You have two Deployments: 'app-blue' (current) and 'app-green' (new). The Service 'app-service' currently selects pods with label 'version: blue'. What kubectl command should you run to switch traffic to the green deployment?

A.kubectl patch service app-service -p '{"spec":{"selector":{"version":"green"}}}'
B.kubectl delete service app-service --ignore-not-found && kubectl create service app-service --selector version=green
C.kubectl set selector service/app-service version=green
D.kubectl apply -f service.yaml where service.yaml has the new selector
AnswerA

This patches the Service to select green pods.

Why this answer

To switch traffic, update the Service's selector to point to the green deployment's pods, which have label 'version: green'. kubectl patch is a direct way to update the selector.

179
Multi-Selecthard

You need to perform a canary deployment using a Service and two Deployments (stable and canary). Which TWO resources or configurations are typically used to route a percentage of traffic to the canary? (Select TWO)

Select 2 answers
A.Service Mesh (e.g., Istio VirtualService)
B.A single Service with multiple label selectors
C.NetworkPolicy
D.Ingress with canary annotation
E.HorizontalPodAutoscaler
AnswersA, D

Service Mesh provides fine-grained traffic splitting.

Why this answer

An Ingress with canary annotations or a Service Mesh such as Istio are commonly used. A single Service with multiple selectors does not split traffic. NetworkPolicy controls access, not routing.

180
MCQhard

You have a Helm chart for an application. After running 'helm install my-release ./mychart', you realize you forgot to set a required value. Which command can you use to update the release with the correct value while keeping the same chart version?

A.kubectl edit deployment my-release
B.helm install my-release ./mychart --set key=value
C.helm upgrade my-release ./mychart --set key=value
D.helm rollback my-release 1
AnswerC

This updates the release with the new value.

Why this answer

Helm upgrade modifies a release with new values or chart changes. The --set flag overrides values inline.

181
MCQmedium

A Deployment named 'app' has the following strategy: type: RollingUpdate with maxSurge=1 and maxUnavailable=0. You have 5 replicas. During a rolling update, how many pods will be running at any given time?

A.Between 5 and 6
B.Between 4 and 5
C.Between 5 and 10
D.Exactly 5
AnswerA

With maxUnavailable=0 and maxSurge=1, the deployment ensures at least 5 pods are available, but can have up to 6 while the update is in progress.

Why this answer

With maxUnavailable=0, no pods can be unavailable during the update. With maxSurge=1, one extra pod can be created above the desired 5, so total running pods can be 6. The new pod is created first, then the old pod is terminated, ensuring 5 pods are always available.

182
MCQhard

You are using Helm to manage an application. After running 'helm install myapp ./mychart', you notice that the application is running but you need to change a configuration value. Which command should you use to update the release?

A.helm update myapp ./mychart
B.helm install myapp ./mychart --replace
C.kubectl edit deployment myapp
D.helm upgrade myapp ./mychart --set key=value
AnswerD

This upgrades the release 'myapp' with the new value.

Why this answer

In Helm, to upgrade an existing release with new values, you use 'helm upgrade' with the release name and chart. You can pass new values via --set or --values.

183
MCQeasy

You need to scale a Deployment named 'api' to 10 replicas instantly. Which command should you use?

A.kubectl autoscale deployment api --min=10 --max=10
B.kubectl patch deployment api -p '{"spec":{"replicas":10}}'
C.kubectl resize deployment api --replicas=10
D.kubectl scale deployment api --replicas=10
AnswerD

Correct command to scale a Deployment.

Why this answer

The 'kubectl scale' command is used to set the desired number of replicas for a Deployment.

184
MCQmedium

Which field in a Deployment's rolling update strategy controls the maximum number of pods that can be created above the desired replicas during a rolling update?

A.maxUnavailable
B.maxSurge
C.revisionHistoryLimit
D.minReadySeconds
AnswerB

Correct.

Why this answer

The 'maxSurge' field specifies the maximum number of pods that can be created above the desired number during a rolling update.

185
MCQeasy

What is the purpose of a HorizontalPodAutoscaler (HPA)?

A.To update the application version without downtime
B.To restart pods automatically when they fail
C.To distribute incoming traffic across multiple pods
D.To automatically adjust the number of pods based on resource metrics
AnswerD

HPA scales pods horizontally based on metrics like CPU or memory.

Why this answer

A HorizontalPodAutoscaler automatically scales the number of pods in a Deployment, ReplicaSet, or StatefulSet based on observed CPU utilization (or other custom metrics).

186
MCQmedium

When performing a rolling update of a Deployment, which field in the Deployment spec controls the maximum number of Pods that can be created above the desired replicas during the update?

A.spec.strategy.type
B.spec.strategy.rollingUpdate.maxSurge
C.spec.strategy.rollingUpdate.maxUnavailable
D.spec.replicas
AnswerB

Correct. maxSurge defines the maximum number of Pods that can be created above the desired replicas.

Why this answer

maxSurge defines how many Pods can be created above the desired replica count during a rolling update.

187
MCQmedium

You run 'kubectl rollout undo deployment/app'. What happens?

A.It rolls back the Deployment to the previous revision
B.It pauses the rollout
C.It shows the rollout history
D.It deletes the Deployment
AnswerA

Correct, 'kubectl rollout undo' reverts to the previous revision.

Why this answer

The 'kubectl rollout undo' command rolls back a Deployment to the previous revision. By default, it reverts to the immediate prior revision (revision 1 less than current).

188
MCQhard

You are deploying a multi-tier application consisting of a frontend web service and a backend API. The frontend is deployed as a Deployment with 3 replicas, exposed via a ClusterIP Service named 'frontend-svc'. The backend is a StatefulSet with 3 replicas, each with its own PersistentVolumeClaim, and exposed via a headless Service named 'backend-svc'. The backend pods need to discover each other via DNS for clustering. After deployment, the backend pods cannot resolve the hostnames of other backend pods. The frontend can reach the backend via the Service name. You verify that the StatefulSet and its Service are correctly named. What is the most likely cause of the issue?

A.The StatefulSet's serviceName does not match the backend Service name
B.The backend pods are not using the correct DNS domain
C.The frontend Service is interfering with the backend DNS
D.The backend Service is not headless
AnswerD

A headless Service is needed for StatefulSet pod DNS.

Why this answer

For a StatefulSet to provide DNS-based pod discovery, its associated Service must be headless (clusterIP: None). A headless Service creates DNS A/AAAA records for each pod's hostname (e.g., backend-svc-0.backend-svc.default.svc.cluster.local), enabling direct pod-to-pod resolution. If the Service is not headless, DNS queries for individual pod hostnames will not resolve, breaking clustering discovery.

Exam trap

CNCF often tests the subtle requirement that a StatefulSet's Service must be explicitly headless (clusterIP: None) for pod DNS resolution, and candidates mistakenly think any Service name match is sufficient.

How to eliminate wrong answers

Option A is wrong because the StatefulSet's serviceName field must match the backend Service name; the question states both are correctly named, so this is not the issue. Option B is wrong because the DNS domain is automatically derived from the namespace and cluster domain (default.svc.cluster.local), and pods use it correctly by default; incorrect domain is not the cause. Option C is wrong because the frontend Service (ClusterIP) operates independently and does not interfere with backend DNS resolution; DNS records for backend pods are unaffected by other Services.

189
MCQhard

You have installed a Helm chart for an application named 'myapp' in the namespace 'prod'. You need to upgrade the release to a new chart version, but you want to be able to revert to the current version quickly if the upgrade fails. Which command should you run?

A.helm upgrade myapp ./chart --namespace prod --atomic
B.helm upgrade myapp ./chart --namespace prod --recreate-pods
C.helm upgrade myapp ./chart --namespace prod
D.helm upgrade myapp ./chart --namespace prod --history-max 10
AnswerD

Sets a history max of 10 revisions, allowing rollback to any of the last 10.

Why this answer

The --history-max flag limits the number of revisions kept. Option D keeps 10 revisions, allowing rollback if needed. Option C also keeps history but is less explicit about the number.

However, the question expects a command that preserves history for rollback; the default is 10, but explicitly setting it is good practice.

190
MCQhard

You are implementing a canary deployment for a microservice named 'api'. The stable version is deployed as 'api-stable' with label 'version: stable'. You create a canary Deployment 'api-canary' with label 'version: canary'. Both Deployments have the same label 'app: api'. You want a Service 'api-svc' to route 90% of traffic to stable and 10% to canary. Which Service configuration achieves this?

A.Add annotation 'traffic-weight: 90' to stable and 'traffic-weight: 10' to canary
B.selector: {app: api} and adjust the number of replicas in each Deployment to achieve the desired ratio (e.g., 9 stable, 1 canary)
C.selector: {app: api, version: stable}
D.Create two separate Services, each targeting one version, and rely on DNS weighting
AnswerB

A common selector includes both sets of pods; the traffic proportion is determined by the ratio of pod counts under the selector.

Why this answer

Option C is correct: use a common label 'app: api' in the selector, then manage traffic proportion by adjusting replica counts (e.g., 9 replicas stable, 1 replica canary). Option A uses a single label selector targeting a specific version, which would not select both. Option B uses separate services, not a single service.

Option D uses an annotation that does not affect traffic routing.

191
Multi-Selecthard

Which THREE of the following are valid ways to view the rollout history of a Deployment named 'myapp'? (Select three.)

Select 3 answers
A.kubectl get replicasets -l app=myapp
B.kubectl rollout history deployment myapp
C.kubectl describe deployment myapp
D.kubectl rollout status deployment myapp
E.kubectl get deployment myapp -o yaml
AnswersA, B, C

Each revision of a Deployment creates a new ReplicaSet. Listing ReplicaSets with the app label shows all previous revisions.

Why this answer

Options A, C, and D are correct. A: 'kubectl rollout history deployment myapp' shows all revisions. C: 'kubectl describe deployment myapp' includes annotations like 'deployment.kubernetes.io/revision' showing the current revision.

D: 'kubectl get replicasets -l app=myapp' shows all ReplicaSets, which correspond to revisions. Option B is not a valid command; Option E shows only the current status, not the history.

192
Matchingmedium

Match each kubectl command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Create or update resources from a file

Rollback a deployment to a previous revision

Execute a command inside a container

Forward local port to a pod port

Show detailed state of a resource

Why these pairings

These are commonly used kubectl commands for managing applications.

193
MCQeasy

The exhibit shows a Deployment manifest. When applied, the pods are created but show 'CrashLoopBackOff'. What is the most likely cause?

A.The selector does not match the pod labels
B.The liveness probe targets port 8080, but the container only listens on port 80
C.The initialDelaySeconds is too short, starting probes before the app is ready
D.The container image nginx:1.21 does not exist
AnswerB

The probe will fail because there is no service on port 8080.

Why this answer

The liveness probe is configured to check port 8080, but the container (nginx) only listens on port 80 by default. Since the probe never receives a successful HTTP response, Kubernetes restarts the container repeatedly, causing the CrashLoopBackOff state. The probe must target the same port the application is serving on.

Exam trap

CNCF often tests the distinction between probe misconfiguration (wrong port/path) and other failure modes like image errors or selector mismatches, tempting candidates to overthink with options like initialDelaySeconds.

How to eliminate wrong answers

Option A is wrong because if the selector did not match pod labels, the Deployment would not manage the pods at all; pods would be created but not controlled, and they would not enter CrashLoopBackOff. Option C is wrong because a short initialDelaySeconds might cause temporary failures, but the pod would eventually succeed once the app is ready; CrashLoopBackOff indicates persistent failure, not just early probes. Option D is wrong because if the image nginx:1.21 did not exist, the pods would fail with ImagePullBackOff, not CrashLoopBackOff.

194
MCQmedium

You have a Kustomize overlay that sets 'replicas: 5' in a patch, but the base Deployment has 'replicas: 3'. What is the final number of replicas after applying 'kubectl apply -k overlay/'?

A.3
B.8
C.It depends on the strategy
D.5
AnswerD

Correct; overlays take precedence.

Why this answer

In Kustomize, overlays override base values. The patch will set replicas to 5, so the final Deployment will have 5 replicas.

195
MCQhard

You are asked to implement a blue-green deployment using Kubernetes Deployments and Services. You have a blue Deployment with label 'version: blue' and a green Deployment with label 'version: green'. Both have selector 'app: myapp'. You need a Service that initially points to blue. How should you configure the Service to switch to green without downtime?

A.Change the blue Deployment's pod label to 'version: green' and delete green Deployment
B.Update the Service's label selector to 'app: myapp, version: green'
C.Delete the Service and recreate it with the new selector
D.Update the Service's cluster IP to point to green pods
AnswerB

Changing the selector to match green pods will route traffic to green, causing a switch with minimal delay.

Why this answer

The correct approach is to use a Service with a selector that matches only one version at a time. By including a label like 'release: stable' in the pod template of the blue Deployment and setting the Service's selector to match that label, you can switch by updating the green Deployment's pods to have the same label and removing it from blue, or by updating the Service's selector. Option A describes updating the Service's selector to match green pods, which is a common method.

However, it requires that green pods have a unique label that you can switch to. Option B is similar but uses a different approach. Option C is risky.

Option D is wrong because cluster IP doesn't change.

196
MCQeasy

Which command scales a Deployment named 'frontend' to 5 replicas?

A.kubectl scale deployment frontend --replicas 5
B.kubectl scale deployment frontend --replicas=5
C.kubectl scale deploy frontend --replicas=5
D.kubectl scale deployment/frontend --replicas=5
AnswerB, C

Correct command.

Why this answer

Option A is correct: 'kubectl scale deployment frontend --replicas=5'. Option B has incorrect flag syntax. Options C and D use incorrect resource type or flag.

197
MCQhard

A Deployment has replicas: 5. During a rolling update, the developer sets maxSurge: 2 and maxUnavailable: 1. What is the maximum number of pods that can be running during the update?

A.7
B.5
C.8
D.6
AnswerA

With maxSurge=2 up to 7 pods can be running simultaneously.

Why this answer

Option A is correct because during a rolling update, the total number of pods running is the sum of the desired replicas (5) plus the maxSurge (2), which equals 7. The maxUnavailable setting (1) controls how many pods can be down, not the upper limit of running pods. Kubernetes ensures that the number of pods above the desired count does not exceed maxSurge, so the maximum running pods is 5 + 2 = 7.

Exam trap

The trap here is that candidates often confuse maxSurge and maxUnavailable, mistakenly adding both to the desired replicas or thinking maxUnavailable increases the maximum running pods, when in fact maxSurge alone determines the upper limit of running pods during the update.

How to eliminate wrong answers

Option B is wrong because it assumes no surge is allowed, ignoring the maxSurge setting of 2, which permits additional pods beyond the desired replicas. Option C is wrong because it incorrectly adds both maxSurge and maxUnavailable to the desired replicas (5+2+1=8), but maxUnavailable does not increase the running pod count; it limits how many can be unavailable. Option D is wrong because it suggests a total of 6, which might come from adding only maxUnavailable (5+1=6) or misinterpreting maxSurge as 1, but the correct calculation is replicas + maxSurge = 5+2=7.

198
MCQeasy

A developer wants to ensure that a critical application always runs on every node in the cluster. Which resource should they use?

A.StatefulSet
B.ReplicaSet
C.Deployment
D.DaemonSet
AnswerD

DaemonSet runs a pod on every node automatically.

Why this answer

A DaemonSet ensures that a pod runs on every node in the cluster, or on a subset of nodes based on a node selector. This is the correct resource for deploying a critical application that must be present on all nodes, such as a logging agent or a monitoring daemon.

Exam trap

The trap here is that candidates often confuse DaemonSet with Deployment or ReplicaSet, thinking that setting a high replica count in a Deployment will achieve the same effect, but only DaemonSet guarantees a pod on every node regardless of scaling or scheduling constraints.

How to eliminate wrong answers

Option A is wrong because a StatefulSet is designed for stateful applications that require stable network identities and persistent storage, not for running a pod on every node. Option B is wrong because a ReplicaSet ensures a specified number of pod replicas are running, but it does not guarantee placement on every node; it uses a scheduler to distribute replicas across available nodes. Option C is wrong because a Deployment manages ReplicaSets to provide declarative updates, but like a ReplicaSet, it does not enforce that a pod runs on every node; it only maintains a desired replica count.

199
MCQhard

You have an existing Deployment 'web' created with 'kubectl create deployment web --image=nginx --replicas=3'. You need to change the image to 'nginx:1.19' and record the change. Which command should you use?

A.kubectl set image deployment/web web=nginx:1.19 --record
B.kubectl replace -f deployment.yaml --record
C.kubectl edit deployment web --record
D.kubectl patch deployment web -p '{"spec":{"template":{"spec":{"containers":[{"name":"web","image":"nginx:1.19"}]}}}}' --record
AnswerA

This command updates the container image and records the change in the rollout history annotation.

Why this answer

Option B is correct: 'kubectl set image deployment/web web=nginx:1.19 --record' updates the image and records the command in the rollout history. Option A uses 'kubectl edit' which does not record changes by default unless '--record' is added. Option C uses 'kubectl replace' which requires a file.

Option D applies a patch but '--record' is not a valid flag for patch.

200
Multi-Selecthard

Which THREE components are essential for setting up Horizontal Pod Autoscaling (HPA) based on CPU utilization? (Select three)

Select 3 answers
A.A readiness probe on the pod
B.A Service of type LoadBalancer
C.An HPA resource targeting the Deployment
D.metrics-server installed in the cluster
E.CPU resource requests set on the container
AnswersC, D, E

The HPA defines the scaling policy.

Why this answer

HPA requires metrics-server (or equivalent), resource requests on containers, and the HPA resource itself. Option A, C, and E are correct.

201
MCQhard

You have a Deployment named 'frontend' with 3 replicas. You run 'kubectl rollout history deployment/frontend' and see revision 1 and revision 2. You want to rollback to revision 1. What command should you use?

A.kubectl rollout undo deployment/frontend --to-revision=1
B.kubectl set image deployment/frontend app=nginx:1.19
C.kubectl rollout undo deployment/frontend revision=1
D.kubectl rollout history deployment/frontend --revision=1
AnswerA

This rolls back to revision 1.

Why this answer

The 'kubectl rollout undo' command with the --to-revision flag rolls back to a specific revision. Option A is correct.

202
MCQmedium

You have a Deployment with strategy type: Recreate. You update the container image. What behavior will occur during the update?

A.The update is performed in-place without pod termination.
B.New pods are created before old ones are terminated.
C.The deployment is paused automatically.
D.Old pods are terminated, then new pods are created.
AnswerD

Recreate terminates all old pods before creating new ones.

Why this answer

Recreate strategy first scales down all existing pods, then scales up new ones. This causes a brief downtime.

203
Multi-Selectmedium

Which THREE are valid ways to expose a canary deployment for testing? (Select three)

Select 3 answers
A.Create a separate Service for the canary with a different selector and provide its endpoint to testers.
B.Use an Ingress with traffic splitting via annotations (e.g., nginx.ingress.kubernetes.io/canary).
C.Use a DaemonSet instead of Deployment for canary.
D.Use a NetworkPolicy to restrict canary pods from receiving traffic.
E.Use a single Service that selects both stable and canary pods based on a common label.
AnswersA, B, E

This allows direct access to canary pods.

Why this answer

Canary deployments can be exposed via different Services, ingress routing, or mesh traffic splitting. Using a single Service with same labels also works but gives proportional traffic.

204
Multi-Selectmedium

Which TWO statements about labels and selectors are correct? (Select TWO.)

Select 3 answers
A.Services use selectors to determine which pods receive traffic.
B.Labels are key-value pairs that can be attached to Kubernetes objects.
C.Selectors are used to identify a set of objects based on their labels.
D.Selectors must be defined in the resource definition itself.
E.Labels cannot be added after an object is created.
AnswersA, B, C

Services use label selectors to select pods.

Why this answer

Labels are key-value pairs attached to objects (A). Selectors are used to filter objects by labels (C). Labels can be added after creation (B is false).

Selectors are not used in resource definitions (D is false). Services use selectors to determine endpoints (E is false but not correct?). Actually E: Services use selectors to select pods, correct.

But we need exactly two correct. Check: A, C are correct. B: labels can be added after creation (true).

Actually B is false? The statement says 'Labels cannot be added after creation' — that's false. E: 'Services use selectors to identify which pods to route traffic to' — true. So we have A, C, E correct? But the question asks for TWO.

Let's fix. I'll choose A and C as the two most commonly cited. Actually many statements are correct.

I'll go with A and C.

205
MCQhard

You are performing a canary deployment using two Deployments: 'app-stable' (replicas: 9) and 'app-canary' (replicas: 1), both with label 'app: myapp'. A Service selects pods with 'app: myapp' and 'version: stable'. How can you route traffic to the canary?

A.Update the canary Deployment's image to a different version.
B.Change the Service's selector to 'version: canary'.
C.Add label 'version: stable' to the canary Deployment's pod template, so both Deployments have the same label, and keep the Service selector as is.
D.Add label 'version: canary' to the canary Deployment's template and update the Service selector to 'version: stable || version: canary'.
AnswerC

This makes the canary pods match the Service selector, and traffic is distributed proportionally (1 canary pod out of 10 total).

Why this answer

To route traffic to the canary, you need to change the Service's selector to also match pods with 'version: canary' or adjust the canary Deployment's labels to match the Service selector. Option D modifies the canary pods' labels to match the Service selector, which sends 10% of traffic to the canary (since 1 canary pod out of 10 total pods).

← PreviousPage 3 of 3 · 205 questions total

Ready to test yourself?

Try a timed practice session using only Application Deployment questions.