CCNA Ckad Design Build Questions

28 of 178 questions · Page 3/3 · Ckad Design Build topic · Answers revealed

151
MCQmedium

A pod named 'webapp' is stuck in 'Pending' state. 'kubectl describe pod webapp' shows '0/1 nodes are available: 1 Insufficient memory'. What is the most likely cause?

A.The node has insufficient CPU
B.The container was killed due to out-of-memory
C.The pod's memory request exceeds available node memory
D.The container image does not exist
AnswerC

The pod is pending because no node can satisfy the memory request.

Why this answer

Option D is correct. The error indicates no node has enough memory to schedule the pod. Option A (image pull) would show ImagePullBackOff.

Option B (CPU) would show CPU insufficiency. Option C (OOMKilled) would only occur after the pod runs.

152
MCQmedium

You have a pod with two containers: one runs a web server, and the other is a sidecar that logs the web server's output to a central logging system. Which pattern does this represent?

A.Sidecar pattern
B.Decorator pattern
C.Ambassador pattern
D.Adapter pattern
AnswerA

A sidecar container enhances or extends the functionality of the main container, such as logging, monitoring, or proxying.

Why this answer

Option A is correct. The sidecar pattern adds a helper container alongside the main container to extend its functionality (e.g., logging). Option B (adapter) normalizes output.

Option C (ambassador) proxies connections to external services. Option D (decorator) is not a standard Kubernetes pattern.

153
MCQeasy

What is the purpose of an init container in a pod?

A.To check the health of the main container and restart it if necessary
B.To run alongside the main container and provide additional services
C.To run to completion before the main containers start, often for initialization tasks
D.To run a command after the main container starts
AnswerC

Init containers run sequentially and must complete successfully before main containers start.

Why this answer

Option B is correct. Init containers run before the main application containers and typically perform setup tasks (e.g., waiting for a service, initializing data). Option A describes a sidecar.

Option C describes a liveness probe. Option D describes a postStart lifecycle hook.

154
MCQeasy

Which field in a CronJob spec specifies the maximum number of successful jobs that should be retained?

A..spec.jobTemplate.spec.backoffLimit
B..spec.successfulJobsHistoryLimit
C..spec.jobHistory.succeeded
D..spec.history.successfulJobsLimit
AnswerB

Correct field: 'successfulJobsHistoryLimit' in the CronJob spec.

Why this answer

Option C is correct. 'successfulJobsHistoryLimit' controls how many successful job runs are retained. Option A is for failed jobs. Option B and D are not valid fields.

155
Multi-Selecthard

Which THREE options are valid fields in a CronJob spec? (Select 3)

Select 3 answers
A..spec.jobTemplate.spec.template.spec.restartPolicy
B..spec.successfulJobsHistoryLimit
C..spec.schedule
D..spec.concurrencyPolicy
E..spec.jobTemplate.spec.parallelism
AnswersB, C, D

Valid CronJob field to limit history.

Why this answer

Option B is correct because `.spec.successfulJobsHistoryLimit` is a valid field in a CronJob spec that controls how many completed jobs are retained for inspection. This field defaults to 3 and helps manage cluster resource usage by limiting the number of successful job records kept in the history.

Exam trap

The trap here is that candidates confuse fields that belong to the CronJob spec with fields that belong to the underlying Job spec, such as `parallelism` or `restartPolicy`, which are valid in a Job but not directly in the CronJob spec's top-level fields.

156
MCQhard

You are deploying a Pod that contains two containers: a web server and a file sync agent. The file sync agent needs to run as long as the web server is running and should share the same network namespace. Which design pattern does this represent?

A.Adapter pattern
B.Ambassador pattern
C.Init container pattern
D.Sidecar pattern
AnswerD

The sidecar pattern adds auxiliary functionality to a main container within the same Pod.

Why this answer

Option A is correct. A sidecar container runs alongside the main container, sharing the same Pod lifecycle and network namespace. Option B is an adapter pattern for normalizing output.

Option C is an ambassador pattern for proxying. Option D is not a standard pattern.

157
MCQmedium

You need to run a batch job that processes 100 items. The job should be considered complete when all items are processed successfully. You want to run up to 10 pods concurrently. Which job configuration is correct?

A..spec.completions: 10, .spec.parallelism: 100
B..spec.backoffLimit: 100, .spec.parallelism: 10
C..spec.completions: 100, .spec.parallelism: 1
D..spec.completions: 100, .spec.parallelism: 10
AnswerD

completions defines the desired number of successfully finished pods; parallelism controls concurrency. This configuration runs 100 pods with up to 10 at a time.

Why this answer

Option A is correct. With .spec.completions=100, the job is complete when 100 successful pods finish. .spec.parallelism=10 allows up to 10 pods running concurrently. Option B would run 10 pods total, not 100 completions.

Option C would run 10 pods sequentially (parallelism=1). Option D is not valid for batch/v1.

158
MCQhard

A Pod with an init container and a main container is created. The init container runs a script that takes 10 seconds. The main container's startupProbe has initialDelaySeconds: 5. When does the startupProbe begin?

A.5 seconds after the pod is created
B.10 seconds after the pod is created
C.Immediately after the pod is created
D.After the init container completes, then plus 5 seconds
AnswerD

Init containers must finish before main containers start. Then startupProbe waits initialDelaySeconds.

Why this answer

Option C is correct: Init containers run to completion before any main container starts. The startupProbe begins after the main container starts, which is after the init container completes. So the startupProbe begins after 10 seconds (init) plus the initialDelaySeconds (5) = 15 seconds.

159
MCQhard

Consider the following partial Dockerfile: FROM alpine:3.18 AS builder RUN apk add --no-cache curl COPY src /app/src RUN make /app/bin FROM alpine:3.18 COPY --from=builder /app/bin /app/bin CMD ["/app/bin"] What is the primary benefit of this multi-stage build?

A.Faster builds because the builder stage runs in parallel
B.Reduced final image size by excluding build dependencies
C.Automatic caching of the builder stage
D.Improved security by running the builder as a non-root user
AnswerB

Only the final stage is used; build tools from builder are not included.

Why this answer

Multi-stage builds allow copying only the compiled binary from the builder stage, leaving behind build tools and intermediate files, resulting in a smaller final image.

160
MCQeasy

You need to create a Job that runs a single task to completion. Which kubectl command correctly creates a Job named 'data-processor' that runs the image 'myapp/processor:1.0'?

A.kubectl create deployment data-processor --image=myapp/processor:1.0
B.kubectl create job data-processor --image=myapp/processor:1.0
C.kubectl run data-processor --image=myapp/processor:1.0 --restart=Never
D.kubectl create cronjob data-processor --image=myapp/processor:1.0
AnswerB

kubectl create job creates a Job resource with the specified image.

Why this answer

Option A is correct. The 'kubectl create job' command creates a Job. Option B is for creating a CronJob.

Option C is for a Deployment. Option D has incorrect syntax.

161
Multi-Selecthard

Which THREE statements about Dockerfile CMD and ENTRYPOINT are correct?

Select 4 answers
A.CMD is always ignored if ENTRYPOINT is defined.
B.CMD can be overridden at container runtime by specifying a command after the image name.
C.ENTRYPOINT can be overridden at container runtime using the --entrypoint flag.
D.If both CMD and ENTRYPOINT are specified, CMD provides default arguments to ENTRYPOINT.
E.If neither CMD nor ENTRYPOINT is specified, the container will run but exit immediately.
AnswersB, C, D, E

For example, docker run image command overrides CMD. However, note that this actually overrides CMD when used in exec form, but the statement is generally true.

Why this answer

Options A, C, and D are correct. If both CMD and ENTRYPOINT are defined, CMD provides default arguments to ENTRYPOINT. CMD can be overridden by providing command-line arguments at container run.

ENTRYPOINT can be overridden using --entrypoint flag. If neither is defined, the container starts but exits immediately because there is no command (unless image has default). CMD is not always ignored when ENTRYPOINT is defined; it provides defaults.

162
Multi-Selectmedium

Which TWO statements about init containers are correct?

Select 3 answers
A.Init containers cannot have resource limits.
B.Init containers always run to completion.
C.Init containers are run sequentially in the order defined.
D.If an init container fails, it is not restarted.
E.Init containers run before the main application containers start.
AnswersB, C, E

Each init container must complete successfully before the next one starts.

Why this answer

Init containers run sequentially before the main containers start. They can have different images and settings than the main containers. They run to completion and then terminate.

Options A, B, and C are correct. D is false: init containers can have their own resource limits. E is false: the pod restarts if an init container fails, not the container itself.

163
Matchingmedium

Match each Kubernetes Service type to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Exposes service on a cluster-internal IP

Exposes service on each node's IP at a static port

Exposes service externally using a cloud load balancer

Maps service to a DNS name

No cluster IP; used for stateful workloads

Why these pairings

Service types define how traffic reaches pods.

164
MCQmedium

A pod in the 'production' namespace is in a CrashLoopBackOff state. The pod has been running successfully for several days. You run 'kubectl describe pod app-pod -n production' and see the message: 'OOMKilled'. What is the MOST appropriate action to resolve this issue?

A.Increase the CPU request for the container
B.Delete the namespace and redeploy all workloads
C.Delete and recreate the pod to clear the crash loop
D.Increase the memory limit in the pod's container resource specification
AnswerD

OOMKilled indicates the container exceeded its configured memory limit. Increasing the memory limit allows the container to use more memory and prevents the OOM kill.

Why this answer

Option B is correct. OOMKilled means the container exceeded its memory limit and was killed by the kernel OOM killer. The solution is to increase the memory limit in the container's resource specification.

Option A would not help — restarting the pod without addressing the root cause will result in the same failure. Option C addresses CPU, not memory. Option D (deleting the namespace) is destructive and unnecessary.

165
Multi-Selecthard

You are given a pod YAML that uses an init container to wait for a database. The init container exits with code 0, but the main container crashes. Which TWO fields in the pod spec directly affect the behavior of the main container after it crashes?

Select 2 answers
A.spec.containers[0].readinessProbe
B.spec.restartPolicy
C.spec.initContainers[0].restartPolicy
D.spec.containers[0].command
E.spec.containers[0].livenessProbe
AnswersB, E

restartPolicy determines if the container is restarted on failure.

Why this answer

restartPolicy controls whether the main container is restarted; livenessProbe checks health and can restart the container; readinessProbe does not restart.

166
MCQhard

You have a Job that runs a batch process. The Job YAML is as follows: apiVersion: batch/v1 kind: Job metadata: name: batch-job spec: parallelism: 4 completions: 12 backoffLimit: 2 template: spec: containers: - name: worker image: myapp:latest restartPolicy: Never If one pod fails after 3 successful completions, and the Job has already completed 7 successes, how many pods will be running at that point? Assume no other failures.

A.4
B.3
C.7
D.5
AnswerA

The controller maintains up to 4 pods running (parallelism) even after a failure, as long as backoffLimit is not exceeded.

Why this answer

Option B is correct. The Job has parallelism 4, meaning up to 4 pods run concurrently. At the moment, 7 successes have been completed, so the Job still needs 5 more completions.

The Job controller will keep running pods up to parallelism to achieve the remaining completions. When one pod fails, a new pod will be created to replace it because backoffLimit is 2 (meaning up to 2 retries allowed). So there will still be 4 pods running (some may be new).

The answer depends on assuming the Job controller maintains parallelism. With 12 completions needed and 7 already done, 5 remain. The controller will run up to 4 pods concurrently, so 4 pods will be running.

167
MCQmedium

A pod has two containers: a web server and a sidecar that scrapes logs. The sidecar container needs to read log files written by the web server. How should the logs be shared between the containers?

A.Use a ConfigMap to store logs
B.Use a hostPath volume mounted in both containers
C.Use a shared emptyDir volume mounted into both containers at the same path
D.Use a PersistentVolumeClaim
AnswerC

emptyDir volumes are shared across containers in the same pod and are ideal for temporary data sharing.

Why this answer

A shared volume, such as an emptyDir volume mounted into both containers, allows the sidecar to access the web server's log files.

168
Multi-Selectmedium

Which THREE of the following are valid patterns for multi-container pods?

Select 3 answers
A.Init
B.Ambassador
C.Adapter
D.Sidecar
E.Daemon
AnswersB, C, D

Ambassador proxies network traffic to external services.

Why this answer

Sidecar, ambassador, and adapter are well-known multi-container patterns.

169
MCQeasy

Which Dockerfile instruction sets a default command that can be overridden by arguments passed to 'docker run'?

A.ENTRYPOINT
B.EXPOSE
C.CMD
D.RUN
AnswerC

CMD provides defaults that can be overridden.

Why this answer

Option B is correct: CMD sets a default command that can be overridden. ENTRYPOINT sets a command that cannot be easily overridden without --entrypoint flag. RUN executes during build.

EXPOSE documents ports.

170
Multi-Selectmedium

Which TWO commands can be used to create a resource from a YAML file?

Select 2 answers
A.kubectl create -f pod.yaml
B.kubectl delete -f pod.yaml
C.kubectl get -f pod.yaml
D.kubectl run -f pod.yaml
E.kubectl apply -f pod.yaml
AnswersA, E

kubectl create -f creates resources from a YAML file.

Why this answer

Options B and C are correct. kubectl create -f and kubectl apply -f both create resources from YAML files. kubectl run creates a pod from command-line arguments. kubectl get retrieves resources. kubectl delete deletes resources.

171
MCQmedium

A developer has a Dockerfile that builds a Go application. The final image size is 800MB. Which improvement would MOST reduce the image size?

A.Combine all RUN commands into a single layer
B.Add a .dockerignore file to exclude unnecessary files
C.Use a smaller base image like alpine:3.19
D.Use multi-stage builds with a scratch final stage
AnswerD

Multi-stage builds allow copying only the compiled binary to a minimal final image, removing all build tools.

Why this answer

Multi-stage builds allow copying only the binary from the build stage to a minimal base image, drastically reducing final image size.

172
MCQmedium

You run the following command: 'kubectl run nginx --image=nginx --restart=Never'. What Kubernetes resource is created?

A.CronJob
B.Deployment
C.Job
D.Pod
AnswerD

When --restart=Never is specified, kubectl run creates a Pod.

Why this answer

The --restart=Never flag creates a Pod. The default behavior of kubectl run without --restart=Never creates a Deployment, but with --restart=Never it creates a Pod.

173
MCQmedium

A Job must run exactly 3 Pods in parallel. Which Job manifest field achieves this?

A..spec.activeDeadlineSeconds
B..spec.completions
C..spec.parallelism
D..spec.backoffLimit
AnswerC

Sets the number of Pods that run in parallel.

Why this answer

Option A is correct: spec.parallelism controls the number of Pods running concurrently. completions sets the total number of Pods to run. backoffLimit sets retries. activeDeadlineSeconds sets time limit.

174
Multi-Selecthard

Which THREE of the following are correct about the .dockerignore file? (Select 3)

Select 3 answers
A.It supports wildcard patterns to exclude files
B.It is a replacement for .gitignore
C.It can be used to exclude .git directory from the build context
D.It allows comments starting with #
E.It affects the files available in the running container
AnswersA, C, D

Correct: .dockerignore supports glob patterns.

Why this answer

.dockerignore excludes files from the build context, reducing build time and image size. It can use wildcards (A), excludes .git (B), and can have comments (C). It does not affect container runtime (D) and is not a replacement for .gitignore (E).

175
MCQeasy

Which instruction in a Dockerfile sets the default command to run when the container starts, but allows overriding?

A.START
B.RUN
C.CMD
D.ENTRYPOINT
AnswerC

CMD provides defaults that can be overridden.

Why this answer

Option C is correct. CMD can be overridden by passing arguments to 'docker run'. ENTRYPOINT (option B) is not easily overridden unless combined with CMD.

Option A (RUN) is for build-time commands. Option D (START) is invalid.

176
MCQhard

A developer wants to run a one-time batch job that processes exactly 10 items, with up to 3 pods running concurrently. The job should retry each pod up to 2 times if it fails. Which YAML snippet correctly configures the Job?

A..spec.parallelism=3, .spec.completions=2, .spec.backoffLimit=3
B..spec.parallelism=10, .spec.completions=3, .spec.backoffLimit=2
C..spec.parallelism=3, .spec.completions=10, .spec.backoffLimit=2
D..spec.parallelism=3, .spec.completions=3, .spec.backoffLimit=2
AnswerC

Correct: parallelism=3 (max concurrent), completions=10 (total desired), backoffLimit=2 (retries).

Why this answer

Option B sets parallelism to 3 (max concurrent pods) and completions to 10 (total successful pods needed) and backoffLimit to 2 (retries on failure). Option A sets completions to 3 which would only need 3 successful pods, not 10. Option C sets parallelism to 10 and completions to 3, which is opposite.

Option D sets backoffLimit to 3 but completions to 2, not matching the requirement.

177
MCQhard

A developer creates a pod with two containers: a main web server and a sidecar that rotates logs. The sidecar must start before the main container. Which field enforces this startup order?

A.startupProbe
B.lifecycle.preStop
C.initContainers
D.restartPolicy: Always
AnswerC

Init containers run sequentially before main app containers.

Why this answer

Option D is correct: Init containers run sequentially before app containers. Sidecars in a regular container list do not guarantee order. Option A is about lifecycle hooks.

Option B is about restart policy. Option C does not exist.

178
Multi-Selectmedium

Which TWO options are valid ways to tag an image when building with Docker?

Select 2 answers
A.docker build --name myapp:1.0 .
B.docker commit myapp:1.0 myrepo/myapp:1.0
C.docker tag myapp:1.0 myrepo/myapp:1.0
D.docker run -t myapp:1.0 myrepo/myapp:1.0
E.docker build -t myapp:1.0 .
AnswersC, E

docker tag creates a new tag for an existing image.

Why this answer

Options A and B are correct. docker build -t myapp:1.0 . tags the image during build. docker tag myapp:1.0 myrepo/myapp:1.0 adds an additional tag. Option C is invalid because --tag is the correct flag, not --name. Option D is invalid because docker commit requires a container ID, not an image name.

Option E is invalid because docker run does not tag.

← PreviousPage 3 of 3 · 178 questions total

Ready to test yourself?

Try a timed practice session using only Ckad Design Build questions.