CKS · topic practice

Cluster Setup practice questions

Use this page to practise Cluster Setup questions for this certification. Focus on how the exam tests cluster setup in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
10 questionsDomain: Cluster Setup

What the exam tests

What to know about Cluster Setup

Cluster Setup questions on this certification test your ability to deploy and manage cluster setup concepts in scenario-based situations.

Core Cluster Setup concepts and how they apply in real-world cloud scenarios.

How to deploy cluster setup correctly and verify the outcome.

Troubleshooting cluster setup issues by interpreting error output and system state.

Cloud best practices and Cluster Setup design trade-offs tested by this certification.

Watch out for

Common Cluster Setup exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Cluster Setup questions

10 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full Cluster Setup explanation →

A team needs to set up a highly available Kubernetes control plane across three availability zones. What is the minimum number of etcd members required to achieve fault tolerance against one zone failure?

Question 2mediummultiple choice
Read the full Cluster Setup explanation →

A security audit reveals that the kube-apiserver is using the default insecure port 8080 on a production cluster. Which is the most secure and recommended remediation?

Question 3hardmultiple choice
Read the full Cluster Setup explanation →

During a cluster upgrade, the kubelet on a worker node fails to start after updating the kubelet binary. The kubelet logs show: 'failed to load bootstrap client certificate: open /var/lib/kubelet/pki/kubelet-client-current.pem: no such file or directory'. What is the most likely cause?

Which TWO of the following are valid methods to secure the etcd cluster in a Kubernetes setup?

Which THREE of the following are required when setting up a Kubernetes control plane with kubeadm for a production environment?

Question 6easymultiple choice
Read the full Cluster Setup explanation →

A cluster is using kubeadm and the control plane components are running as static pods. Where are the static pod manifests for the API server located by default?

Question 7hardmultiple choice
Read the full Cluster Setup explanation →

You are responsible for securing a multi-tenant Kubernetes cluster that uses kubeadm for bootstrapping. The cluster has three control plane nodes and five worker nodes, all running Ubuntu 22.04. A recent security scan discovered that the etcd data directory is not encrypted at rest. The cluster stores sensitive customer data in secrets. You plan to enable encryption at rest for etcd. You have already created an encryption configuration file and placed it at /etc/kubernetes/encryption-config.yaml. The cluster is currently running Kubernetes v1.28.0 with etcd v3.5.9. You need to ensure that all existing and new secrets are encrypted. You also want to minimize downtime. Which of the following steps should you take?

Question 8mediummultiple choice
Read the full Cluster Setup explanation →

A security team wants to ensure that all communication between the kubelet and the API server is encrypted. Which flag must be set on the kubelet to enforce this?

Order the steps to rotate a Kubernetes API server certificate.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each Kubernetes admission controller to its role in security.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Limits the Node and Pod objects a kubelet can modify

Ensures images are always pulled, preventing use of local images

Denies pods with certain security context settings (deprecated)

Implements automation for service accounts

Enforces namespace-level node selector restrictions

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cluster Setup sessions

Start a Cluster Setup only practice session

Every question in these sessions is drawn from the Cluster Setup domain — nothing else.

Related practice questions

Related CKS topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CKS exam test about Cluster Setup?
Cluster Setup questions on this certification test your ability to deploy and manage cluster setup concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cluster Setup questions in a focused session?
Yes — the session launcher on this page draws every question from the Cluster Setup domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CKS topics?
Use the topic links above to move to related areas, or go back to the CKS question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CKS exam covers. They are not copied from any real exam or dump site.