Back to Kubernetes and Cloud Native Associate KCNA

CNCF exam questions

Kubernetes and Cloud Native Associate KCNA practice test

Practise KCNA NAT and PAT questions covering address translation types, inside/outside interface roles, static vs dynamic vs PAT, and troubleshooting missing or incorrect translations.

997
practice questions
5
topics covered
KCNA
exam code
CNCF
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 997 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 997 KCNA questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

14 pages · 75 questions per page · 997 total

Domain practice

Study KCNA by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study KCNA by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Kubernetes and Cloud Native Associate KCNA practice questions

Start practice test

Match each Kubernetes resource to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Smallest deployable unit containing one or more containers

Stable network endpoint to access a set of Pods

Stores non-sensitive configuration data as key-value pairs

Cluster-wide storage resource provisioned by an administrator

Manages external access to services, typically HTTP

Match each Kubernetes security concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Identity for processes running in a pod

Role-based access control to authorize API requests

Specifies how groups of pods are allowed to communicate

Deprecated but formerly controlled security-sensitive pod settings

Stores sensitive data like passwords and tokens

A team observes that a Pod is stuck in CrashLoopBackOff. The Pod runs a single container with an entrypoint that exits with non-zero code after a few seconds. The team wants to inspect the container's logs to understand why it is crashing. Which command should they use?

An application running in a Kubernetes cluster needs to securely access a third-party API. The API key must be stored in the cluster and mounted into the Pod as an environment variable. Which is the best practice?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A company is adopting a GitOps workflow for their Kubernetes deployments. They want to ensure that the cluster state always matches the desired state defined in a Git repository. Which tool is specifically designed for this purpose?

Match each Kubernetes networking concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Default service type; exposes service on a cluster-internal IP

Exposes service on each node's IP at a static port

Exposes service externally using a cloud provider's load balancer

Service without a cluster IP; used for direct pod-to-pod communication

Implements traffic routing rules defined by Ingress resources

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A DevOps team notices that a microservice is returning 503 errors intermittently. The service runs in Kubernetes and uses a liveness probe. The team wants to understand the root cause without restarting the pod. Which observability approach should they use first?

Question 8easymultiple choice
Read the full NAT/PAT explanation →

A startup wants to minimize downtime during application updates in Kubernetes. Which deployment strategy should they use?

A cluster has a node with the taint 'node-role.kubernetes.io/control-plane:NoSchedule'. A pod must be scheduled on this node for a special workload. Which action is required?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A team wants to minimize downtime during a Deployment rollout. Which strategy ensures that new pods are created before old pods are terminated?

Question 11hardmultiple choice
Read the full NAT/PAT explanation →

An administrator notices that a pod in a Deployment is stuck in CrashLoopBackOff. The pod logs show 'Error: failed to start container: exec: "app": executable file not found in $PATH'. What is the most likely cause?

An administrator needs to ensure that Pods from two different Deployments cannot communicate with each other. Which Kubernetes resource should be used?

Question 13mediummulti select
Read the full NAT/PAT explanation →

Which THREE are key benefits of using a service mesh in a cloud-native architecture? (Choose 3)

Question 14mediummatching
Read the full NAT/PAT explanation →

Match each cloud native concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight, standalone executable package that includes everything needed

Architectural style that structures an app as a collection of loosely coupled services

Automated configuration, coordination, and management of containers

Approach where servers are never modified after deployment; replaced instead

Specifying the desired state, letting the system achieve and maintain it

A pod is running but you need to view the contents of a file '/var/log/app.log' inside the container to debug an issue. Which kubectl command allows you to do this without modifying the pod?

When using a Service of type ClusterIP, how do pods reach the service?

A Service of type ClusterIP is created for a Deployment, but Pods in other namespaces cannot reach it. What is the most likely cause?

What is the primary purpose of a Kubernetes Service?

You need to store a database password securely and make it available to a Pod as an environment variable. Which Kubernetes resource should you create?

Two pods, 'app-v1' and 'app-v2', both have a label 'app: myapp'. A Service 'my-service' has a selector 'app: myapp'. How many endpoints will the Service initially have?

Which kubectl command would you use to view the logs of a container named 'web' inside a Pod named 'app-12345'?

Which two of the following are valid ways to expose a Deployment externally to the internet? (Select TWO)

A Deployment is configured with 'replicas: 4' and 'strategy.type: RollingUpdate'. You update the container image. What behavior does the Deployment exhibit?

Which component is responsible for running containers on a Kubernetes node?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these KCNA questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

These KCNA practice questions are part of Courseiva's free CNCF certification practice question bank. Courseiva provides original exam-style KCNA questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.