CCNA Kcna App Delivery Questions

75 of 94 questions · Page 1/2 · Kcna App Delivery topic · Answers revealed

1
MCQeasy

Which command is used to rollback a Helm release to a previous revision?

A.helm history <release-name>
B.helm rollback <release-name> <revision>
C.helm install <release-name>
D.helm upgrade <release-name>
AnswerB

Why this answer

The `helm rollback` command rolls back a release to a specified revision. Option A is correct. Option B (helm upgrade) upgrades to a new version.

Option C (helm history) shows revision history. Option D (helm install) installs a new release.

2
MCQmedium

In the context of DORA metrics, which metric measures how often an organization successfully releases to production?

A.Lead time for changes
B.Deployment frequency
C.Mean time to restore (MTTR)
D.Change failure rate
AnswerB

Deployment frequency measures how often deployments occur.

Why this answer

Deployment frequency is a DORA metric that measures how often an organization deploys code to production or an operational environment.

3
MCQmedium

During a canary deployment using Argo Rollouts, how does the tool determine the success of the canary before promoting it?

A.By checking the rollout's status field in the YAML
B.By requiring manual approval via a webhook
C.By comparing the ReplicaSet's age to a threshold
D.By analyzing predefined metrics (e.g., error rate) via an AnalysisTemplate
AnswerD

AnalysisTemplate runs metric queries and determines success/failure.

Why this answer

Argo Rollouts uses metrics from a service mesh or monitoring to analyze the canary's health and decide whether to proceed.

4
Multi-Selecthard

Which THREE of the following are features of Helm that facilitate release management? (Choose three.)

Select 3 answers
A.Canary deployment strategy
B.Rollback to a previous release revision
C.Release history and revision tracking
D.Horizontal pod autoscaling
E.Upgrade a release with new values
AnswersB, C, E

Helm supports rollback with 'helm rollback'.

Why this answer

Helm provides rollback to previous revisions, stores release history, and upgrades releases while preserving history. It does not natively do canary deployments or autoscaling.

5
MCQhard

An organization uses Flux with Kustomize to manage their Kubernetes applications. They want to automatically update their deployment when a new container image is pushed to the registry. Which Flux component should they use?

A.Source Controller
B.Image Automation Controller
C.Helm Controller
D.Kustomize Controller
AnswerB

This controller watches for new images and updates the Git repository with the new tag, triggering a reconciliation.

Why this answer

Flux's Image Automation Controller automates updates based on image policies. It can update manifests in Git when a new image tag is found, triggering a sync.

6
Drag & Dropmedium

Drag and drop the steps to scale a Kubernetes Deployment horizontally into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Scale command, check pods, verify deployment, monitor rollout, and adjust resources if needed.

7
MCQhard

A team is deploying a microservice application on Kubernetes. They want to ensure that during rolling updates, the new version of the service receives traffic only after the readiness probe succeeds. However, they observe that the old pods are terminated before the new pods are ready, causing a brief downtime. Which configuration change should they make to the Deployment to prevent this?

A.Set spec.strategy.rollingUpdate.minReadySeconds to 0
B.Set spec.strategy.rollingUpdate.maxSurge=0 and maxUnavailable=1
C.Add a liveness probe to the container spec
D.Set spec.strategy.rollingUpdate.maxSurge=1 and maxUnavailable=0

Why this answer

Option B is correct because setting spec.strategy.rollingUpdate.maxSurge=0 and maxUnavailable=1 ensures that during a rolling update, the old pods are not terminated until new pods become ready. Option A is incorrect because it allows surge but does not guarantee readiness. Option C is incorrect because it doesn't change the update behavior.

Option D is incorrect because it adds a liveness probe, which is for restarting unhealthy pods, not for traffic shifting.

8
Multi-Selectmedium

Which TWO statements about GitOps are correct?

Select 2 answers
A.GitOps requires a container registry
B.Git is the single source of truth for desired system state
C.The cluster state is automatically reconciled with the Git repository
D.GitOps eliminates the need for CI pipelines
E.Changes are made directly to the cluster using kubectl
AnswersB, C

GitOps defines desired state in Git.

Why this answer

GitOps uses Git as the single source of truth and automatically reconciles cluster state with the repository.

9
MCQeasy

Which deployment strategy updates pods incrementally, replacing old pods with new ones while ensuring availability?

A.Canary deployment
B.Blue-green deployment
C.Recreate
D.Rolling update
AnswerD

This is the default Kubernetes deployment strategy.

Why this answer

The Rolling update strategy is the correct answer because it incrementally replaces old pods with new ones while maintaining application availability. In Kubernetes, a rolling update updates pods one by one (or in small batches), ensuring that a specified number of pods remain available throughout the process. This is achieved by gradually scaling down the old ReplicaSet and scaling up the new one, controlled by parameters like `maxSurge` and `maxUnavailable` in the Deployment spec.

Exam trap

CNCF often tests the distinction between deployment strategies by confusing candidates with 'Canary deployment' because it also involves gradual traffic shifting, but the key difference is that Canary does not replace pods incrementally—it runs both versions concurrently and requires external traffic routing.

How to eliminate wrong answers

Option A is wrong because a Canary deployment routes a small percentage of traffic to a new version before a full rollout, but it does not incrementally replace pods; it runs both versions simultaneously and requires traffic management (e.g., via a service mesh or ingress). Option B is wrong because a Blue-green deployment creates a completely new environment (green) alongside the old one (blue) and switches traffic all at once, rather than updating pods incrementally. Option C is wrong because the Recreate strategy terminates all old pods before creating new ones, causing downtime and violating the availability requirement.

10
MCQeasy

What is the primary purpose of a continuous integration (CI) pipeline in cloud native application delivery?

A.To provision infrastructure resources
B.To automatically deploy code to production
C.To build and test code changes automatically
D.To manage container images in a registry
AnswerC

CI focuses on building and testing every change.

Why this answer

CI automates building and testing code changes to catch integration issues early, ensuring that code is always in a deployable state.

11
MCQhard

A team wants to use feature flags to control the rollout of a new feature in a Kubernetes-deployed microservice. Which tool is specifically designed for managing feature flags in cloud-native applications?

A.Helm
B.LaunchDarkly
C.Kustomize
D.Argo Rollouts
AnswerB

Why this answer

LaunchDarkly is a feature management platform commonly used for feature flags. Argo Rollouts is for progressive delivery (canary, blue-green). Helm is a package manager.

Kustomize is for configuration management. Option A is correct.

12
MCQmedium

A user reports that a ConfigMap update is not reflected in running pods. Which action should be taken to ensure pods receive the updated configuration?

A.Perform a rollout restart of the deployment
B.Delete and recreate the ConfigMap
C.Edit the deployment and change a label
D.Restart the kubelet on the nodes
AnswerA

Triggers new pods with updated ConfigMap values.

Why this answer

A is correct because ConfigMaps are mounted into pods as volumes or consumed via environment variables at pod creation time. Kubernetes does not automatically propagate ConfigMap updates to running pods; the only way to pick up the new configuration is to restart the pods. A rollout restart of the deployment (e.g., `kubectl rollout restart deployment`) triggers a new ReplicaSet, which creates fresh pods that read the updated ConfigMap.

Exam trap

The trap here is that candidates assume Kubernetes automatically propagates ConfigMap changes to running pods, but in reality, pods are immutable after creation and require a restart to pick up new configuration.

How to eliminate wrong answers

Option B is wrong because deleting and recreating the ConfigMap does not affect running pods; pods still reference the old data from the initial mount or environment variable injection. Option C is wrong because changing a label on the deployment does not cause pods to be recreated; labels are metadata and do not trigger a pod restart or re-read of ConfigMap data. Option D is wrong because restarting the kubelet on nodes restarts the node agent but does not force pods to re-read their ConfigMap; pods continue using the cached configuration from their initial creation.

13
MCQmedium

A team uses Helm to manage their Kubernetes applications. They need to upgrade a release and want to reuse the values from the previous release while overriding a specific value. Which helm command should they use?

A.helm upgrade --reset-values my-release ./charts/app --set image.tag=v2
B.helm upgrade --reuse-values my-release ./charts/app --set image.tag=v2
C.helm upgrade --atomic my-release ./charts/app --set image.tag=v2
D.helm upgrade --history-max 5 my-release ./charts/app --set image.tag=v2
AnswerB

--reuse-values retains the previous release's values and merges the new --set overrides.

Why this answer

The --reuse-values flag tells Helm to reuse the last release's values and merge any provided overrides. This is the correct approach to preserve existing values while updating a specific one.

14
MCQhard

A Kubernetes cluster runs a critical application that must be updated with zero downtime. The team wants to gradually shift traffic from the old version to the new version over a period of time. Which deployment pattern is MOST appropriate?

A.Rolling update
B.Recreate deployment
C.Blue-green deployment
D.Canary deployment
AnswerD

Canary deployment gradually shifts a percentage of traffic to the new version, allowing monitoring and controlled rollout.

Why this answer

Canary deployment involves rolling out the new version to a small subset of users initially and gradually increasing traffic while monitoring for issues. This minimizes risk and provides control over the rollout.

15
Multi-Selectmedium

Which TWO of the following are capabilities of ArgoCD? (Choose two.)

Select 2 answers
A.Building container images from source code
B.Automated application sync from Git to cluster
C.Self-healing to correct configuration drift
D.Running unit tests during deployment
E.Managing secrets using Kubernetes Secrets
AnswersB, C

ArgoCD syncs applications automatically or on demand.

Why this answer

ArgoCD provides automated sync (applying desired state from Git) and self-healing (automatically reverting configuration drift). It is not a CI tool and does not build images.

16
MCQeasy

Which Helm command is used to upgrade a release to a newer version of a chart?

A.helm upgrade
B.helm rollback
C.helm update
D.helm install
AnswerA

helm upgrade updates an existing release to a new chart version or configuration.

Why this answer

The 'helm upgrade' command upgrades an existing release with a new chart version or configuration.

17
MCQmedium

In a Helm chart, which file is used to define default configuration values that can be overridden by users during installation?

A.templates/ directory
B.charts/ directory
C.values.yaml
D.Chart.yaml
AnswerC

Why this answer

values.yaml is the conventional file in Helm charts for default values. Users can override these with --set or custom values files. Option B (Chart.yaml) contains metadata.

Option C (templates/) contains Kubernetes manifest templates. Option D (charts/) contains subchart dependencies.

18
Multi-Selectmedium

Which TWO statements are true about Kustomize? (Choose 2)

Select 2 answers
A.It supports patching Kubernetes resources via strategic merge patches or JSON patches.
B.It automatically handles canary traffic routing.
C.It relies on Go templating to generate Kubernetes manifests.
D.It uses a base and overlay model to manage environment-specific configurations.
E.It can be used to package and deploy Helm charts.
AnswersA, D

Why this answer

Kustomize uses a base+overlay model without templating (A). It supports patching to customize resources (B). Option C is false because Kustomize does not use templates (it's template-free).

Option D is false because Kustomize does not manage Helm charts natively. Option E is false because Kustomize does not handle traffic routing.

19
MCQeasy

What is the primary purpose of a container registry in the CI/CD pipeline?

A.To store and distribute container images
B.To run unit tests on container images
C.To store application source code
D.To scan images for vulnerabilities
AnswerA

Container registries like Docker Hub, Google Container Registry, or AWS ECR store images and allow them to be pulled by Kubernetes or other systems.

Why this answer

Container registries store container images after they are built, allowing them to be pulled by Kubernetes clusters during deployment. They are the intermediary between CI and CD.

20
MCQeasy

What is the purpose of values.yaml in a Helm chart?

A.To specify the chart metadata
B.To define the Kubernetes resources to create
C.To define the release name
D.To store default configuration values for the chart
AnswerD

values.yaml holds default parameters.

Why this answer

values.yaml provides default configuration values that can be overridden at install/upgrade time.

21
MCQmedium

In Kustomize, what is the purpose of an overlay?

A.To apply environment-specific customizations on top of a base
B.To merge multiple Kubernetes manifests into one
C.To template variables into YAML files
D.To define the base configuration of an application
AnswerA

Overlays use patches to modify the base for specific environments.

Why this answer

Kustomize overlays allow customizing a base configuration for different environments (e.g., dev, prod) by applying patches without modifying the base.

22
MCQmedium

A DevOps team wants to implement GitOps for their Kubernetes cluster. Which tool is specifically designed for Kubernetes GitOps and can automatically sync the cluster state with a Git repository?

A.ArgoCD
B.Jenkins
C.Kustomize
D.Helm
AnswerA

Why this answer

ArgoCD is a GitOps tool that continuously monitors a Git repository and syncs the cluster state. Flux is also a GitOps tool but the question asks for a tool specifically designed for Kubernetes GitOps; both are valid, but ArgoCD is more commonly associated with the term 'GitOps'. Option A (Helm) is a package manager.

Option B (Kustomize) is a configuration management tool. Option D (Jenkins) is a CI/CD tool but not GitOps-native.

23
MCQmedium

Which DORA metric measures the percentage of deployments that cause a failure in production?

A.Lead time for changes
B.Mean time to recover (MTTR)
C.Change failure rate
D.Deployment frequency
AnswerC

Change failure rate is the percentage of deployments causing failure.

Why this answer

Change failure rate is the percentage of deployments that result in degraded service or require remediation.

24
Multi-Selecteasy

Which TWO of the following are benefits of using Helm for application delivery?

Select 2 answers
A.Automatic scaling based on CPU usage
B.Ability to roll back to previous releases
C.Automatic canary deployments
D.Simplified packaging and templating of Kubernetes resources
E.Built-in monitoring and alerting
AnswersB, D

Helm tracks releases and supports rollback with helm rollback.

Why this answer

Helm manages Kubernetes application releases as packaged charts. The `helm rollback` command allows you to revert to a previous revision of a release, which is a core benefit for safe application delivery and disaster recovery. This capability is built into Helm's release management system, which tracks each deployment as a revision with a unique version number.

Exam trap

CNCF often tests the distinction between Helm's release management features and Kubernetes-native or third-party operational features, so candidates mistakenly attribute capabilities like autoscaling or canary deployments to Helm because they see Helm used in CI/CD pipelines alongside those tools.

25
Multi-Selectmedium

Which TWO of the following are characteristics of Kustomize?

Select 2 answers
A.Requires a values.yaml file for configuration
B.Uses a templating engine similar to Helm
C.Supports patching resources via patchesStrategicMerge
D.Can manage dependencies between charts
E.Uses overlays to customize base configurations
AnswersC, E

Kustomize supports strategic merge patches and JSON patches.

Why this answer

Kustomize uses overlays to customize Kubernetes manifests without templating. It does not use values files or require a package manager.

26
Multi-Selectmedium

Which TWO statements are true about ArgoCD's health status?

Select 2 answers
A.ArgoCD can be configured to perform automatic rollback on health degradation
B.ArgoCD only supports health checks for Deployments
C.ArgoCD checks the health of resources by comparing their status fields
D.Health status is only determined by the application's YAML definition
E.A healthy application always means the sync status is 'Synced'
AnswersA, C

Self-healing can trigger rollback if health check fails.

Why this answer

ArgoCD assesses health based on Kubernetes resource status and can take actions when health degrades.

27
Multi-Selectmedium

Which THREE are examples of DORA metrics used to measure DevOps performance? (Choose 3)

Select 3 answers
A.Deployment Frequency
B.Number of developers per team
C.Code coverage percentage
D.Mean Time to Restore (MTTR)
E.Lead Time for Changes
AnswersA, D, E

Why this answer

DORA metrics include Deployment Frequency, Lead Time for Changes, Mean Time to Restore (MTTR), and Change Failure Rate. Options A, B, and D are the three correct ones. Option C (Number of developers) is not a DORA metric.

Option E (Code coverage) is a software quality metric, not a DORA metric.

28
MCQmedium

In Flux, which controller is responsible for reconciling the desired state defined in a Git repository to the cluster?

A.Image Automation Controller
B.Kustomize Controller
C.Source Controller
D.Helm Controller
AnswerB

The Kustomize Controller watches for changes in Kustomize overlays and applies them to the cluster, ensuring the cluster matches the desired state.

Why this answer

Flux's Source Controller fetches artifacts (e.g., Git repositories, Helm repos) but does not apply changes. The Kustomize Controller is the primary controller that reconciles the desired state from those sources to the cluster.

29
Drag & Dropmedium

Drag and drop the steps to create a ConfigMap from a file in Kubernetes into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Prepare the file, create ConfigMap, verify, describe, and use it in a Pod.

30
MCQhard

A team uses ArgoCD with a Git repository that contains Helm charts. They want ArgoCD to automatically sync when a new image tag is pushed to the container registry. Which approach should they use?

A.Use Flux Image Automation Controller
B.Configure a webhook from the registry to ArgoCD API server
C.Manually update the Helm values and commit
D.Use ArgoCD Image Updater
AnswerD

ArgoCD Image Updater monitors registries and updates the desired state in Git automatically.

Why this answer

ArgoCD Image Updater is the official tool to automatically update image tags in Kubernetes manifests (including Helm values) and commit changes to Git, triggering ArgoCD to sync.

31
MCQhard

A team uses Flux with the Source Controller and Kustomize Controller. They update a YAML file in Git to change a Deployment's replica count. What describes the synchronization flow?

A.The Source Controller directly applies the manifest to the cluster
B.Flux uses HelmReleases to apply changes
C.The Kustomize Controller fetches the source and applies the rendered manifests
D.Flux requires a manual kubectl apply to sync
AnswerC

Kustomize Controller reconciles the source and applies.

Why this answer

Flux Source Controller fetches changes from Git; Kustomize Controller reconciles the kustomization and applies to the cluster.

32
Drag & Dropmedium

Drag and drop the steps to troubleshoot a Pod stuck in CrashLoopBackOff into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Start with describe for events, then logs for errors, check resources, verify image/command, then fix and redeploy.

33
Multi-Selectmedium

Which TWO of the following are deployment patterns that can be used to update applications with minimal downtime? (Choose two.)

Select 2 answers
A.DaemonSet deployment
B.Sidecar deployment
C.Recreate deployment
D.Blue-green deployment
E.Canary deployment
AnswersD, E

Blue-green deploys a new version alongside the old and switches traffic after testing.

Why this answer

Blue-green and canary are deployment patterns that reduce downtime by gradually shifting traffic. Rolling update is also a pattern but the question asks for minimal downtime; blue-green and canary are specifically designed for that.

34
MCQmedium

Which deployment strategy is characterized by gradually shifting traffic from an old version to a new version of an application, often requiring a service mesh or ingress controller to manage traffic splitting?

A.Rolling update
B.Canary deployment
C.Blue-green deployment
D.Recreate
AnswerB

Why this answer

A canary deployment gradually shifts traffic to the new version, allowing monitoring before full rollout. Option A (Rolling update) replaces pods incrementally without traffic splitting. Option B (Blue-green) switches traffic entirely between two environments.

Option D (Recreate) kills all old pods before creating new ones.

35
MCQhard

A microservice application is experiencing high latency during traffic spikes. The team identifies that the database connection pool is exhausted. They want to implement a pattern that helps decouple the microservice from direct database connections and smooth out traffic bursts. Which design pattern should they apply?

A.Bulkhead pattern
B.Circuit Breaker pattern
C.Queue-based Load Leveling pattern
D.Retry pattern
AnswerC

A message queue buffers requests, decouples services, and smooths traffic spikes.

Why this answer

The Queue-based Load Leveling pattern uses a message queue (e.g., RabbitMQ, Amazon SQS) as a buffer between the microservice and the database. When traffic spikes occur, requests are queued and processed at a manageable rate, preventing the database connection pool from being exhausted. This decouples the service from direct database connections and smooths out bursts, directly addressing the latency issue.

Exam trap

CNCF often tests the distinction between patterns that handle failures (Circuit Breaker, Retry) versus patterns that manage load (Queue-based Load Leveling), and the trap here is that candidates confuse 'smoothing traffic bursts' with 'preventing repeated failures,' leading them to pick the Circuit Breaker or Retry pattern incorrectly.

How to eliminate wrong answers

Option A is wrong because the Bulkhead pattern isolates resources (e.g., thread pools) within a service to prevent cascading failures, but it does not buffer traffic spikes or decouple from database connections. Option B is wrong because the Circuit Breaker pattern monitors for failures and opens the circuit to stop requests temporarily, but it does not smooth out traffic bursts or prevent connection pool exhaustion during spikes. Option D is wrong because the Retry pattern automatically retries failed operations, but it can exacerbate connection pool exhaustion by adding more load during traffic spikes, not decouple or level the load.

36
MCQeasy

In GitOps with ArgoCD, what does 'self-healing' refer to?

A.Automatically scaling applications based on metrics
B.Automatically restarting failed pods
C.Automatically reverting manual changes to match the Git repository
D.Automatically updating the Git repository when changes are made in the cluster
AnswerC

Self-healing ensures the cluster state continuously matches the Git repository, undoing any drift.

Why this answer

Self-healing automatically reverts any manual changes made to the live cluster state back to the desired state defined in Git, ensuring configuration drift is corrected.

37
MCQhard

A team uses Argo Rollouts for progressive delivery. They configure a canary rollout with a traffic split of 20% to the new version. After verification, the rollout automatically increases traffic to 100%. Which Argo Rollout manifest field controls this gradual traffic increase?

A.strategy.canary.trafficRouting
B.strategy.canary.steps
C.template.spec.containers
D.spec.replicas
AnswerB

Why this answer

The steps field in an Argo Rollout defines the sequence of canary steps, including traffic percentages. Option B (strategy.canary.steps) is correct. Option A (strategy.canary.trafficRouting) configures how traffic routing is done (e.g., with a service mesh).

Option C (spec.replicas) sets the total replicas. Option D (template.spec.containers) defines containers.

38
MCQeasy

Which DORA metric measures the percentage of deployments that cause a failure in production?

A.Deployment Frequency
B.Mean Time to Recovery (MTTR)
C.Change Failure Rate
D.Lead Time for Changes
AnswerC

This measures the percentage of changes that result in a failure in production.

Why this answer

Change Failure Rate is the percentage of changes that result in a failure (e.g., service degradation, rollback). It is one of the four key DORA metrics.

39
MCQmedium

In a blue-green deployment strategy, at any given time, only one environment (blue or green) is active. What is the primary advantage of this approach?

A.Gradual traffic shifting to detect issues early
B.Instant rollback by switching traffic back to the previous environment
C.Minimal resource consumption by using only one environment
D.No need for load balancers or ingress controllers
AnswerB

Why this answer

Blue-green deployments allow instant rollback by switching traffic back to the previous environment. Option A is correct. Option B is a benefit of canary deployments.

Option C is a benefit of rolling updates. Option D is not a primary advantage.

40
MCQmedium

In GitOps with ArgoCD, what happens when the desired state in Git differs from the live state in the cluster?

A.ArgoCD reports an error and stops working
B.ArgoCD syncs the cluster to match Git if auto-sync is enabled
C.ArgoCD deletes the Git repository
D.ArgoCD automatically reverts the changes in Git
AnswerB

Auto-sync ensures cluster state matches Git.

Why this answer

ArgoCD detects drift and can automatically sync the cluster to match Git, enabling self-healing.

41
MCQeasy

What is the primary purpose of a container registry in a CI/CD pipeline?

A.To store source code
B.To store and distribute container images
C.To manage Kubernetes secrets
D.To run unit tests
AnswerB

Container registries are designed to store and distribute container images, enabling deployment in Kubernetes.

Why this answer

A container registry stores built container images and provides a mechanism to push and pull images. It is a central component in the CI/CD workflow for image distribution.

42
MCQhard

Refer to the exhibit. The deployment myapp is updated from image myapp:1.0 to myapp:2.0. During the rollout, what is the maximum number of pods that will be unavailable at any given time?

A.2
B.0
C.3
D.1
AnswerB

maxUnavailable: 0 ensures at least 3 pods are always available.

Why this answer

Option B is correct because the deployment strategy defaults to RollingUpdate with a maxUnavailable setting of 25% (rounded up), which for a deployment with 4 replicas allows 1 pod to be unavailable. However, the question states that during the rollout the maximum number of pods that will be unavailable at any given time is 0, which implies the deployment uses a maxSurge and maxUnavailable configuration that ensures no pods are taken down until new ones are ready—this is achieved by setting maxUnavailable to 0 and maxSurge to 1 or more, so the deployment creates a new pod before terminating an old one, guaranteeing zero downtime.

Exam trap

CNCF often tests the default rolling update behavior (maxUnavailable=25%) to trick candidates into calculating a nonzero value, but the trap here is that the question explicitly describes a scenario where no pods are unavailable, which requires recognizing that maxUnavailable can be set to 0 to achieve zero-downtime updates.

How to eliminate wrong answers

Option A (2) is wrong because it assumes a maxUnavailable of 50% or a reckless scaling behavior that would allow two pods to be down simultaneously, which contradicts the zero-downtime requirement implied by the correct answer. Option C (3) is wrong because it suggests a majority of pods could be unavailable, which would violate the deployment's desired state and is not allowed by any standard rolling update configuration. Option D (1) is wrong because while a default rolling update with 4 replicas would allow 1 unavailable pod (25% rounded up), the question's context indicates that the deployment is configured to maintain full availability, so even 1 unavailable pod is not permitted.

43
MCQmedium

In Kustomize, what is the purpose of an overlay?

A.To template values using Go templates
B.To apply patches and modifications on top of a base
C.To define the base set of Kubernetes resources shared across environments
D.To manage Helm releases
AnswerB

Overlays contain patches that customize the base for specific environments.

Why this answer

Overlays in Kustomize allow you to define environment-specific customizations (e.g., dev, prod) on top of a common base configuration.

44
Matchingmedium

Match each Kubernetes storage concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Request for storage by a user, referencing a PersistentVolume

Describes classes of storage with different QoS, backup policies, etc.

Ephemeral volume that shares a pod's lifecycle

Mounts a file or directory from the host node's filesystem

Container Storage Interface standard for pluggable storage drivers

Why these pairings

These are key storage abstractions in Kubernetes.

45
MCQeasy

A startup wants to minimize downtime during application updates in Kubernetes. Which deployment strategy should they use?

A.RollingUpdate
B.Canary
C.Blue/Green
D.Recreate
AnswerA

Replaces pods incrementally, maintaining availability.

Why this answer

The RollingUpdate strategy is the default in Kubernetes and minimizes downtime by gradually replacing old Pods with new ones while the application remains available. It uses a configurable `maxSurge` and `maxUnavailable` parameters to control the rate of change, ensuring that a specified number of Pods are always serving traffic. This makes it ideal for startups seeking zero-downtime updates without the complexity of additional tooling or infrastructure.

Exam trap

The trap here is that candidates often confuse 'minimizing downtime' with 'risk mitigation' and pick Canary or Blue/Green, but the question specifically asks for the simplest strategy to minimize downtime during updates, which is RollingUpdate by default in Kubernetes.

How to eliminate wrong answers

Option B (Canary) is wrong because while it reduces risk by routing a small percentage of traffic to the new version, it is not primarily designed to minimize downtime during updates; it focuses on validating changes with a subset of users and often requires additional service mesh or ingress configuration. Option C (Blue/Green) is wrong because it minimizes downtime by running two full environments and switching traffic instantly, but it doubles resource costs and is not the simplest or most cost-effective choice for a startup aiming to minimize downtime without extra overhead. Option D (Recreate) is wrong because it terminates all old Pods before creating new ones, causing guaranteed downtime during the update, which directly contradicts the goal of minimizing downtime.

46
Drag & Dropmedium

Drag and drop the steps to create a Kubernetes deployment using kubectl into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

First, define the deployment in a YAML file, then apply it, verify creation, check pods, and optionally expose it as a service.

47
MCQmedium

A container image is being pushed to a private registry. What is the correct workflow?

A.Push first, then build
B.Push, tag, build
C.Build, tag, push
D.Tag after push
AnswerC

This is the correct sequence.

Why this answer

The standard workflow is: build image, tag it with registry URL, then push to registry.

48
Multi-Selecthard

Which THREE of the following are key capabilities of progressive delivery tools like Argo Rollouts?

Select 3 answers
A.Integration with feature flag systems
B.Automated rollback based on metrics or health checks
C.Automatic image vulnerability scanning
D.Traffic splitting between old and new versions
E.Replacing the need for CI/CD pipelines
AnswersA, B, D

Argo Rollouts can integrate with feature flags to control exposure.

Why this answer

Progressive delivery tools enable traffic splitting, automated rollbacks based on metrics, and integration with feature flags.

49
MCQeasy

What is Helm's role in Kubernetes?

A.A CI/CD server
B.A package manager for Kubernetes applications
C.A security scanner for container images
D.A monitoring and logging tool
AnswerB

Helm manages charts to define, install, and upgrade applications.

Why this answer

Helm is a package manager that simplifies deploying and managing Kubernetes applications using charts.

50
MCQhard

In a CI pipeline, image scanning is integrated to detect vulnerabilities. What is the best practice when a critical vulnerability is found in a base image?

A.Fail the pipeline and notify the team to fix the base image
B.Deploy to production and patch later
C.Automatically patch the image in the pipeline
D.Ignore the vulnerability and proceed with deployment
AnswerA

Failing the pipeline enforces security.

Why this answer

The pipeline should fail so that the vulnerability is addressed before deployment, preventing insecure images from reaching production.

51
MCQmedium

A team is using Kustomize to manage configurations for different environments. They want to create a variant of a base deployment that uses a different number of replicas. Which Kustomize feature should they use?

A.Generators
B.Patches
C.Bases
D.Components
AnswerB

Why this answer

Kustomize uses overlays to customize bases for different environments. Patches are used to modify specific fields. Option B (Patches) is correct for changing replicas.

Option A (Bases) is the common configuration. Option C (Components) is a newer feature for reusable pieces. Option D (Generators) creates ConfigMaps/Secrets.

52
MCQeasy

What is the primary advantage of using Helm to package a Kubernetes application?

A.It automatically scales applications based on load
B.It enforces security policies on deployments
C.It provides a templating engine to parameterize Kubernetes manifests
D.It manages network policies between services
AnswerC

Helm uses Go templates to allow users to inject values into manifests.

Why this answer

Helm packages Kubernetes manifests into a single chart, allowing easy installation, upgrades, and rollbacks with parameterization via values.yaml.

53
MCQhard

A financial services company runs a critical trading application on Kubernetes. The application is deployed as a Deployment with 3 replicas. Each pod exposes metrics on port 8080 and uses a ConfigMap to load configuration. Recently, after a configuration change via a ConfigMap update, two of the three pods started crashing with an out-of-memory (OOM) error, while the third pod continues to run fine. The team verified that the ConfigMap was updated correctly and that the application code did not change. The pods have resource limits set: memory limit of 512Mi and request of 256Mi. The application's memory usage before the change was around 200Mi. The new configuration increases the in-memory cache size. The team suspects the issue is related to the configuration change. What is the best course of action?

A.Scale the Deployment to 5 replicas to distribute the memory load.
B.Remove the memory limit from the container spec to allow unlimited memory usage.
C.Revert the ConfigMap to the previous configuration and monitor memory usage.
D.Increase the memory limit in the Deployment manifest to a higher value, such as 1Gi, and perform a rolling update.
AnswerD

This directly addresses the OOM caused by increased cache size.

Why this answer

Option D is correct because the OOM errors are directly caused by the increased memory usage from the larger in-memory cache, which exceeds the current 512Mi memory limit. Increasing the limit to 1Gi accommodates the new cache size while preserving resource boundaries, and a rolling update applies the change without downtime. This aligns with Kubernetes best practices of setting realistic resource limits based on application requirements.

Exam trap

CNCF often tests the misconception that scaling replicas or removing limits solves resource exhaustion, when the correct approach is to adjust resource limits to match the application's new requirements.

How to eliminate wrong answers

Option A is wrong because scaling to 5 replicas does not resolve the OOM issue; each pod still has a 512Mi limit, and the new configuration causes each pod to exceed that limit, so more replicas would just crash more pods. Option B is wrong because removing the memory limit removes a critical safeguard, risking node instability and potential OOM kills of other pods or system processes; Kubernetes requires limits for predictable scheduling and resource isolation. Option C is wrong because reverting the ConfigMap only avoids the problem temporarily without addressing the need for a larger cache; the team should adjust limits to support the new configuration rather than abandoning the intended change.

54
MCQhard

A Kubernetes Deployment is configured with 'strategy.type: RollingUpdate'. The team wants to ensure that during an update, no more than 25% of pods are unavailable at any time. Which specification should be added?

A.spec.minReadySeconds: 30
B.spec.replicas: 4
C.strategy.rollingUpdate.maxUnavailable: 25%
D.strategy.rollingUpdate.maxSurge: 25%
AnswerC

maxUnavailable sets the maximum number of pods that can be unavailable during a rolling update.

Why this answer

The 'maxUnavailable' field in the rolling update strategy controls how many pods can be unavailable during the update. Setting it to 25% ensures at most 25% are down.

55
Multi-Selectmedium

Which TWO actions can improve the DORA metric 'Mean Time to Recovery (MTTR)'?

Select 2 answers
A.Increasing deployment frequency
B.Slowing down the release cycle
C.Using feature flags to disable faulty code quickly
D.Adding more manual approval steps
E.Implementing automated rollback on health check failure
AnswersC, E

Feature flags allow instant disabling of problematic features.

Why this answer

Reducing MTTR involves quick detection and rollback or fix of failures.

56
MCQeasy

What is the primary purpose of a container registry in a CI/CD pipeline?

A.To manage Kubernetes secrets
B.To store source code and trigger builds
C.To run CI/CD pipelines
D.To host container images for deployment
AnswerD

Container registries store built images that can be pulled by Kubernetes or other orchestration platforms.

Why this answer

A container registry stores and distributes container images. After building and scanning, images are pushed to a registry so that deployment tools can pull them to run containers.

57
MCQhard

Your organization runs a microservices application on a Kubernetes cluster with 5 worker nodes (each with 4 vCPU, 16GB RAM). The application consists of 20 microservices, each deployed as a Deployment with 3 replicas. Recently, after a new microservice 'inventory' was deployed with resource requests of 2 CPU and 4GB memory per pod, the cluster started experiencing pod scheduling failures. Many existing pods are in 'Pending' state with events indicating 'Insufficient cpu' or 'Insufficient memory'. The cluster has cluster autoscaling enabled (node pool ranging from 3 to 10 nodes), but new nodes are not being added quickly enough, and the existing nodes are heavily utilized. You need to resolve the scheduling failures while ensuring the inventory service can scale. Which course of action should you take?

A.Increase the cluster autoscaler max nodes to 20 and set a 0-second scale-up delay.
B.Set resource limits equal to requests for all microservices to guarantee resources.
C.Reduce the CPU request of the inventory deployment to 1 CPU per pod to allow better packing on existing nodes while cluster autoscaler catches up.
D.Delete all pending pods and recreate them manually.
AnswerC

Lowering requests improves packing and reduces pending status immediately.

Why this answer

Option C is correct because reducing the CPU request of the inventory deployment to 1 CPU per pod allows the scheduler to pack pods more efficiently on existing nodes, alleviating immediate 'Insufficient cpu' and 'Insufficient memory' failures while the cluster autoscaler provisions new nodes. This approach balances short-term scheduling needs with the ability to scale the inventory service later, as requests can be adjusted upward once the cluster has more capacity.

Exam trap

The trap here is that candidates may think increasing cluster autoscaler limits or setting limits equal to requests will solve the problem, but they overlook that the autoscaler cannot instantaneously add nodes and that setting limits does not free up existing resources, while reducing requests directly addresses the immediate scheduling bottleneck.

How to eliminate wrong answers

Option A is wrong because increasing the cluster autoscaler max nodes to 20 and setting a 0-second scale-up delay does not address the immediate scheduling failures; the autoscaler cannot add nodes instantly due to cloud provider provisioning latency, and the existing nodes are already heavily utilized, so pods will remain pending. Option B is wrong because setting resource limits equal to requests for all microservices does not free up resources; it only prevents bursting, which does not resolve the existing resource shortage on the nodes. Option D is wrong because deleting all pending pods and recreating them manually does not change the underlying resource constraints; the scheduler will still fail to place them due to insufficient CPU and memory on the nodes.

58
Multi-Selecthard

Which THREE of the following practices are essential for a secure cloud native CI/CD pipeline?

Select 3 answers
A.Sign container images and verify signatures during deployment
B.Store secrets in plain text in the pipeline configuration
C.Use a single long-lived service account for all pipeline steps
D.Scan container images for vulnerabilities before deployment
E.Apply least-privilege IAM roles to pipeline components
AnswersA, D, E

Ensures image integrity and authenticity.

Why this answer

Signing container images (e.g., using Cosign or Notary) and verifying those signatures during deployment ensures that only trusted, unmodified images are deployed, preventing supply chain attacks. This practice enforces image integrity and provenance, which is a core security requirement for cloud native CI/CD pipelines.

Exam trap

CNCF often tests the misconception that storing secrets in plain text is acceptable if the pipeline is 'internal' or 'trusted,' but the KCNA exam emphasizes that secrets must never be stored in plain text in any CI/CD configuration.

59
MCQmedium

An application deployment in Kubernetes uses a Deployment object. During a rolling update, the new ReplicaSet fails to become healthy. What is the default behavior of the Deployment controller?

A.It continues the rollout, ignoring the health check failures
B.It automatically rolls back to the previous revision
C.It scales down the old ReplicaSet to zero
D.It pauses the rollout and keeps the old ReplicaSet running
AnswerD

By default, the Deployment controller will pause the rollout, leaving the old ReplicaSet active.

Why this answer

By default, the Deployment controller will stop the rollout if the new pods are unhealthy, and the old ReplicaSet remains running.

60
MCQeasy

In a CI/CD pipeline, what is the difference between continuous delivery and continuous deployment?

A.Continuous delivery requires manual approval for production deployment; continuous deployment automates it
B.Continuous delivery automatically deploys to production; continuous deployment does not
C.There is no difference; the terms are used interchangeably
D.Continuous deployment runs tests; continuous delivery does not
AnswerA

That is the key distinction.

Why this answer

Continuous delivery ensures code is always in a deployable state but requires manual approval for production deployment. Continuous deployment automatically deploys every change to production without manual intervention.

61
Multi-Selectmedium

Which THREE of the following are important security practices in a container image CI/CD pipeline?

Select 3 answers
A.Hardcoding credentials in the image
B.Running containers as root user
C.Signing images to ensure integrity
D.Using minimal base images to reduce attack surface
E.Scanning images for vulnerabilities in the CI pipeline
AnswersC, D, E

Image signing verifies the image was produced by a trusted source.

Why this answer

Image scanning, signing, and using minimal base images are key security practices. Hardcoding credentials and running containers as root are anti-patterns.

62
MCQhard

A team uses Helm to manage a complex application. They want to perform a release upgrade but keep a record of the previous release so they can roll back if needed. Which Helm command should they use?

A.helm delete --purge
B.helm upgrade --history-max 5
C.helm rollback
D.helm install
AnswerB

This upgrades the release and keeps the last 5 revisions, allowing rollback. It retains history.

Why this answer

The 'helm upgrade' command with the '--history-max' flag sets the maximum number of release versions to retain. Without this flag, old versions are kept by default, allowing rollback. Alternatively, 'helm upgrade' alone maintains history; 'helm rollback' is used later.

But the question asks which command to use for the upgrade while keeping history. 'helm upgrade' naturally keeps history unless '--history-max' is set to 0.

63
Matchingmedium

Match each CNCF project to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Monitoring and alerting toolkit

High-performance proxy for service mesh

Package manager for Kubernetes

Distributed key-value store for cluster state

DNS server for service discovery in Kubernetes

Why these pairings

These are graduated CNCF projects commonly used in cloud native environments.

64
MCQeasy

Refer to the exhibit. The deployment above is created, but the pods are not receiving traffic from the associated Service. The Service selector matches 'app: web'. The Service endpoints list is empty. What is the most likely cause?

A.The Service selector does not match the pod labels
B.The containerPort is set to 80, but the Service targetPort is 8080
C.The readiness probe endpoint /health does not exist in the nginx container
D.The nginx:1.21 image is not available in the container registry
AnswerC

The readiness probe is configured to GET /health on port 80, but the default nginx image does not serve a /health page. The probe fails, so the pod is not ready and is removed from Service endpoints.

Why this answer

The correct answer is C because a readiness probe that fails (e.g., the /health endpoint does not exist in the nginx container) will cause the pod to be marked as not ready. Kubernetes removes pods with failing readiness probes from the Service's endpoints list, resulting in an empty endpoints list even though the Service selector matches the pod labels. This is a common misconfiguration where the probe endpoint is not actually served by the container.

Exam trap

CNCF often tests the distinction between readiness probes and liveness probes, and the trap here is that candidates assume a missing endpoint only affects liveness (causing restarts) rather than readiness (causing removal from Service endpoints).

How to eliminate wrong answers

Option A is wrong because the question states that the Service selector matches 'app: web', and the pods are created with that label, so the selector does match. Option B is wrong because the containerPort and Service targetPort are independent; the Service routes traffic to the containerPort, not the targetPort, and a mismatch would not cause an empty endpoints list—it would cause connection failures to the pod. Option D is wrong because an unavailable container image would prevent the pod from running (e.g., ImagePullBackOff), but the question says the pods are created and not receiving traffic, implying they are running; an unavailable image would not lead to an empty endpoints list.

65
Multi-Selectmedium

Which TWO statements are true about Kubernetes Deployments?

Select 2 answers
A.Deployments support rolling updates and rollbacks.
B.Deployments are the recommended controller for stateful applications.
C.A Deployment creates a ReplicaSet to ensure the desired number of pod replicas are running.
D.Deployments can expose applications externally via a built-in load balancer.
E.Deployments are used to run a pod on every node in the cluster.
AnswersA, C

Rolling updates and rollbacks are core features of Deployments.

Why this answer

Option A is correct because Deployments inherently support rolling updates and rollbacks through their declarative update strategy. When you change the pod template in a Deployment, it creates a new ReplicaSet and gradually scales it up while scaling down the old ReplicaSet, ensuring zero-downtime updates. If the update fails, you can roll back to a previous revision using `kubectl rollout undo`, which reverts the Deployment to a prior ReplicaSet state.

Exam trap

CNCF often tests the misconception that Deployments are suitable for stateful workloads or that they inherently expose applications externally, when in fact StatefulSets and Services are the correct components for those responsibilities.

66
Multi-Selecthard

Which TWO of the following are features of ArgoCD that support GitOps principles?

Select 2 answers
A.Automatic secret management
B.Health status visualization of applications
C.Built-in template engine for generating manifests
D.Automated sync to desired state defined in Git
E.Self-healing by reverting manual changes
AnswersB, D

ArgoCD provides a UI to show the health and sync status of applications.

Why this answer

ArgoCD automatically syncs the cluster state to the desired state defined in Git (self-healing) and displays health status of applications. It does not generate manifests from templates natively (that's Kustomize's role) nor does it manage secrets directly.

67
MCQeasy

What is the primary purpose of continuous integration (CI) in a cloud-native application delivery pipeline?

A.To automatically build and test code changes upon commit
B.To manage infrastructure provisioning
C.To manage container images and registries
D.To automatically deploy code changes to production
AnswerA

Why this answer

CI automates building and testing code changes to catch integration issues early. Option A correctly describes this. Option B is continuous deployment.

Option C refers to infrastructure as code. Option D is continuous delivery.

68
Multi-Selectmedium

Which TWO of the following are benefits of using Helm for managing Kubernetes applications?

Select 2 answers
A.Automatic scaling of pods based on CPU usage
B.Native integration with service mesh for traffic splitting
C.Templating engine for parameterizing Kubernetes manifests
D.Ability to perform rollbacks to previous releases
E.Built-in support for canary deployments
AnswersC, D

Helm uses Go templates to create reusable charts.

Why this answer

Helm provides templating for reusable configurations and allows for easy rollback to previous releases.

69
MCQhard

When using Kustomize, how do you apply a common label to all resources in the base?

A.By editing each YAML file individually
B.By setting 'commonLabels' in the kustomization.yaml
C.By using the 'patches' field to add labels
D.By using a Helm chart instead of Kustomize
AnswerB

commonLabels is designed for this purpose.

Why this answer

Kustomize's commonLabels field adds labels to all resources, including selectors.

70
MCQmedium

Which tool can be used to implement feature flags in a Kubernetes-native progressive delivery setup?

A.Argo Rollouts
B.Kustomize
C.Helm
D.Flux
AnswerA

Argo Rollouts provides canary deployments and integrates with feature flag systems like Flagd.

Why this answer

Argo Rollouts supports progressive delivery with features like canary, blue-green, and integration with service mesh for traffic shifting, and can be combined with feature flag systems.

71
MCQmedium

Which DORA metric measures how quickly code changes are deployed to production?

A.Lead time for changes
B.Mean time to recovery (MTTR)
C.Change failure rate
D.Deployment frequency
AnswerA

This metric tracks the speed from commit to production.

Why this answer

Lead time for changes measures the time from code commit to running in production.

72
Multi-Selecteasy

Which TWO of the following are benefits of implementing progressive delivery techniques (e.g., canary releases)?

Select 2 answers
A.Replaces the need for a CI/CD pipeline
B.Allows testing new features with a subset of users
C.Eliminates the need for monitoring and alerting
D.Guarantees zero downtime
E.Reduces the risk of deploying a bad version to all users
AnswersB, E

Canary releases target a small percentage of users for validation.

Why this answer

Progressive delivery reduces risk by gradual rollout and provides the ability to test new versions with a subset of users. It does not eliminate the need for monitoring nor does it replace CI/CD pipelines.

73
MCQmedium

A company is adopting a GitOps workflow for their Kubernetes deployments. They want to ensure that the cluster state always matches the desired state defined in a Git repository. Which tool is specifically designed for this purpose?

A.Helm
B.Argo CD
C.Kustomize
D.Prometheus
AnswerB

Argo CD is a GitOps tool that syncs cluster state with a Git repository.

Why this answer

Argo CD is a declarative, GitOps continuous delivery tool specifically designed for Kubernetes that automatically synchronizes the live cluster state with the desired state defined in a Git repository. It continuously monitors the cluster and Git, applying any drift to ensure the cluster matches the repository, which is the core requirement of a GitOps workflow.

Exam trap

The trap here is that candidates often confuse Helm or Kustomize as GitOps tools because they are used in GitOps pipelines, but they lack the continuous reconciliation and drift detection that a dedicated GitOps operator like Argo CD provides.

How to eliminate wrong answers

Option A is wrong because Helm is a package manager for Kubernetes that uses charts to define, install, and upgrade applications, but it does not provide continuous synchronization or drift detection from a Git repository; it is a deployment tool, not a GitOps operator. Option C is wrong because Kustomize is a configuration management tool that allows customizing Kubernetes manifests without templates, but it is a CLI tool or a kubectl plugin, not a controller that continuously reconciles cluster state with a Git repository. Option D is wrong because Prometheus is a monitoring and alerting toolkit for metrics collection and alerting, not a deployment or GitOps tool; it has no mechanism to enforce desired state from Git.

74
Multi-Selecthard

Which TWO components are part of the core Flux GitOps toolkit? (Choose 2)

Select 2 answers
A.Helm Controller
B.Helm
C.Source Controller
D.ArgoCD Application Controller
E.Kustomize Controller
AnswersC, E

Why this answer

Flux includes Source Controller and Kustomize Controller as core components. Helm Controller is also part of Flux, but the question asks for 'core' components; however, typically the core includes Source, Kustomize, and Helm. But since we need exactly two, the most essential are Source and Kustomize.

ArgoCD is a separate tool. Helm is a separate tool, though Flux has a Helm Controller. The question might expect Source and Kustomize as the answer.

75
MCQmedium

A CI/CD pipeline includes image scanning. What is the primary security benefit of scanning container images in the CI phase?

A.It reduces the time it takes to build images
B.It automatically fixes vulnerabilities
C.It prevents vulnerable images from being deployed to production
D.It ensures that the image is built only once
AnswerC

Scanning early in the pipeline allows teams to fix vulnerabilities before deployment.

Why this answer

Scanning images in CI catches vulnerabilities before the image is deployed, preventing vulnerable images from reaching production.

Page 1 of 2 · 94 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Kcna App Delivery questions.