KCNA · topic practice

Cloud Native Application Delivery practice questions

Practise KCNA NAT and PAT questions covering address translation types, inside/outside interface roles, static vs dynamic vs PAT, and troubleshooting missing or incorrect translations.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Cloud Native Application Delivery

What the exam tests

What to know about Cloud Native Application Delivery

Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.

IaaS, PaaS and SaaS responsibilities and examples.

Public, private, hybrid and community cloud deployment models.

On-premises vs cloud trade-offs: cost, control, scalability.

How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.

Why learners struggle

Why Cloud Native Application Delivery questions are commonly missed

NAT questions are missed when learners confuse the four address types (inside local, inside global, outside local, outside global) or misapply the interface direction. A translation rule can look correct but still fail if the ACL, interface, or direction is wrong.

  • ·Inside local vs inside global — inside local is the private source, inside global is the translated public address
  • ·PAT overloads — many sources share one public IP using unique port numbers
  • ·Interface direction — ip nat inside and ip nat outside must be on the correct interfaces
  • ·Static NAT vs dynamic NAT vs PAT — each serves a different use case
  • ·The NAT ACL identifies traffic to translate, not traffic to permit or deny
  • ·A missing translation can look like a routing problem if the interfaces are misconfigured

Watch out for

Common Cloud Native Application Delivery exam traps

  • IaaS gives you infrastructure control; SaaS gives you only the application.
  • Hybrid cloud combines on-premises and public cloud — not two public clouds.
  • Cloud does not automatically mean cheaper or more secure.
  • Management responsibility shifts with each service model (IaaSPaaSSaaS).

Practice set

Cloud Native Application Delivery questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full NAT/PAT explanation →

A startup wants to minimize downtime during application updates in Kubernetes. Which deployment strategy should they use?

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer notices that after a Helm upgrade, the new pods are crash looping with 'ImagePullBackOff'. What is the most likely cause?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

A team wants to implement GitOps for their Kubernetes workloads using Argo CD. They have multiple environments (dev, staging, prod) in separate clusters. What is the best practice for structuring the Git repository?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A user reports that a ConfigMap update is not reflected in running pods. Which action should be taken to ensure pods receive the updated configuration?

Question 5easymulti select
Read the full NAT/PAT explanation →

Which TWO of the following are benefits of using Helm for application delivery?

Question 6hardmulti select
Read the full NAT/PAT explanation →

Which THREE of the following practices are essential for a secure cloud native CI/CD pipeline?

Question 7hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. The deployment myapp is updated from image myapp:1.0 to myapp:2.0. During the rollout, what is the maximum number of pods that will be unavailable at any given time?

Exhibit

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: myapp:1.0
        resources:
          requests:
            cpu: 500m
            memory: 256Mi
          limits:
            cpu: 1
            memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
spec:
  type: ClusterIP
  selector:
    app: myapp
  ports:
  - port: 80
    targetPort: 8080
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: myapp-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: myapp
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
Question 8hardmultiple choice
Read the full NAT/PAT explanation →

Your organization runs a microservices application on a Kubernetes cluster with 5 worker nodes (each with 4 vCPU, 16GB RAM). The application consists of 20 microservices, each deployed as a Deployment with 3 replicas. Recently, after a new microservice 'inventory' was deployed with resource requests of 2 CPU and 4GB memory per pod, the cluster started experiencing pod scheduling failures. Many existing pods are in 'Pending' state with events indicating 'Insufficient cpu' or 'Insufficient memory'. The cluster has cluster autoscaling enabled (node pool ranging from 3 to 10 nodes), but new nodes are not being added quickly enough, and the existing nodes are heavily utilized. You need to resolve the scheduling failures while ensuring the inventory service can scale. Which course of action should you take?

Question 9easymultiple choice
Read the full NAT/PAT explanation →

A team is deploying a new microservice that processes sensitive user data. They want to ensure that secrets such as database passwords are not exposed in the container image or environment variables. Which approach should they use?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A company is adopting a GitOps workflow for their Kubernetes deployments. They want to ensure that the cluster state always matches the desired state defined in a Git repository. Which tool is specifically designed for this purpose?

Question 11hardmultiple choice
Read the full NAT/PAT explanation →

A microservice application is experiencing high latency during traffic spikes. The team identifies that the database connection pool is exhausted. They want to implement a pattern that helps decouple the microservice from direct database connections and smooth out traffic bursts. Which design pattern should they apply?

Question 12mediummulti select
Read the full NAT/PAT explanation →

Which TWO statements are true about Kubernetes Deployments?

Question 13hardmultiple choice
Read the full NAT/PAT explanation →

A financial services company runs a critical trading application on Kubernetes. The application is deployed as a Deployment with 3 replicas. Each pod exposes metrics on port 8080 and uses a ConfigMap to load configuration. Recently, after a configuration change via a ConfigMap update, two of the three pods started crashing with an out-of-memory (OOM) error, while the third pod continues to run fine. The team verified that the ConfigMap was updated correctly and that the application code did not change. The pods have resource limits set: memory limit of 512Mi and request of 256Mi. The application's memory usage before the change was around 200Mi. The new configuration increases the in-memory cache size. The team suspects the issue is related to the configuration change. What is the best course of action?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

A team is deploying a microservice application on Kubernetes. They want to ensure that during rolling updates, the new version of the service receives traffic only after the readiness probe succeeds. However, they observe that the old pods are terminated before the new pods are ready, causing a brief downtime. Which configuration change should they make to the Deployment to prevent this?

Question 15mediummulti select
Read the full NAT/PAT explanation →

A DevOps team uses Helm to manage Kubernetes applications. They want to ensure that sensitive data (e.g., database passwords) is not stored in plaintext in the Helm chart or in the cluster's ConfigMaps/Secrets. Which TWO practices should they adopt? (Choose two.)

Question 16easymultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. The deployment above is created, but the pods are not receiving traffic from the associated Service. The Service selector matches 'app: web'. The Service endpoints list is empty. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: app
        image: nginx:1.21
        ports:
        - containerPort: 80
        readinessProbe:
          httpGet:
            path: /health
            port: 80
          initialDelaySeconds: 5
          periodSeconds: 10
```
Question 17mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to create a Kubernetes deployment using kubectl into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to troubleshoot a Pod stuck in CrashLoopBackOff into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to create a ConfigMap from a file in Kubernetes into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to scale a Kubernetes Deployment horizontally into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cloud Native Application Delivery sessions

Start a Cloud Native Application Delivery only practice session

Every question in these sessions is drawn from the Cloud Native Application Delivery domain — nothing else.

Related practice questions

Related KCNA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the KCNA exam test about Cloud Native Application Delivery?
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cloud Native Application Delivery questions in a focused session?
Yes — the session launcher on this page draws every question from the Cloud Native Application Delivery domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other KCNA topics?
Use the topic links above to move to related areas, or go back to the KCNA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the KCNA exam covers. They are not copied from any real exam or dump site.