12

Practicing for the KCNA Exam with Mock Papers

In this chapter, you’ll find several tips on how to make final preparations and tackle the Kubernetes and Cloud Native Associate (KCNA) exam. Those are followed by two mock exams that allow you to test your knowledge and make sure you’re ready to take the real exam.

About the KCNA exam

As you might remember from Chapter 2, KCNA is an entry-level exam offered by the Cloud Native Computing Foundation (CNCF), followed by much harder Certified Kubernetes Administrator/Certified Kubernetes Administrator Developer (CKA/CKAD) and Certified Kubernetes Security Specialist (CKS) certifications. Despite being a theoretical, multi-choice exam, KCNA assumes basic knowledge of kubectl commands, Kubernetes resources, architecture, and features. Almost half (46%) of the exam is about Kubernetes, and it is not recommended to attempt the exam if you have not done any hands-on exercises from this book or if you have zero prior K8s experience.

Unlike CKA, CKAD, and CKS, KCNA is broader and tests other domains and competencies, including Cloud Native and microservice architectures, continuous integration/continuous deployment (CI/CD), observability, and more. However, even without any practical experience with Prometheus, Jaeger, Argo CD, or Helm, you’ll be able to pass it based on the theory presented in the previous chapters.

The exam itself is online, remotely proctored, and can be taken from anywhere in the world with a reliable internet connection. Remotely proctored means you’ll need a web camera and a microphone, and for the whole examination time, you and your desktop will be recorded. It is not allowed to use multiple screens, so prepare to use only one.

If your internet connection breaks up, you’ll be able to rejoin the session, but you’ll lose time as the timer keeps going. You are not allowed to take the exam in public spaces such as cafés or if other people are present in the room, and you’re not allowed to eat during the exam. Drinking water from a transparent container is allowed.

Note

Don’t cheat or leave any notes and hints around as this will result in the termination of your exam! Your surroundings will be checked via the web camera!

For pricing and the latest information, refer to the official sources:

• https://www.cncf.io/certification/kcna/
• https://training.linuxfoundation.org/certification/kubernetes-cloud-native-associate/

There, you’ll find a candidate handbook, exam scheduling instructions, and answers to common organizational questions.

Note

Make sure to satisfy the system requirements after scheduling the exam, and complete the checklist in order to take the exam. Do so in advance as being late to the exam will be considered a no-show!

Make sure to have a valid, government-issued ID with a phone on the day of the exam—this will be verified at the beginning of the session.

Tips on getting ready

If you read all chapters and answered all the questions at the end of the chapters, the recommended way is to try the mock exams here while measuring the time it takes. You’ll have 90 minutes to answer all 60 questions, which leaves you with 1.5 minutes per question.

After, calculate your score:

• If the mock exam score is 80% or better, you should be good to go for the real KCNA exam. Go ahead and schedule one right after.
• If the score is close to 75%, go back and check the chapters or at least summaries on the topics where you’ve made a mistake. Answer questions at the end of the chapters and make another mock exam attempt after a day or two.

The KCNA passing score is 75%, and if you scored significantly less during the mock exam, that means you need more preparation.

Just before the exam, make sure that you get a good night’s sleep and do some other activities besides preparing for KCNA. Don’t study all night as this might negatively impact your performance on the exam day. And if you feel stressed and worried, try to shift your perspective. You have one completely free retake in case something goes wrong! What’s the point in stressing yourself out if a second exam attempt is already included in the price? But if you followed this book carefully, you likely won’t need a second attempt anyway.

A few words on how to approach the exam questions. In recent years, I have taken more than 10 professional certification exams and passed all of them on the first attempt, except one. Here is how I normally do it:

1. Read each question completely and carefully.
2. If you don’t know the answer or are not sure, mark the question and move on to the next one.
3. Never spend several minutes on a single question as you might not have enough time to attempt all questions.
4. Come back to the marked questions only after attempting all questions.

Now, it’s time to take the mock exam. Get paper and a pen, set a 90-minute timer, and nail it!

Note

The mock exam questions here are testing the same domains and competencies as the real exam, yet these are not the questions from the real KCNA exam! Posting online or publishing real exam questions is a violation of the confidentiality agreement that you sign before the exam. Never do that!

Mock exam A

Correct answers can be found in the Assessment section of the Appendix.

Note

Unless specified otherwise, there is only one correct answer.

1. You’re planning a deployment of a Kubernetes cluster in your organization. There is a requirement to make the control plane highly available. How many control plane nodes should be deployed?
   1. 1
   2. 2
   3. 3
   4. 4
2. You’re operating a Kubernetes cluster in a production environment where nodes are running in multiple failure domains (also called Availability Zones, or AZs). You need to ensure that Pods are started across predefined failure domains. Which K8s feature can be used?
   1. PVC
   2. Pod topology spread constraints
   3. Pod network policies
   4. Pod security policies
3. You’ve been asked to deploy a new application onto a Kubernetes cluster. Which check do you need to implement to constantly ensure that the application is healthy and running?
   1. Prometheus probe
   2. Container runtime check
   3. Reconciliation check
   4. Liveness and readiness probes
4. Which of the following kubectl commands can be used to get detailed information about a deployment named microservice-a?
   1. kubectl get pod microservice-a
   2. kubectl describe pod microservice-a
   3. kubectl explain deployment microservice-a
   4. kubectl describe deployment microservice-a
5. You are operating a Kubernetes cluster and have received a request to run a new application in containers that will reside in its own virtual machines (VMs), isolated from other workloads. Which technology would allow you to do that?
   1. Namespaced container runtime
   2. Virtualized container runtime
   3. Sandboxed container runtime
   4. Isolated container runtime
6. You’re deploying a new stateless microservice application into your Kubernetes cluster. The application must automatically recover from cluster node failures and should be updated regularly in a rolling fashion. Which K8s resource fits best for such a case?
   1. StatelessSet
   2. StatefulSet
   3. ReplicaSet
   4. Deployment
7. Which of the following is the smallest schedulable workload unit in Kubernetes?
   1. Deployment
   2. Container
   3. Pod
   4. Service
8. You’re deploying a new stateful application into your Kubernetes cluster that must persist data on the disk. Which Kubernetes controller will fit such a case?
   1. ReplicaSet
   2. Deployment
   3. StatelessSet
   4. StatefulSet
9. You’re operating several Kubernetes clusters, and in order to implement GitOps, you’ve started the evaluation of several tools. Which of the following is well suited for GitOps?
   1. Argo CD
   2. GitLab CI
   3. Prometheus
   4. Travis CI
10. You’re managing a Kubernetes cluster running in a big public cloud. The demand fluctuates often, and you need to automate the change of cluster size to add more worker nodes when demand is high and reduce the number when the load is low. Which technology would you use?
    1. Self-healing
    2. Horizontal Pod Autoscaler (HPA)
    3. Vertical Pod Autoscaler (VPA)
    4. Cluster Autoscaler (CA)
11. You’re debugging an application running in Kubernetes and you need to get the logs from a Pod called microservice-b that was just terminated. Which kubectl command allows you to do that?
    1. kubectl get logs microservice-b
    2. kubectl logs microservice-b --previous
    3. kubectl logs microservice-b
    4. kubectl get logs microservice-b --previous
12. You’re debugging an application in Kubernetes and need to check the logs from a container named app of the microservice-c Pod. How can you do that with kubectl?
    1. kubectl logs microservice-c
    2. kubectl get logs microservice-c app
    3. kubectl get logs microservice-c
    4. kubectl logs microservice-c -c app
13. You’re managing a Kubernetes cluster and need to run a logging agent on each node to ship the log to a centralized logging system. Which Kubernetes resource controller can be used for this logging agent?
    1. DaemonSet
    2. Deployment
    3. StatefulSet
    4. ReplicaSet
14. Which of the following is the main operational concept behind Kubernetes controllers?
    1. Readiness probe
    2. Serverless
    3. Reconciliation loop
    4. Rolling update
15. Which of the following projects can be used to implement your own Serverless platform? Pick two.
    1. Knative
    2. Prometheus
    3. OpenFaaS
    4. Jaeger
16. Which of the following technologies can be used to operate a virtualized container runtime with Kubernetes?
    1. containerd
    2. gVisor
    3. Kata
    4. Docker
17. You’ve been asked to deploy an application to Kubernetes that requires a small helper service running collocated with the main application. The helper service should share data on the disk with the main application. Which of the following resources can be used?
    1. Two Pods with a network policy
    2. Two Pods with an affinity policy
    3. Pod with a single container
    4. Pod with multiple containers
18. You’ve been asked to help with an application that is been migrated to Kubernetes. The application cannot output its logs to standard out (stdout) or standard error (stderr). What can be done in order to ship its logs to the central log aggregation system?
    1. Nothing—the vendor should be asked to implement the feature first
    2. The application should run inside the Pod with a PV attached for the logs
    3. A logging agent should be run on all nodes as a DaemonSet
    4. A logging sidecar container should be used in the Pod with the application
19. Which of the following formats is commonly used today for application logs?
    1. CSV
    2. JSON
    3. YAML
    4. SQL
20. As a part of the process improvement initiative in your organization, you are required to automate, test, and build procedures for several development teams. Which tools and processes would help if there is no need to automatically deploy the changes to various environments?
    1. Tracing
    2. GitOps
    3. CD
    4. CI/CD
21. Which of the following projects can be used to implement a service mesh? Pick two:
    1. Linkerd
    2. containerd
    3. Istio
    4. dockerd
22. You’ve just deployed a dedicated Kubernetes cluster for a new project, and you already have access to several other clusters. What needs to be done in order to access additional Kubernetes APIs from your workstation?
    1. Add new credentials to the kubecon file
    2. Add new credentials to the ssh-config file
    3. Add new credentials to the kube-proxy file
    4. Add new credentials to the kubeconfig file
23. You have been tasked to allow several development teams to use the same Kubernetes cluster. What can be done to logically separate their workloads from each other?
    1. Let each team assign its own labels to each started Pod
    2. Create a namespace for each team
    3. Use affinity rules to schedule each team’s Pods to certain nodes
    4. Use a virtualized container runtime such as Kata
24. Your development team is adding telemetry instrumentation to a new microservice that it’s working on. It is asking at which endpoint the Prometheus-compatible metrics should be exposed for collection. Which of the following is the correct choice?
    1. /metrics
    2. /metric
    3. /prometheus
    4. /collect
25. What are the four Cs of Cloud Native security?
    1. Code, Commit, Comply, Cloud
    2. Code, Container, Cluster, Cloud
    3. Code, Commit, Cluster, Cloud
    4. Code, Container, Commit, Collocation
26. You have been assigned to design a Kubernetes setup where all Pod-to-Pod traffic will be encrypted. Which of the following solutions would be suitable?
    1. Use cluster network policies
    2. Deploy a service mesh into the cluster
    3. Use RBAC
    4. Ask developers to add TLS to each application in the cluster
27. What is a component of a service mesh that must be part of all workloads in Kubernetes?
    1. Service of type LoadBalancer in front of each Pod
    2. Secret injected to all Pods
    3. ConfigMap injected to all Pods
    4. Sidecar container injected to all Pods
28. Which of the following are part of the Open Container Initiative (OCI) specifications? Select all that apply:
    1. Image specification
    2. Runtime specification
    3. Distribution specification
    4. Pod specification
29. Which of the following are the correct maturity levels for projects curated by CNCF?
    1. Sandbox, Incubating, Passed
    2. Sandbox, Incubating, Graduated
    3. Sandboxed, Namespaced, Virtualized
    4. Alpha, Beta, Release
30. You’ve been asked to deploy a tracing tool to analyze a complex microservice-based application. Which of the following could be an option?
    1. Prometheus
    2. Traefik
    3. Knative
    4. Jaeger
31. Which of the following are the attributes of highly resilient systems? Select all correct answers.
    1. Traffic encryption
    2. Latest kernel version
    3. Desired state
    4. Self-healing
32. Which technology is behind the default service discovery mechanism of Kubernetes?
    1. Iptables
    2. DNS
    3. SSL
    4. DHCP
33. You’ve been asked to implement automatic scaling (depending on the load) for an application running in Kubernetes. Which of the following tools will be helpful?
    1. CA
    2. Deployment Autoscaler (DA)
    3. Horizontal Node Autoscaler (HNA)
    4. HPA
34. A company is looking to hire a professional who understands the entire application lifecycle and makes security an essential part of it. Which of the following job roles should the company be looking for?
    1. System Administrator
    2. DevSecOps Engineer
    3. Cloud Solution Architect
    4. Data Scientist
35. Which of the following are valid container runtimes? Select all correct answers:
    1. Xen
    2. Kubernetes
    3. gVisor (runsc)
    4. containerd
36. Which ways exist to extend Kubernetes API with new features? Pick two:
    1. Code resource definitions
    2. Custom resource definitions
    3. Extension layers
    4. Aggregation layers
37. You have prepared a declarative Kubernetes spec file for a new application. The file is named microservice-d.yaml. How would you deploy it to the cluster using kubectl?
    1. kubectl deploy -f microservice-d.yaml
    2. kubectl apply -f microservice-d.yaml
    3. kubectl run -f microservice-d.yaml
    4. kubectl exec -f microservice-d.yaml
38. Your team is evaluating Kubernetes for container orchestration and would like to know which of the following features are available out of the box. Pick two:
    1. Request tracing
    2. IP Address Management (IPAM)
    3. Service discovery
    4. Full traffic encryption
39. Which of the following is considered a good CI/CD practice?
    1. Frequent, large releases done by the whole team together
    2. Frequent, small, and fully automated releases
    3. Infrequent, large, and automated releases
    4. Frequent, small, well-tested, and automated releases
40. What are the advantages of using Kubernetes controllers such as Deployment or StatefulSet compared to static definitions of simple Pods?
    1. Controlled Pods start and run faster
    2. They allow self-healing and rolling updates
    3. They allow affinity settings to be defined
    4. They allow Pods to be exposed via a Service
41. Which of the following is a valid statement about Serverless?
    1. It is only available in the public cloud
    2. It only works with Kubernetes
    3. It does not use any server hardware
    4. It abstracts away all server management operations
42. A team lead has asked you to help with development process optimization. Developers spend a lot of time testing and building packages themselves. What would be your suggestion?
    1. Ask developers to install a newer IDE
    2. Implement a CI/CD pipeline
    3. Migrate applications to Kubernetes
    4. Migrate applications to large bare-metal servers
43. An old application cannot be easily containerized and must continue to run in a VM but be managed with Kubernetes. Which of the following projects allows us to extend Kubernetes beyond container orchestration to also manage VMs?
    1. KubeVirt
    2. Kubeless
    3. Swarm
    4. Istio
44. Which of the following formats is commonly used for writing Kubernetes spec files?
    1. CSV
    2. YAML
    3. HTML
    4. XML
45. Which of the following elements are a part of GitOps? Pick two:
    1. Kubernetes
    2. Infrastructure as Code (IaC)
    3. Jenkins
    4. Merge (pull) requests
46. Which of the following are valid telemetry signals?
    1. Logs, metrics, traces
    2. Logs, pings, tracks
    3. Logs, metadata, traces
    4. Logs, measurements, traces
47. What does cluster-level logging mean in the Kubernetes environment?
    1. When logs from each node in the cluster are stored on the control plane nodes at the /var/log path
    2. When logs from all containers are shipped to a separate backend independent from the K8s lifecycle
    3. When each Pod has its own logging configuration and individual log storage location
    4. When all cluster events are logged into a separate log file
48. You’re troubleshooting an application that misbehaves and decide to enable maximum log verbosity to get as many details as possible. Which is the corresponding logging level?
    1. CRITICAL
    2. WARNING
    3. INFO
    4. DEBUG
49. You’ve been asked to configure autoscaling for a new application. Which class of telemetry signal is suitable?
    1. Metrics
    2. Application logs
    3. Kubernetes events
    4. Traces
50. Your organization has started a cost optimization initiative and is looking to reduce monthly cloud bills. Which of the following would you recommend?
    1. Switch critical workloads to spot instances
    2. Lower log level to save on storage
    3. Implement autoscaling based on the load
    4. Move from microservices to monoliths
51. What makes it possible to query Prometheus metrics from the past?
    1. Alertmanager
    2. Time Series Database (TSDB)
    3. PVC
    4. Graphite
52. Which of the following CNCF bodies is responsible for approving new CNCF projects and aligning existing ones?
    1. Board of Directors
    2. End User Community
    3. Governing Board (GB)
    4. Technical Oversight Committee (TOC)
53. Which of the following is the format of Prometheus metrics?
    1. Traces
    2. JSON
    3. Time series
    4. Spans
54. Which of the following should never be done in a team with an established GitOps process?
    1. Opening (pull) merge requests
    2. Manual changes in the live environment
    3. Reviewing teammate’s code
    4. Monitoring the system state
55. Your team is operating a Kubernetes cluster with a containerd runtime. Why might this be a concern for a new application with strict security requirements?
    1. containerd is not the fastest runtime and can be a bottleneck
    2. containerd does not support network policies
    3. containerd relies on a shared kernel
    4. containerd does not support Pod security policies
56. What are the advantages of containers when compared to VMs? Pick two:
    1. Containers consume fewer resources than VMs
    2. Containers are more secure than VMs
    3. Containers take less time to start
    4. Containers don’t need OS updates
57. How many times per year does a new Kubernetes release come out?
    1. 1
    2. 2
    3. 3
    4. 5
58. Which of the following allows us to use different container runtimes with Kubernetes?
    1. CSI
    2. CNI
    3. SMI
    4. CRI
59. It’s been said that Kubernetes has a declarative API. What does that mean?
    1. We always need to declare a YAML spec file to use a K8s API
    2. We declare the desired state and K8s will reach it once
    3. We declare the desired state and K8s will constantly try to reach it
    4. We instruct Kubernetes exactly what to do with which resource
60. Which of the following container runtimes adds an intermediate kernel layer between the host kernel and containers that become sandboxed?
    1. containerd
    2. gVisor
    3. Kata
    4. dockerd

That’s it! Have you managed to complete it under 90 minutes? Hopefully, you did. Now, check the correct answers and calculate your score based on the following simple formula:

If you are not happy with the results or you’d like to get more confidence, read more on the topics where you’ve made mistakes and do another attempt with Mock exam B.

Make sure to take a break between the attempts. Sometimes, it is better to have a rest for a day or even two days to let everything sink in. Good luck!

Mock exam B

Correct answers can be found in the Assessment section of the Appendix.

1. Which of the following are valid telemetry signals?
   1. Measurements, traces, logs
   2. Pings, traces, logs
   3. Metadata, traces, logs
   4. Metrics, traces, logs
2. Your organization is running Kubernetes, and the development team asked whether it would be possible to run Serverless applications with it. Which of the following projects can be used to implement your own Serverless platform on top of Kubernetes? Pick two:
   1. Knative
   2. OpenFaaS
   3. KubeVirt
   4. KubeConf
3. You’re planning a production deployment of a Kubernetes cluster in your organization. The control plane should be highly available. How many control plane nodes should be deployed?
   1. 2
   2. 4
   3. 3
   4. 1
4. Which of the following is the smallest, individually schedulable workload unit in Kubernetes?
   1. Pod
   2. Container
   3. Deployment
   4. Service
5. You have prepared a Kubernetes spec file for a new application. The file is named kcna-microservice.yaml. How would you deploy it to the cluster with kubectl?
   1. kubectl deploy -f kcna-microservice.yaml
   2. kubectl apply -f kcna-microservice.yaml
   3. kubectl run -f kcna-microservice.yaml
   4. kubectl exec -f kcna-microservice.yaml
6. Some applications in your organization cannot be easily containerized and must continue to run in a VM but be managed with Kubernetes. Which of the following projects allows us to extend Kubernetes to also manage VMs?
   1. KubeVirt
   2. Kubeless
   3. Swarm
   4. Knative
7. An application in Kubernetes runs under different loads depending on the time of the day. You’ve been asked to implement autoscaling for it to accommodate fluctuations. Which of the following tools can be helpful?
   1. CA
   2. HPA
   3. HNA
   4. DA
8. An application is misbehaving, and you’ve been asked to find the root cause. You decide to enable maximum log verbosity. Which of the following log levels provides the most details?
   1. INFO
   2. WARNING
   3. ERROR
   4. DEBUG
9. Which of the following are maturity levels for projects curated by the CNCF?
   1. Sandbox, Incubating, Finished
   2. Sandbox, Incubating, Graduated
   3. Sandboxed, Namespaced, Graduated
   4. Alpha, Beta, Release
10. Which of the following types of nodes does Kubernetes have?
    1. Minion and worker nodes
    2. Control plane and worker nodes
    3. Control plane and minion nodes
    4. Primary and secondary nodes
11. Which technology stands behind the default service discovery mechanism of Kubernetes?
    1. Iptables
    2. SSL
    3. DNS
    4. DHCP
12. You’ve been asked to deploy a tracing tool to analyze a distributed microservice-based application. Which of the following options can be considered? Pick two:
    1. Zipkin
    2. Traefik
    3. Prometheus
    4. Jaeger
13. You’re debugging an application in Kubernetes and need to check the logs from a container named kcna of the microservice Pod. How to do that with kubectl?
    1. kubectl logs microservice
    2. kubectl get logs microservice -c kcna
    3. kubectl get logs microservice kcna
    4. kubectl logs microservice -c kcna
14. Which of the following are part of the OCI specifications? Select all that apply:
    1. Kubernetes specification
    2. Runtime specification
    3. Distribution specification
    4. Image specification
15. Your team is evaluating Kubernetes for container orchestration and would like to know which network-related features are available by default. Pick two:
    1. Request tracing
    2. IPAM
    3. Service discovery
    4. Full traffic encryption
16. Which of the following Kubernetes resources allow us to recover (self-heal) an application if the node it was running on has failed? Pick two:
    1. Deployment
    2. Pod
    3. StatefulSet
    4. Service
17. You’ve been asked to deploy a new application in Kubernetes. Which check feature helps to constantly ensure that the application is running and healthy?
    1. Deployment probe
    2. Container runtime check
    3. Reconciliation check
    4. Liveness and readiness probes
18. With kubectl version 1.24 installed, which Kubernetes cluster versions would you be able to manage? Select all that apply:
    1. 1.24
    2. 1.25
    3. 1.23
    4. 1.21
19. Which crucial element of service mesh must be a part of all workloads in Kubernetes?
    1. LoadBalancer service deployed in front of each Pod
    2. Proxy config injected to all Pods
    3. Service ConfigMap injected to all Pods
    4. Sidecar container injected to all Pods
20. Which of the following Kubernetes components is used to store information about the cluster and its state?
    1. etcd
    2. kubelet
    3. kube-store
    4. PVC
21. Which of the following CNCF bodies is responsible for approving new CNCF projects and aligning existing ones?
    1. TOC
    2. End User Community
    3. GB
    4. Board of Directors
22. You’ve received security requirements for a new microservice-based application that should not run on hosts with shared kernels. Which of the following could be a solution?
    1. Use Docker
    2. Use namespaced container runtime
    3. Use virtualized container runtime
    4. Use Pod security policies
23. You’re operating a Kubernetes cluster in a cloud environment where worker nodes are spread across multiple AZs. You need to ensure that application Pods run across all AZs. Which K8s feature can be used?
    1. StatefulSet
    2. Pod topology spread constraints
    3. Pod network policies
    4. Pod availability policies
24. Which of the following kubectl commands can be used to get detailed information about a deployment called microservice-kcna?
    1. kubectl get pod microservice-kcna
    2. kubectl describe pod microservice-kcna
    3. kubectl describe deployment microservice-kcna
    4. kubectl explain deployment microservice-kcna
25. Which of the following is a valid container runtime? Select all correct answers:
    1. KVM
    2. Kubernetes
    3. gVisor (runsc)
    4. containerd
26. Which of the following best describes a highly resilient application and infrastructure?
    1. Ability to automatically shut down in case of issues
    2. Ability to automatically recover from most failures
    3. Ability to preserve the state in case of failure
    4. Ability to perform rolling updates
27. You are reviewing the release notes of a new Kubernetes version, and it turns out one of the resources you’re using has been deprecated. How much time would it take for a deprecated resource to be removed?
    1. About 2 years
    2. 4 months
    3. 2 months
    4. 6 months
28. Your development team is adding Prometheus-compatible telemetry instrumentation to a new microservice it’s working on. Which endpoint is scraped by Prometheus by default?
    1. /metrics
    2. /metric
    3. /prometheus
    4. /collect
29. You’re working on the deployment of an application that is missing native support for exposing Prometheus metrics. Which of the following allows us to collect metrics in such a case?
    1. Running the application in Kubernetes
    2. Installing Pushgateway
    3. Installing Alertmanager
    4. Installing Prometheus Exporter for the application
30. What are the four Cs of Cloud Native security?
    1. Code, Commit, Compliance, Cloud
    2. Code, Container, Cluster, Collocation
    3. Code, Collaboration, Cluster, Cloud
    4. Code, Container, Cluster, Cloud
31. Which of the following Kubernetes components is used to download container images and start containers?
    1. kubelet
    2. Container runtime
    3. etcd
    4. kube-scheduler
32. Which of the following is true about Serverless?
    1. It is only available in the cloud
    2. It only works with Kubernetes
    3. It uses no server hardware at all
    4. It abstracts all server management operations away
33. Which of the following is the smallest part of a Serverless application?
    1. Gateway
    2. Function
    3. Commit
    4. Container
34. You have just received credentials to access a Kubernetes cluster and would like to find out which namespaces are there. Which of the following kubectl commands can be used to list all namespaces in the cluster?
    1. kubectl list namespaces --all-namespaces
    2. kubectl show namespaces
    3. kubectl get namespaces
    4. kubectl list all namespaces
35. What happens when the Kubernetes scheduler cannot assign a Pod to a node?
    1. It will be stuck in the Pending state
    2. It will be forcefully run on one of the control plane nodes
    3. It will be stuck in the NotScheduled state
    4. It will be gone after five scheduling attempts
36. You’re working on a solution for a microservice-based application with strict security requirements. All network Pod-to-Pod communication has to be encrypted. Which of the following would be a suitable option?
    1. Deploy a service mesh
    2. Enforce K8s security policies
    3. Set up Kubernetes RBAC
    4. Use K8s network policies
37. Which of the following formats is normally used for application logs?
    1. CSV
    2. SSL
    3. YAML
    4. JSON
38. You’ve been asked to evaluate service mesh solutions. Which of the following projects can be used? Pick two:
    1. Linkerd
    2. Swarm
    3. Istio
    4. Traefik
39. You’re managing a Kubernetes cluster and need to run a logging agent on each node to ship the log to a centralized logging system for storage and processing. Which Kubernetes resource controller fits best?
    1. DaemonSet
    2. Deployment
    3. StatefulSet
    4. ReplicaSet
40. You’re debugging an application running in Kubernetes and you need to get the logs from a Pod called microservice-kcna that was just terminated. Which kubectl command allows you to do that?
    1. kubectl get logs microservice-kcna -p
    2. kubectl logs microservice-kcna -p
    3. kubectl logs microservice-kcna
    4. kubectl get logs microservice-kcna –previous
41. You’re reading the best practices guide and it recommends setting up cluster-level logging on Kubernetes. What exactly does that mean for log storage?
    1. K8s needs separate log collection and aggregation systems
    2. K8s aggregates all cluster logs on control plane nodes
    3. K8s comes with a log storage and aggregation solution out of the box
    4. K8s has storage only for the most important cluster health logs
42. Which Kubernetes spec setting configures the number of Pods managed by a Deployment?
    1. podnum
    2. Replicas
    3. Containers
    4. Instances
43. You’re evaluating different tools for building CI/CD pipelines to automate build-test-release processes for your development team. Which of the following can be considered? Pick two:
    1. Prometheus
    2. Jenkins
    3. Linkerd
    4. GitLab CI
44. A colleague has shared credentials to access a new Kubernetes cluster they just deployed. What do you need to do to access its API from your workstation?
    1. Add new credentials to the kubecon file
    2. Add new credentials to the kubernetes-conf file
    3. Add new credentials to the kube-proxy file
    4. Add new credentials to the kubeconfig file
45. You’re preparing to deploy a new application in a Kubernetes cluster, and you need to provide non-default configuration files for it. Which of the following K8s resources is suitable for storing and injecting generic configuration into containers?
    1. SettingMap
    2. ConfigMap
    3. PV
    4. Ingress
46. You’re evaluating options to deploy a microservice application into a Kubernetes cluster. The application must automatically recover from individual K8s node failures and should be updated via rolling updates. The application does not need to store data locally. Which K8s resource fits best for such a case?
    1. StatelessSet
    2. StatefulSet
    3. ReplicaSet
    4. Deployment
47. Your team runs Kubernetes in the public cloud, and due to fluctuating demand would like to dynamically add and remove cluster nodes depending on current demand. Which of the following would allow you to achieve that?
    1. K8s Node autoscaler
    2. K8s CA
    3. K8s HPA
    4. K8s VPA
48. Which of the following Kubernetes cluster configurations can be recommended for a highly available infrastructure setup?
    1. 3 control planes and 10 worker nodes
    2. 1 control plane and 10 worker nodes
    3. 2 control planes and 10 worker nodes
    4. 3 control planes and 1 worker node
49. Which of the following is true about containers and VMs? Pick two:
    1. Applications are easy to package in containers
    2. Applications are easy to package in VMs
    3. Container images are easy to share
    4. VM images are small in size
50. A development team has reached out, asking to help it improve its workflow and increase developer productivity. Which of the following can you recommend?
    1. Deploy a service mesh
    2. Switch to a different language such as Go or Python
    3. Build a CI/CD pipeline
    4. Migrate to a better cloud provider
51. Which of the following allows direct instrumentation for applications to provide metrics in Prometheus format?
    1. K8s service discovery
    2. Client libraries
    3. Exporters
    4. Pushgateway
52. Several departments have requested a partition with their own users and quotas on the corporate Kubernetes cluster. Which of the following can help?
    1. Namespaced runtime
    2. Shared runtime
    3. Pod quota policy
    4. Kubernetes namespaces
53. A development team is planning to deploy a new application soon, and you’re asked to configure autoscaling for it. Which class of telemetry is the best source for autoscaling decisions?
    1. Metrics
    2. Traces
    3. Pings
    4. Logs
54. A new colleague has recently started in your team, which follows a GitOps workflow. Which of the following should they not do as it goes against established GitOps processes?
    1. Review any pull or merge requests
    2. Make manual changes to environments
    3. Deploy workloads to Kubernetes with declarative specifications
    4. Respond to any alerts raised across production environments
55. Which of the following best describes horizontal scaling?
    1. Adding more CPUs to the same service instance
    2. Adding more RAM to the same service instance
    3. Adding more replicas/instances of the same service
    4. Adding an extra load balancer in front of the service instance
56. The development team has asked to automate the testing, build, and release of the applications it is working on, but the software should not be automatically deployed to any environments. Which of the following can help? Pick two:
    1. GitOps
    2. Flux CD
    3. CI/CD pipelines
    4. Jenkins
57. Which of the following characterizes Serverless computing? Pick two:
    1. Servers are not needed anymore
    2. It supports all programming languages
    3. It is event-based
    4. The provider takes care of server management
58. Why is using Kubernetes resource controllers such as Deployments a preferred way of deploying workloads in Kubernetes?
    1. They make workloads run faster
    2. They add self-healing, scaling, and rolling update features
    3. They optimize CPU and RAM usage and consume fewer resources overall
    4. They allow changing container images without restarting the Pods
59. What is the main operational mechanism behind Kubernetes resource controllers?
    1. CI/CD
    2. Serverless
    3. Readiness probe
    4. Reconciliation loops
60. The development team is working on incorporating telemetry into all applications written in different programming languages. They are asking whether there are any open source projects that can help. Which would you suggest?
    1. Knative
    2. Istio
    3. OpenTelemetry
    4. Traefik

Congratulations and well done on finishing the second mock exam!

Hopefully, your score is 75% or higher, and that gives you more confidence in taking the real certification exam. As you can see, many questions are essentially small scenarios where you must find the best solution. Some questions are also easier compared to those at the end of the chapters as the intention of many chapters is to take you one step further than required for passing KCNA. In fact, for the scope of KCNA, you need to understand core concepts and be familiar with the tools and their purpose.

Don’t expect very deep or super complex questions but expect broad questions from all domains of the KCNA curriculum with a lot of focus on Kubernetes.

Now, go ahead and schedule the KCNA exam. Wishing you the best of luck and hoping that you’ll also read the next, and final, chapter where I share some tips on how to move forward and advance your career in the world of Cloud Native.