Certified Kubernetes Application Developer (CKAD) practice exam with well-explained answers

karaniph
9 min readOct 7, 2024

--

application developer exam badge

🚀 Ace your CKAD-certified Kubernetes application developer exam with the exam bundle from The Linux Foundation 👉 Visit Now!

1. Your DevOps manager wants to use a monitoring tool that supports Kubernetes natively. Which tool would you suggest? Select one answer

A.Ganglia

B.Nagios

C.Splunk

D.Metrics Server/Heapster

2. What is one scenario in which the use of Kubernetes pods would be recommended?

A. host vertically integrated stateful applications

B. To Support co-located, co-managed helper programs

C. To Run multiple instances of the same application

D.To provide independent storage volumes across platforms

3. As a Kubernetes application developer you have deployed an application in Kubernetes. The application container exposes port 80. You need to be able to access the application from outside of the cluster. What Kubernetes resource should you use to meet this requirement?

A.A service

B.A binding

C.A deployment

D. An endpoint

4. What is one way through which users can access the Kubernetes API?

A.kubectl

B.Java API

C.ssh

D.gRPC requests

5. you have been contracted by a company that runs applications on Kubernetes but is having issues with some pods what would be the recommended first step when debugging a pod?

A. Make sure insufficient available resources are not preventing scheduling the pod.

B.Use the “kubectl describe pods" and "kubectl logs" commands to check the current state of the pod and recent events.

C.Use the “kubectl get nodes -o" command to see if any pod reports an error status.

D. Verify if there was a failure to pull the image.

6. A Kubernetes ____ is an abstraction that defines a logical set of Pods and a policy by which to access them.

A.Job

B.Controller

C.Service

D.Selector

7. Which two kubectl commands are useful for collecting information about any type of resource that is active in a Kubernetes cluster? (Choose 2 answers)

A.get

B.describe

C.logs

D.explain

8. In Kubernetes, a(n) ____ is a key/value pair, intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but which do not directly imply semantics to the core system.

A.pod

B.annotation

C.label

D.selector

9.____ within a pod share an IP address and port space, and can find each other via localhost.

A.Containers

B.Instances

C.Images

D.Contexts

10. What happens when you apply both container and pod-level security context settings that overlap?

A. The assignment that causes the overlap fails

B. The container-level security context settings override settings made at the pod level

C. The pod-level security context settings override settings made at the container level

D. The settings applied first are overridden by the ones applied last

11. As the senior Kubernetes developer in your company you have been asked to debug a pod that is crashing. What command would be beneficial during this process?

A.kubectl create -f

B.kubectl get nodes -o

C.kubectl logs

D.docker pull

12. How would you segment resources in Kubernetes when you want to prevent users from easily affecting resources in other projects, teams, or environments?

A. Create a Namespace for each segment

B.Use resource naming conventions

C.Use a rigorous label schema

D.Use Kubernetes Scopes

13. What is the core grouping primitive in Kubernetes?

A.Key-value pair

B.Namespace

C.Annotation

D.Label selector

14. You would like to start sending traffic to a pod only when a probe succeeds. What is the best type of probe in this situation?

A.Use a LivenessProbe.

B.Specify a LivenessProbe and a RestartPolicy of Always or OnFailure.

C.Specify a ReadinessProbe.

D.Use a ReadinessProbe and a RestartPolicy of Always or OnFailure.

15. As the cloud developer for a large bank you need to utilize a PersistentVolume for application storage in a Kubernetes cluster. What field of a PersistentVolume can you use to control the number of nodes that can mount the PersistentVolume for reading and writing?

A. accessMode

B. mountOptions

C. sharingOptions

D. nodeSelector

16. The DevOps manager at your firm has asked you to manually create a service account named Jenkins. Which command could you use?

A.kubectl config set-credentials -name jenkins -creat

B.kubelet config set-credentials -name jenkins -create -i yaml

C.kubectl create serviceaccount jenkins

D.kubelet create serviceaccount jenkins -i yaml

17. A media company is using pods to co-locate a content management system with a data loader and a local cache manager. A new team member suggests running these programs in a single Docker container instead. You explain to him that Kubernetes recommend using pods because it __________________.

A.allows individual containers to be versioned, rebuilt, and redeployed independently

B.reduces latency when serving user requests

C.allows software dependencies to be tightly coupled

D.prevents scheduler and node failures

18. An intern in your team has asked for your help in writing a set-based label selector that filters resources with a partition key (no matter the value) and with an environment different from qa. Write a set-based label selector that accomplishes this task.

A.exists(partition) && environment isnot (qa)

B.partition == *, environment notin (qa)

C.partition, environment notin (qa)

D.partition, environment != qa

19. Service accounts within Kubernetes are associated with ____.

A.objects representing key pairs

B.usernames representing “normal” users

C.registered client certificates

D.pods running in the clusters

ANSWERS WITH EXPLANATIONS

1.D- Metrics Server, and its predecessor Heapster, are cluster-wide aggregator of monitoring and event data. It currently supports Kubernetes natively and works on all Kubernetes setups. Heapster and Metrics Server run as a pod in the cluster, similar to how any Kubernetes application would run. The Heapster or Metrics Server pod discovers all nodes in the cluster and queries usage information from the nodes’ Kubelet, the on-machine Kubernetes agent. The Kubelet itself fetches the data from cAdvisor. Heapster or Metrics Server groups the information by pod along with the relevant labels. This data is then pushed to a configurable backend for storage and visualization.

2.B- Pods can be used to host vertically integrated application stacks (e.g., LAMP), but their primary motivation is to support co-located, co-managed helper programs, such as:

  • content management systems, file and data loaders, local cache managers, etc.
  • log and checkpoint backup, compression, rotation, snapshotting, etc.
  • data change watchers, log tailers, logging and monitoring adapters, event publishers, etc.
  • proxies, bridges, and adapters
  • controllers, managers, configurators, and updaters

3.A- A service provides a mechanism for accessing a logical set of pods. You can use a service of type NodePort or LoadBalancer to allow external access to an application running in Kubernetes.

A binding is used for associating a role with a user to authorize actions the user is allowed to perform.

4.A- Users access the API using kubectl, client libraries, or by making REST requests. Both human users and Kubernetes service accounts can be authorized for API access.

Learn more: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/, opens in a new tab

5.B- The first step in debugging a pod is taking a look at it. Check the current state of the pod and recent events with the following command:

$ kubectl describe pods ${POD_NAME}

Look at the state of the containers in the pod. Are they all Running? Have there been recent restarts?

Continue debugging depending on the state of the pods.

6.C- A Kubernetes Service is an abstraction that defines a logical set of Pods and a policy by which to access them — sometimes called a micro-service. The set of Pods targeted by a Service is (usually) determined by a Label Selector (see below for why you might want a Service without a selector).

7.A & B- The get and describe commands are useful for reporting information about active resources in a cluster.

list and watch are not kubectl commands. They are two examples of read verbs in the Kubernetes API. For example, kubectl sends list requests to the Kubernetes API to create the output of kubectl get commands.

The explain, expose, and logs commands are kubectl commands but are not useful for gathering information about Kubernetes resources. The explain command provides information for understanding the fields of resources, but doesn’t get information about resources running in the cluster. The expose command creates a service resource.

8.C- Labels are key/value pairs that are attached to objects, such as pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but which do not directly imply semantics to the core system. Labels can be used to organize and to select subsets of objects. Labels can be attached to objects at creation time and subsequently added and modified at any time. Each object can have a set of key/value labels defined. Each Key must be unique for a given object.

Learn more: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/, opens in a new tab

9.A- Containers within a pod share an IP address and port space, and can find each other via the localhost. They can also communicate with each other using standard inter-process communications like SystemV semaphores or POSIX shared memory. Containers in different pods have distinct IP addresses and cannot communicate by IPC.

10.B- Container level security context settings are applied to the specific container and override settings made at the pod level where there is overlap. Container level settings however do not affect the pod’s volumes.

Learn more: https://kubernetes.io/docs/concepts/policy/security-context/, opens in a new tab

11.C- What to do when a pod is crashing or otherwise unhealthy?

First, take a look at the logs of the current container:

$ kubectl logs ${POD_NAME} ${CONTAINER_NAME}

If your container has previously crashed, you can access the previous container’s crash log with:

$ kubectl logs — previous ${POD_NAME} ${CONTAINER_NAME}

Alternately, you can run commands inside that container with exec:

$ kubectl exec ${POD_NAME} -c ${CONTAINER_NAME} — ${CMD} ${ARG1} ${ARG2} … ${ARGN}

Learn more: https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/, opens in a new tab

12.A- You can use labels to distinguish resources within the same Namespace. However, to avoid unintentionally modifying other teams’ resources, you are better off using Namespaces. Namespaces provide a scope for names. Names of resources need to be unique within a Namespace, but not across Namespaces. This reduces the chance of unitentionally affecting other teams’ resources.

Learn more: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/, opens in a new tab

13.D- Unlike names and UIDs, labels do not provide uniqueness, so in general, we expect many objects to carry the same label(s). The label selector is the core grouping primitive in Kubernetes, and allows the the client/user to identify a set of objects.

14.C- If the process in your container is able to crash on its own whenever it encounters an issue or becomes unhealthy, you do not necessarily need a liveness probe; the kubelet will automatically perform the correct action in accordance with the RestartPolicy when the process crashes.

15.A- A PersistentVolumes accessMode field controls how many nodes can mount it for reading and writing. The supported values are ReadWriteOnce, ReadOnlyMany, and ReadWriteMany.

16.C- Service account bearer tokens are perfectly valid to use outside the cluster and can be used to create identities for long standing jobs that wish to talk to the Kubernetes API. To manually create a service account, simply use the kubectl create serviceaccount (NAME)command. This creates a service account in the current namespace and an associated secret. For example:

$ kubectl create serviceaccount Jenkins

17.A- Running multiple programs in a single (Docker) container is not recommended for the reasons below.

1. Transparency: Making the containers within the pod visible to the infrastructure enables the infrastructure to provide services to those containers, such as process management and resource monitoring. This facilitates a number of conveniences for users.

2. Decoupling software dependencies: The individual containers may be versioned, rebuilt and redeployed independently. Kubernetes may even support live updates of individual containers someday.

3. Ease of use: Users don’t need to run their own process managers, worry about signal and exit-code propagation, etc.

4. Efficiency: Because the infrastructure takes on more responsibility, containers can be lighter weight.

18.C- Set-based label requirements allow filtering keys according to a set of values. Three kinds of operators are supported: in,notin and exists (only the key identifier). The comma separator acts as an AND operator. So filtering resources with a partition key (no matter the value) and with environment different than qa can be achieved using partition,environment notin (qa). The set-based label selector is a general form of equality since environment=production is equivalent to environment in (production); similarly for != and notin

https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/, opens in a new tab

19.D- All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users.

In contrast, service accounts are users managed by the Kubernetes API. They are bound to specific namespaces, and created automatically by the API server or manually through API calls. Service accounts are tied to a set of credentials stored as Secrets, which are mounted into pods that allow cluster processes to talk to the Kubernetes API.

Also, check out the certified Kubernetes administrator(CKA) practice exam.

--

--

karaniph

I’m your go-to cloud guru for all things AWS GCP. I turn cloud conundrums into clear insights proving that navigating the cloud can be as breezy as a sunny day