Linux Fondation

Which one of the following is an open source runtime security tool?. lxd. containerd. falco. gvisor.

Which component of the Kubernetes architecture is responsible for integration with the CRI container runtime?. kubeadm. kubelet. kube-aplserver. kubectl.

What are the advantages of adopting a GitOps approach for your deployments?. Reduce failed deployments, operational costs, and fragile release. Increase manual intervention in deployment workflows. Increase deployment speed and consistency by automating all configuration changes. Provide full auditability and ease of rollback by using Git as the single source of truth.

Which command lists the running containers in the current Kubernetes namespace?. kubectl get pods. kubectl ls. kubectl get containers. kubectl get pods -o wide.

Which of these is a valid container restart policy?. On login. On update. On start. On failure.

Which of the following is a challenge derived from running cloud native applications?. The operational costs of maintaining the data center of the company. The cost optimization is complex to maintain across different public cloud environments. The lack of different container images available in public image repositories. The lack of services provided by the most common public clouds.

What is the correct hierarchy of Kubernetes components?. Containers → Pods → Cluster → Nodes. Nodes → Cluster → Containers → Pods. Cluster → Nodes → Pods → Containers. Pods → Cluster → Containers → Nodes.

Which statement about Secrets is correct?. A Secret is part of a Pod specification. Secrets data is encrypted with the cluster private key by default. Secrets data is base64 encoded and stored unencrypted by default. A Secret can only be used for confidential data.

Which mechanism allows extending the Kubernetes API?. ConfigMap. Custom Resource Definition. MutatingAdmissionWebhookmechamsm. Customize.

Which of the following observability data streams would be most useful when desiring to plot resource consumption and predicted future resource exhaustion?. stdout. Traces. Logs. Metrics.

What can be used to create a job that will run at specified times/dates or on a repeating schedule?. Job. CalenderJob. BatchJob. CronJob.

If kubectl is failing to retrieve information from the cluster, where can you find pod logs to troubleshoot?. /var/log/pods/. ~/.kube/config. /var/log/k8s/. /etc/kubernetes/.

Which component in Kubernetes is responsible to watch newly created Pods with no assigned node, and selects a node for them to run on?. etcd. kube controller-manager. kube proxy. kube scheduler.

Which control plane component is responsible for updating the node Ready condition if a node becomes unreachable?. The kube-oroxy. The node controller. The kubelct. The kube-apiserver.

Which GitOps engine can be used to orchestrate parallel jobs on Kubernetes?. Jenkins X. Flagger. Flux. Argo Workflows.

What is the main purpose of the Open Container Initiative (OCI)?. Accelerating the adoption of containers and Kubernetes in the industry. Creating open industry standards around container formats and runtimes. Creating industry standards around container formats and runtimes for private purposes. Improving the security of standards around container formats and runtimes.

Which of the following options include only mandatory fields to create a Kubernetes object using a YAML file?. apiVersion, template, kind, status. apiVersion, metadata, status, spec. apiVersion, template, kind, spec. apiVersion, metadata, kind, spec.

Which of the following is the name of a container orchestration software?. OpenStack. Docker. Apache Mesos. CRI-O.

What happens with a regular pod running in Kubernetes when a node fails?. A new pod with the same UID is scheduled to another node after a while. A new, near-identical pod but with different UID is scheduled to another node. By default, a pod can only be scheduled to the same node when the node fails. A new pod is scheduled on a different node only if it is configured explicitly.

What is the minimum of etcd members that are required for a highly available Kubernetes cluster?. Two etcd members. Five etcd members. Six etcd members. Three etcd members.

What is the main purpose of the Ingress in Kubernetes?. Access HTTP and HTTPS services running in the cluster based on their IP address. Access services different from HTTP or HTTPS running in the cluster based on their IP address. Access services different from HTTP or HTTPS running in the cluster based on their path. Access HTTP and HTTPS services running in the cluster based on their path.

How can you extend the Kubernetes API?. Adding a CustomResourceDefinition or implementing an aggregation layer. Adding a new version of a resource, for instance v4beta3. With the command kubectl extend api, logged in as an administrator. Adding the desired API object as a kubelet parameter.

What is an ephemeral container?. A specialized container that runs as root for infosec applications. A specialized container that runs temporarily in an existing Pod. A specialized container that extends and enhances the ‘main’ container in a Pod. A specialized container that run before app container in a Pod.

In a cloud native environment, who is usually responsible for maintaining the workloads running across the different platforms?. The cloud provider. The Site Reliability Engineering (SRE) team. The team of developers. The Support Engineering team (SE).

Which Kubernetes-native deployment strategy supports zero-downtime updates of a workload?. Canary. Recreate. BlueGreen. RollingUpdate.

What service account does a Pod use in a given namespace when the service account is not specified?. admin. sysadmin. root. default.

What is a cloud native application?. It is a monolithic application that has been containerized and is running now on the cloud. It is an application designed to be scalable and take advantage of services running on the cloud. It is an application designed to run all its functions in separate containers. It is any application that runs in a cloud provider and uses its services.

What's the most adopted way of conflict resolution and decision-making for the open-source projects under the CNCF umbrella?. Financial Analysis. Discussion and Voting. Flipism Technique. Project Founder Say.

Which of the following options include resources cleaned by the Kubernetes garbage collection mechanism?. Stale or expired CertificateSigningRequests (CSRs) and old deployments. Nodes deleted by a cloud controller manager and obsolete logs from the kubelet. Unused container and container images, and obsolete logs from the kubelet. Terminated pods, completed jobs, and objects without owner references.

What is the default eviction timeout when the Ready condition of a node is Unknown or False?. Thirty seconds. Thirty minutes. One minute. Five minutes.

What is the main purpose of a DaemonSet?. A DaemonSet ensures that all (or certain) nodes run a copy of a Pod. A DaemonSet ensures that the kubelet is constantly up and running. A DaemonSet ensures that there are as many pods running as specified in the replicas field. A DaemonSet ensures that a process (agent) runs on every node.

Why do administrators need a container orchestration tool?. To manage the lifecycle of an elevated number of containers. To assess the security risks of the container images used in production. To learn how to transform monolithic applications into microservices. Container orchestration tools such as Kubernetes are the future.

Which two elements are shared between containers in the same pod?. Network resources and liveness probes. Storage and container image registry. Storage and network resources. Network resources and Dockerfiles.

In Kubernetes, if the API version of feature is v2beta3, it means that: The version will remain available for all future releases within a Kubernetes major version. The API may change in incompatible ways in a later software release without notice. The software is well tested. Enabling a feature is considered safe. The software may contain bugs. Enabling a feature may expose bugs.

What is the API that exposes resource metrics from the metrics-server?. custom.k8s.io. resources.k8s.io. metrics.k8s.io. cadvisor.k8s.io.

Which of the following resources helps in managing a stateless application workload on a Kubernetes cluster?. DaemonSet. StatefulSet. kubectl. Deployment.

Which mechanism can be used to automatically adjust the amount of resources for an application?. Horizontal Pod Autoscaler (HPA). Kubernetes Event-driven Autoscaling (KEDA). Cluster Autoscaler. Vertical Pod Autoscaler (VPA).

Which of the following is a recommended security habit in Kubernetes?. Run the containers as the user with group ID 0 (root) and any user ID. Disallow privilege escalation from within a container as the default option. Run the containers as the user with user ID 0 (root) and any group ID. Allow privilege escalation from within a container as the default option.

What are the 3 pillars of Observability?. Metrics, Logs, and Traces. Metrics, Logs, and Spans. Metrics, Data, and Traces. Resources, Logs, and Tracing.

What edge and service proxy tool is designed to be integrated with cloud native applications?. CoreDNS. CNI. gRPC. Envoy.

What is Flux constructed with?. GitLab Environment Toolkit. GitOps Toolkit. Helm Toolkit. GitHub Actions Toolkit.

In Kubernetes, which abstraction defines a logical set of Pods and a policy by which to access them?. Service Account. NetworkPolicy. Service. Custom Resource Definition.