CKA MCQs
CKA TestPrep CKA Study Guide CKA Practice Test
CKA Exam Questions
killexams.com
Certified Kubernetes Administrator 2025
https://killexams.com/pass4sure/exam-detail/CKA
You need to monitor the health of your Kubernetes cluster continuously. Which tool would you use to set up monitoring and alerts?
Grafana
Prometheus
Fluentd
Calico
Answer: B
Explanation: Prometheus is widely used for monitoring and alerting in Kubernetes environments, collecting metrics and providing a robust query language.
The -------- service provides a way to route external traffic to services within a Kubernetes cluster.
ClusterIP
NodePort
LoadBalancer
Ingress
Answer: D
Explanation: An Ingress resource is used to manage external access to services, typically HTTP, within a Kubernetes cluster.
You need to define a Role that allows a user to create and delete ConfigMaps in the development namespace. What YAML snippet would you use?
apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:name: configmap-editornamespace: developmentrules:apiGroups: ["*"]resources: ["configmaps"]verbs: ["create", "delete"]
apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:name: configmap-editornamespace: developmentrules:apiGroups: [""]resources: ["configmaps"]verbs: ["create", "delete"]
apiVersion: rbac.authorization.k8s.io/v1 kind: Role
metadata:
name: configmap-editor namespace: development rules:
apiGroups: [""]
resources: ["*"]
verbs: ["create", "delete"]
apiVersion: rbac.authorization.k8s.io/v1 kind: Role
metadata:
name: configmap-editor namespace: development rules:
apiGroups: ["configmaps"] resources: ["configmaps"] verbs: ["create", "delete"]
Answer: B
Explanation: This YAML configuration correctly defines a Role that allows creating and deleting ConfigMaps in the development namespace.
You want to ensure that a Pod can only be scheduled on nodes with a specific resource available. What feature should you use?
Resource Limits
Resource Requests
Node Affinity
Node Selector
Answer: B
Explanation: Resource Requests specify the minimum amount of resources required for the Pod, influencing the scheduler to place it on a suitable node.
You are troubleshooting a secret that is not being correctly injected into a pod. What command would you use to check the secret's details?
Both A and B
kubectl describe secret <secret-name>
kubectl logs <pod-name>
kubectl get secret <secret-name> -o yaml
Answer: A
Explanation: Both commands provide detailed information about the secret, helping to diagnose issues with its injection into the pod.
You have a multi-node Kubernetes cluster and need to ensure that all kubelet services are running correctly. What command would you use to check the status of the kubelet service on a node?
kubectl get nodes
systemctl status kubelet
journalctl -u kubelet
kubectl describe node <node-name>
Answer: B
Explanation: The command systemctl status kubelet checks the status of the kubelet service directly on the node, providing insights into whether it is active and any errors that may have occurred.
You are configuring a dynamic provisioning for a storage class. Which parameter would you set to specify the disk type for an AWS EBS volume?
type
volumeType
diskType
storageType
Answer: B
Explanation: The volumeType parameter specifies the type of AWS EBS volume to be provisioned (e.g., gp2, io1).
You want to ensure that your control plane nodes are highly available. Which configuration should you implement?
Deploy a single control plane node with a static IP
Deploy multiple control plane nodes with an etcd cluster
Use an external etcd cluster
Use a single-node etcd instance
Answer: B
Explanation: For high availability, you should deploy multiple control plane nodes along with a
distributed etcd cluster to prevent a single point of failure.
To achieve high availability for the controller manager, you decide to run multiple instances. What must you ensure about the API server in this configuration?
It must be run on a single node only.
It must support leader election among the controller managers.
No changes are needed for the API server.
It must be configured to replicate its state across nodes.
Answer: B
Explanation: When running multiple instances of the controller manager, it is crucial to enable leader election to ensure that only one instance actively manages the cluster at any given time.
You need to ensure that your Kubernetes nodes can be automatically updated with the latest security patches. Which feature should you consider?
Node Auto-Scaling
Cluster Autoscaler
Manual Node Management
Managed Kubernetes Services
Answer: D
Explanation: Managed Kubernetes services often include automated updates for security patches, ensuring nodes are kept up to date without manual intervention.
You need to upgrade a Kubernetes cluster from version 1.20 to 1.22. What is the recommended upgrade path?
Upgrade to 1.21 first, then to 1.22.
Upgrade directly to 1.22.
Upgrade to the latest patch of 1.20, then to 1.22.
Upgrade to 1.19 first, then to 1.21.
Answer: A
Explanation: Kubernetes requires upgrades to be performed sequentially between minor versions. Thus, you must upgrade to 1.21 before proceeding to 1.22.
In a scenario where you need to configure Kubernetes with multiple etcd clusters for disaster recovery,
which of the following configurations would be ideal?
All etcd clusters in the same data center.
etcd clusters running on the same node as the API server.
etcd clusters located in different geographical regions.
A single etcd cluster with read replicas in different zones.
Answer: C
Explanation: Placing etcd clusters in different geographical regions provides redundancy and ensures data availability even if one region faces a failure.
You need to set up a cluster with a specific API server advertising address. What parameter should you use when initializing the cluster with kubeadm?
--advertise-address=<ip>
--apiserver-override=<ip>
--advertise-ip=<ip>
--bind-address=<ip>
Answer: A
Explanation: The --advertise-address parameter specifies the IP address that the kube-apiserver will advertise to the other nodes in the cluster.
You want to ensure that a pod cannot be scheduled on nodes with the label env=production. Which configuration should you use?
nodeSelector: env: production
tolerations:- key: envoperator: Equalvalue: production
taints:
- key: env
value: production effect: NoSchedule
nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: envoperator: NotInvalues:- production
Answer: D
Explanation: Using NotIn in matchExpressions for node affinity prevents the pod from being scheduled on nodes labeled with env=production.
What is the significance of the restartPolicy field in a Pod specification?
It determines how many replicas to run.
It defines the resource limits for the Pod.
It specifies the node on which the Pod should run.
It controls the behavior of the Pod when it fails.
Answer: D
Explanation: The restartPolicy field controls the behavior of the Pod when it fails, determining whether it should be restarted or not.
You are configuring a Kubernetes cluster with kubeadm and need to ensure that the API server can handle high availability. What is the minimum number of API server instances you must deploy?
1
2
3
5
Answer: C
Explanation: To achieve high availability, you should deploy at least three instances of the API server, ensuring quorum can be maintained in etcd.
Which command would you use to view the permissions associated with a specific Role in a namespace?
kubectl describe role <role-name> -n <namespace>
kubectl get role <role-name> -n <namespace>
Both A and C
kubectl auth can-i --list --as <user> -n <namespace>
Answer: C
Explanation: Both commands provide insights into the permissions defined in a Role and how they relate to a specific user.
You suspect a resource leak in your cluster. What command can you use to assess resource usage across all namespaces?
kubectl top pods --all-namespaces
kubectl get all --all-namespaces
kubectl describe nodes
kubectl get resourcequotas --all-namespaces
Answer: A
Explanation: The kubectl top pods --all-namespaces command provides metrics about resource usage for pods, helping to identify potential leaks.
You are investigating a memory leak in a pod. What command would you use to check the resource usage of all containers in that pod?
kubectl get pod <pod-name> -o jsonpath='{.status.containerStatuses[*].usage}'
kubectl top pod <pod-name>
kubectl describe pod <pod-name>
kubectl logs <pod-name>
Answer: B
Explanation: The kubectl top pod command provides real-time metrics on CPU and memory usage for the specified pod's containers.
A pod is expected to communicate with a service that uses a headless configuration. Which command can you use to verify the endpoints of the service named my-headless-service in the default namespace?
kubectl get endpoints my-headless-service -n default
kubectl get service my-headless-service -n default
kubectl describe service my-headless-service -n default
kubectl logs my-headless-service -n default
Answer: A
Explanation: The kubectl get endpoints command retrieves the endpoints associated with the headless service, showing the actual pod IPs that are part of the service.
What command would you use to check the status of etcd in your Kubernetes cluster?
etcdctl endpoint health
kubectl get pods -n kube-system
kubectl logs -n kube-system etcd-<node-name>
Both A and C
Answer: D
Explanation: Both commands provide information about the health and status of the etcd cluster, which is crucial for Kubernetes functionality.
The is responsible for managing the lifecycle of pods and ensuring the desired state is achieved in a Kubernetes cluster.
kubelet
kube-proxy
API server
etcd
Answer: A
Explanation: The kubelet manages the lifecycle of pods on a node and communicates with the API server to report status.
You need to expose a service internally within the cluster using a ClusterIP service. What YAML snippet correctly defines this service for a deployment named my-app?
apiVersion: v1kind: Servicemetadata:name: my-appspec:type: ClusterIPselector:app: my- appports:port: 8080targetPort: 80
apiVersion: v1 kind: Service metadata:
name: my-app spec:
type: NodePort selector:
app: my-app ports:
port: 80
targetPort: 8080
apiVersion: v1
kind: Service metadata: name: my-app spec:
type: LoadBalancer selector:
app: my-app ports:
port: 80
targetPort: 8080
apiVersion: v1kind: Servicemetadata:name: my-appspec:type: ClusterIPselector:app: my- appports:port: 80targetPort: 8080
Answer: D
Explanation: This YAML snippet correctly defines a ClusterIP service that routes traffic from port 80 to the target port 8080 of the pods labeled app=my-app.
Fill in the blank: The component is responsible for ensuring that the state of the cluster matches the desired state defined in the deployment specifications.
Answer: Controller Manager
Explanation: The Controller Manager continuously monitors and adjusts the state of the cluster to match the desired state defined in deployments.
Fill in the blank: To ensure that your etcd cluster can recover from failures, you should regularly back up the etcd data using the command .
Answer: etcdctl snapshot save
Explanation: The etcdctl snapshot save command is used to create backups of the etcd data, which can be restored in case of failures.
Question: 501
A Kubernetes worker node, named wk8s-node-0 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any changes are made permanent.
You can ssh to the failed node using: [[email protected]] $ | ssh Wk8s-node-0
You can assume elevated privileges on the node with the following command: [[email protected]] $ | sudo Ci
Answer: solution
Question: 502
CORRECT TEXT
Create a pod as follows:
Name: non-persistent-redis container Image: redis
Volume with name: cache-control Mount path: /data/redis
The pod should launch in the staging namespace and the volume must not be persistent.
Answer: solution
KILLEXAMS.COM
Killexams.com is a leading online platform specializing in high-quality certification exam preparation. Offering a robust suite of tools, including MCQs, practice tests, and advanced test engines, Killexams.com empowers candidates to excel in their certification exams. Discover the key features that make Killexams.com the go-to choice for exam success.
Killexams.com provides exam questions that are experienced in test centers. These questions are updated regularly to ensure they are up-to-date and relevant to the latest exam syllabus. By studying these questions, candidates can familiarize themselves with the content and format of the real exam.
Killexams.com offers exam MCQs in PDF format. These questions contain a comprehensive
collection of questions and answers that cover the exam topics. By using these MCQs, candidate can enhance their knowledge and improve their chances of success in the certification exam.
Killexams.com provides practice test through their desktop test engine and online test engine. These practice tests simulate the real exam environment and help candidates assess their readiness for the actual exam. The practice test cover a wide range of questions and enable candidates to identify their strengths and weaknesses.
Killexams.com offers a success guarantee with the exam MCQs. Killexams claim that by using this materials, candidates will pass their exams on the first attempt or they will get refund for the purchase price. This guarantee provides assurance and confidence to individuals preparing for certification exam.
Killexams.com regularly updates its question bank of MCQs to ensure that they are current and reflect the latest changes in the exam syllabus. This helps candidates stay up-to-date with the exam content and increases their chances of success.