KCNA: Kubernetes and Cloud Native Associate Practice Exam

What the KCNA exam covers

• Kubernetes Fundamentals60 questions
• Container Orchestration63 questions
• Cloud Native Architecture62 questions
• Cloud Native Observability69 questions
• Cloud Native Application Delivery45 questions

Free KCNA sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 299.

1. Question 1Kubernetes Fundamentals

   What is the smallest deployable unit in Kubernetes?

   • AA PodCorrect
   • BA Deployment
   • CA container
   • DA node
   ✓ Correct answer: A

   A Pod is the smallest deployable unit in Kubernetes, serving as the fundamental abstraction for managing containerized workloads. Even though a Pod can contain one or more containers, Kubernetes cannot manage individual containers directly—you must always work with Pods. The Pod encapsulates containers and defines shared networking, storage, and lifecycle management for those containers.

   Why the other options are wrong

   • BA Deployment is incorrect because Deployments are higher-level controllers that manage Pods and provide features like rolling updates and scaling; they are not the smallest unit.
   • CA container is incorrect because Kubernetes does not manage containers directly—containers are wrapped in Pods.
   • DA node is incorrect because nodes are cluster infrastructure components that run Pods, not deployable units.
2. Question 2Kubernetes Fundamentals

   What is the primary purpose of a Namespace?

   • ATo encrypt pod traffic
   • BTo store container images
   • CTo provide a logical partition for grouping and isolating resources within a clusterCorrect
   • DTo isolate workloads onto separate physical nodes
   ✓ Correct answer: C

   Namespaces are Kubernetes' way of providing multiple virtual clusters within a single physical cluster. They provide logical isolation, allowing you to organize resources, apply resource quotas, and manage access control at the namespace level. Multiple teams or applications can use the same cluster while remaining isolated in separate namespaces.

   Why the other options are wrong

   • ATo encrypt pod traffic is incorrect because encryption is handled by network policies and service mesh technologies, not namespaces.
   • BTo store container images is incorrect because container registries store images, not namespaces.
   • DTo isolate workloads onto separate nodes is incorrect because pod-to-node assignment is handled by node selectors and affinity rules, not namespaces.
3. Question 3Kubernetes Fundamentals

   Which command scales an existing Deployment named 'web' to 5 replicas?

   • Akubectl set replicas deployment web 5
   • Bkubectl scale deployment web --replicas=5Correct
   • Ckubectl scale web --count=5
   • Dkubectl resize deployment/web 5
   ✓ Correct answer: B

   kubectl scale deployment web --replicas=5.

   Why the other options are wrong

   • AThe 'kubectl scale' command is the standard way to change the number of replicas in a Deployment, ReplicaSet, or StatefulSet. The '--replicas=5' flag specifies the desired replica count, and the command immediately updates the resource. 'kubectl set replicas' is incorrect because 'set replicas' is not valid; 'set' is used for environment variables or images.
   • C'kubectl scale web --count=5' is incorrect because 'count' is not a valid flag.
   • D'kubectl resize deployment/web' is incorrect because 'resize' is not a valid kubectl command.
4. Question 4Kubernetes Fundamentals

   A workload needs to remain available during a voluntary node drain for maintenance. Which object best protects a minimum number of running replicas?

   • ALimitRange
   • BNetworkPolicy
   • CResourceQuota
   • DPodDisruptionBudgetCorrect
   ✓ Correct answer: D

   A PodDisruptionBudget (PDB) specifies the minimum number of Pods from an application that must remain available during voluntary disruptions such as node maintenance, drain operations, or cluster scaling. When a node is cordoned and drained, the PDB prevents Kubernetes from terminating more Pods than allowed, ensuring your workload maintains minimum availability. This is the primary mechanism for protecting high-availability applications during maintenance windows.

   Why the other options are wrong

   • ALimitRange is incorrect because it constrains resource requests and limits per pod, not replica availability.
   • BNetworkPolicy is incorrect because it controls network traffic between pods, not disruption resilience.
   • CResourceQuota is incorrect because it limits total namespace resource consumption, not minimum replica availability.
5. Question 5Container Orchestration

   What does a Kubernetes Service primarily provide for a set of pods?

   • AImage scanning
   • BPersistent storage
   • CAutomatic code deployment
   • DA stable network identity (name/virtual IP) and load balancing across the podsCorrect
   ✓ Correct answer: D

   A Kubernetes Service provides two key capabilities: a stable DNS name and ClusterIP (virtual IP) that remain constant even as Pods are created and destroyed, and automatic load balancing of traffic across backend Pods. Services decouple consumers from the underlying Pods, enabling reliable pod-to-pod communication in a dynamic environment.

   Why the other options are wrong

   • AImage scanning is incorrect because it relates to image security, not Service function.
   • BPersistent storage is incorrect because PersistentVolumes provide storage.
   • CAutomatic code deployment is incorrect because deployment is handled by controllers.
6. Question 6Container OrchestrationSelect all that apply

   Which TWO does an orchestrator like Kubernetes provide? (Choose TWO)

   • AWriting your application code
   • BAutomated scaling and rolloutsCorrect
   • CPhysically powering servers
   • DSelf-healing (restarting/rescheduling failed pods)Correct
   ✓ Correct answer: B, D

   Kubernetes orchestrators provide automated management of containerized workloads. Automated scaling includes both horizontal pod autoscaling (HPA) that adjusts replica counts based on metrics and vertical pod autoscaling (VPA) that adjusts resource requests. Self-healing ensures that failed Pods are restarted via restartPolicy and failed Deployments are replaced, maintaining desired state.

   Why the other options are wrong

   • AWriting application code is incorrect because that's a developer responsibility.
   • CPhysically powering servers is incorrect because infrastructure operations are outside the orchestrator's scope.
7. Question 7Container Orchestration

   Which field in a pod's container spec sets the minimum CPU/memory guaranteed to the container?

   • Aresources.guaranteed
   • Bresources.limits
   • Cresources.requestsCorrect
   • Dresources.minimum
   ✓ Correct answer: C

   The 'resources.requests' field in a container spec defines the minimum CPU and memory that the scheduler guarantees will be available to the container. This is what the scheduler uses to make placement decisions and reserve capacity on nodes.

   Why the other options are wrong

   • Aresources.guaranteed is incorrect because there is no 'guaranteed' field.
   • Bresources.limits is incorrect because limits define the maximum, not the minimum.
   • Dresources.minimum is incorrect because the field is called 'requests', not 'minimum'.
8. Question 8Container Orchestration

   You scale a StatefulSet named db from 3 to 1 replica. Which pods are removed and in what order?

   • Adb-2 then db-1 are terminated in reverse-ordinal order, leaving db-0Correct
   • BAll pods are deleted and one new pod is created
   • Cdb-0 and db-1 are removed first, leaving db-2
   • DPods are removed in random order
   ✓ Correct answer: A

   When scaling down a StatefulSet, Pods are terminated in reverse ordinal order. Scaling from 3 to 1 replica means db-2 and db-1 are terminated (in that order), leaving db-0 running. This ordered termination is important for stateful workloads to maintain consistency.

   Why the other options are wrong

   • BAll pods are deleted is incorrect because only excess replicas are removed.
   • Cdb-0 and db-1 are removed first is incorrect because termination is in reverse order.
   • DPods are removed in random order is incorrect because StatefulSets maintain ordered termination.
9. Question 9Cloud Native Architecture

   What does the Open Container Initiative (OCI) standardize?

   • ADNS resolution
   • BContainer image and runtime specifications (so images are portable across tools)Correct
   • CCloud billing
   • DKubernetes RBAC
   ✓ Correct answer: B

   The Open Container Initiative (OCI) standardizes container image format (OCI Image Spec) and runtime behavior (OCI Runtime Spec), ensuring that containers built with any tool (Docker, Podman, etc.) can run on any OCI-compliant runtime.

   Why the other options are wrong

   • ADNS resolution is incorrect because OCI doesn't standardize DNS.
   • CCloud billing is incorrect because OCI doesn't handle billing.
   • DKubernetes RBAC is incorrect because RBAC is specific to Kubernetes.
10. Question 10Cloud Native ArchitectureSelect all that apply

    Which TWO are benefits of a microservices architecture? (Choose TWO)

    • AIndependent scaling of servicesCorrect
    • BIndependent deployment of servicesCorrect
    • CNo need for networking
    • DA single shared binary for everything
    ✓ Correct answer: A, B

    Microservices architecture allows each service to scale independently based on its own demand, and each service can be deployed independently without affecting others. This enables agility, resource efficiency, and reduces deployment risk.

    Why the other options are wrong

    • CNo need for networking is incorrect because microservices require communication.
    • DA single shared binary is incorrect because microservices are independent binaries.

KCNA practice exam FAQ