[May-2026] Updated Cloud and Containers CNPA Exam Questions BUNDLE PACK
Master The Linux Foundation Content CNPA EXAM DUMPS WITH GUARANTEED SUCCESS!
Linux Foundation CNPA Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 49
A team wants to deploy a new feature to production for internal users only and be able to instantly disable it if problems occur, without redeploying code. Which strategy is most suitable?
- A. Deploy the feature to all users and prepare to roll it back manually if an issue is detected.
- B. Use feature flags to release the feature to selected users and control its availability through settings.
- C. Use a canary deployment to gradually expose the feature to a small group of random users.
- D. Use a blue/green deployment to direct internal users to one version and switch as needed.
Answer: B
Explanation:
Feature flags are the most effective way to control feature exposure to specific users, such as internal testers, while enabling fast rollback without redeployment. Option B is correct because feature flags allow teams to decouple deployment from release, giving precise runtime control over feature availability. This means that once the code is deployed, the team can toggle the feature on or off for different cohorts (e.g., internal users) dynamically.
Option A (blue/green deployment) controls traffic between two environments but does not provide user-level granularity. Option C (canary deployments) gradually expose changes but focus on random subsets of users rather than targeted groups such as internal employees. Option D requires redeployment or rollback, which introduces risk and slows down incident response.
Feature flags are widely recognized in platform engineering as a core continuous delivery practice that improves safety, accelerates experimentation, and enhances resilience by enabling immediate mitigation of issues.
References:- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide- Continuous Delivery Foundation Guidance
NEW QUESTION # 50
A developer is struggling to access the necessary services on a cloud native platform due to complex Kubernetes configurations. What approach can best simplify their access to platform capabilities?
- A. Limit user access to only a few services.
- B. Implement a web portal that abstracts the Kubernetes complexities.
- C. Provide detailed documentation on Kubernetes configurations.
- D. Increase the number of required configurations to enhance security.
Answer: B
Explanation:
One of the primary objectives of internal developer platforms (IDPs) is to improve developer experience by reducing cognitive load. Complex Kubernetes configurations often overwhelm developers who simply want to consume services and deploy code without worrying about infrastructure intricacies.
Option B is correct because implementing a self-service web portal (or developer portal) abstracts away Kubernetes complexities, providing developers with easy access to platform services through standardized workflows, templates, and golden paths. This aligns with platform engineering principles: empowering developers with self-service capabilities while maintaining governance, security, and compliance.
Option A increases burden unnecessarily and negatively impacts productivity. Option C limits access to services, reducing flexibility and developer autonomy, which goes against the core goal of IDPs. Option D, while helpful for education, does not remove complexity-it only shifts the responsibility back to the developer. By leveraging portals, APIs, and automation, platform teams allow developers to focus on building business value instead of managing infrastructure details.
References:- CNCF Platforms Whitepaper- Team Topologies and Platform Engineering Practices- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 51
Which provisioning strategy ensures efficient resource scaling for an application on Kubernetes?
- A. Using an imperative approach to script resource changes in response to traffic spikes.
- B. Manual provisioning of resources based on predicted traffic.
- C. Implementing a fixed resource allocation that does not change regardless of demand.
- D. Using a declarative approach with Infrastructure as Code (IaC) tools to define resource requirements.
Answer: D
Explanation:
The most efficient and scalable strategy is to use a declarative approach with Infrastructure as Code (IaC)
. Option B is correct because declarative definitions specify the desired state (e.g., resource requests, limits, autoscaling policies) in code, allowing Kubernetes controllers and autoscalers to reconcile and enforce them dynamically. This ensures that applications can scale efficiently based on actual demand.
Option A (fixed allocation) is inefficient, leading to wasted resources during low usage or insufficient capacity during high demand. Option C (manual provisioning) introduces delays, risk of error, and operational overhead. Option D (imperative scripting) is not sustainable for large-scale or dynamic workloads, as it requires constant manual intervention.
Declarative IaC aligns with GitOps workflows, enabling automated, version-controlled scaling decisions.
Combined with Kubernetes' Horizontal Pod Autoscaler (HPA) and Cluster Autoscaler, this approach allows platforms to balance cost efficiency with application reliability.
References:- CNCF GitOps Principles- Kubernetes Autoscaling Documentation- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 52
In a GitOps approach, how should the desired state of a system be managed and integrated?
- A. As custom Kubernetes resources, stored and applied directly to the system.
- B. By storing it so it is versioned and immutable, and pulled automatically into the system.
- C. By storing it in Git, and manually pushing updates through CI/CD pipelines.
- D. By using a centralized management tool to push changes immediately to all environments.
Answer: B
Explanation:
The GitOps model is built on the principle that the desired state of infrastructure and applications must be stored in Git as the single source of truth. Option D is correct because Git provides versioning, immutability, and auditability, while reconciliation controllers (e.g., Argo CD or Flux) pull the desired state into the system continuously. This ensures that actual cluster state always matches the declared Git state.
Option A is partially correct but fails because GitOps eliminates manual push workflows-automation ensures changes are pulled and reconciled. Option B describes Kubernetes CRDs, which may be part of the system but do not embody GitOps on their own. Option C contradicts GitOps principles, which rely on pull- based reconciliation, not centralized push.
Storing desired state in Git provides full traceability, automated rollbacks, and continuous reconciliation, improving reliability and compliance. This makes GitOps a core practice for cloud native platform engineering.
References:- CNCF GitOps Principles- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 53
Which of the following would be considered an advantage of using abstract APIs when offering cloud service provisioning and management as platform services?
- A. Development teams can arbitrarily deploy cloud services via abstractions.
- B. Abstractions allow customization of cloud services and resources without guardrails.
- C. Abstractions curate cloud services with built-in guardrails for development teams.
- D. Abstractions enforce explicit platform team approval before any cloud resource is deployed.
Answer: C
Explanation:
Abstract APIs are an essential component of platform engineering, providing a simplified interface for developers to consume infrastructure and cloud services without deep knowledge of provider-specific details.
Option B is correct because abstractions allow platform teams to curate services with built-in guardrails, ensuring compliance, security, and operational standards are enforced automatically. Developers get the benefit of self-service and flexibility while the platform team ensures governance.
Option A would slow down the process, defeating the purpose of abstraction. Option C removes guardrails, which risks security and compliance violations. Option D allows uncontrolled deployments, which can create chaos and undermine platform governance.
Abstract APIs strike the balance between developer experience and organizational control. They provide golden paths and opinionated defaults while maintaining the flexibility needed for developer productivity.
This approach ensures efficient service provisioning at scale with reduced cognitive load on developers.
References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 54
Which metric measures a cloud native platform's impact on developer productivity and deployment speed?
- A. Evaluate total security vulnerabilities detected during platform usage.
- B. Monitor overall cloud infrastructure cost and resource consumption.
- C. Track average time from code commits to successful production deployment.
- D. Measure total cloud resource utilization across all development teams.
Answer: C
Explanation:
The Lead Time for Changes metric, one of the DORA (DevOps Research and Assessment) metrics, directly measures the impact of a platform on developer productivity and deployment speed. Option B is correct because it reflects the average time taken from when code is committed until it is successfully deployed into production. A shorter lead time indicates that the platform enables faster feedback loops, quicker delivery of features, and overall improved developer experience.
Option A (infrastructure cost) and Option D (resource utilization) are important for operations but do not measure productivity or speed. Option C (security vulnerabilities) relates to platform security posture, not productivity.
By tracking lead time, organizations can evaluate how effective their platform is in enabling self-service, automation, and streamlined CI/CD workflows. Improvements in this metric demonstrate that the platform is successfully reducing friction for developers and accelerating value delivery to end users.
References:- CNCF Platforms Whitepaper- State of DevOps Report (DORA Metrics)- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 55
In a Continuous Integration (CI) pipeline, what is a key benefit of using automated builds?
- A. Ensures consistent builds.
- B. Minimizes server costs.
- C. Reduces code redundancy.
- D. Eliminates coding errors.
Answer: A
Explanation:
The key benefit of automated builds in a CI pipeline is ensuring consistent and reproducible builds. Option C is correct because automation eliminates the variability introduced by manual processes, guaranteeing that each build follows the same steps, uses the same dependencies, and produces artifacts that are predictable and testable.
Option A (minimizing server costs) may be a side effect but is not the primary advantage. Option B (eliminates coding errors) is inaccurate-automated builds do not prevent developers from writing faulty code; instead, they surface errors earlier. Option D (reduces code redundancy) relates more to code design than CI pipelines.
Automated builds are fundamental to DevOps and platform engineering because they establish reliability in the software supply chain, integrate seamlessly with automated testing, and enable continuous delivery. This practice ensures that code changes are validated quickly, improving developer productivity and reducing integration risks.
References:- CNCF Platforms Whitepaper- Continuous Delivery Foundation Best Practices- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 56
In designing a cloud native platform, which architectural feature is essential for allowing the integration of new capabilities like self-service delivery and observability without specialist intervention?
- A. Static architecture with rigid components.
- B. Centralized integration through specialist API gateways.
- C. Extensible architecture with modular components.
- D. Monolithic architecture with no APIs.
Answer: C
Explanation:
An extensible architecture with modular components is crucial for modern platform engineering. Option C is correct because modularity allows new capabilities (e.g., self-service delivery, observability, or security features) to be added or replaced without disrupting the whole system. This approach promotes agility, scalability, and maintainability.
Option A (monolithic architecture) restricts flexibility and slows innovation. Option B (centralized API gateways) may help integration but still creates bottlenecks if every addition requires specialist intervention.
Option D (static architecture) locks the platform into rigid patterns, preventing adaptation to evolving needs.
Extensible, modular design is a hallmark of cloud native platforms. It enables composability, where services (like service mesh, logging, monitoring, or provisioning APIs) can be plugged in as needed. This architecture supports golden paths and self-service abstractions, reducing developer friction while keeping governance intact.
References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 57
Which Kubernetes feature allows you to control how Pods communicate with each other and external services?
- A. Role-based access control (RBAC)
- B. Security Context
- C. Pod Security Standards
- D. Network Policies
Answer: D
Explanation:
Kubernetes Network Policies are the feature that controls how Pods communicate with each other and external services. Option B is correct because Network Policies define rules for ingress (incoming) and egress (outgoing) traffic at the Pod level, ensuring fine-grained control over communication pathways within the cluster.
Option A (Pod Security Standards) defines policies around Pod security contexts (e.g., privilege escalation, root access) but does not control network traffic. Option C (Security Context) is specific to Pod or container- level permissions, not networking. Option D (RBAC) governs access to Kubernetes API resources, not Pod-to- Pod traffic.
Network Policies are essential for implementing a zero-trust model in Kubernetes, ensuring that only authorized services communicate. This enhances both security and compliance, especially in multi-tenant clusters.
References:- CNCF Kubernetes Security Best Practices- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 58
Which component is essential for ensuring the repeatability and consistency of builds in a Continuous Integration pipeline?
- A. Immutable artifacts with unique identifiers that are generated once and promoted across environments.
- B. Real-time notification systems that alert developers immediately when builds fail in any environment.
- C. Customizable dashboards that visualize pipeline metrics and performance for different stakeholders.
- D. Dynamic resource allocation that automatically scales infrastructure based on pipeline workload.
Answer: A
Explanation:
To achieve repeatability and consistency, CI pipelines must produce immutable artifacts that are uniquely identifiable and reproducible. Option D is correct because immutable artifacts (such as container images tagged with digests or versioned binaries) ensure that the same build artifact can be promoted across environments (dev, staging, production) without modification. This eliminates discrepancies caused by rebuilding code in different environments.
Option A (notifications) improves feedback but does not guarantee consistency. Option B (dynamic scaling) optimizes resource usage but does not address build reproducibility. Option C (dashboards) aid in visibility but are not critical to ensuring consistent outputs.
Immutable artifacts are essential for compliance, traceability, and reliability. They ensure that what has been tested is exactly what gets deployed, which is central to continuous delivery and GitOps practices.
References:- CNCF Platforms Whitepaper- CNCF Supply Chain Security Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 59
A platform engineering team is building an Internal Developer Platform (IDP). Which of the following enables application teams to manage infrastructure resources independently, without requiring direct platform team support?
- A. A comprehensive platform knowledge center.
- B. Manual infrastructure deployment services.
- C. Centralized logging and monitoring interfaces.
- D. Self-service resource provisioning APIs.
Answer: D
Explanation:
The defining capability of an IDP is enabling self-service so developers can independently access infrastructure and platform resources. Option D is correct because self-service resource provisioning APIs allow developers to provision resources such as namespaces, databases, or environments without relying on manual intervention from the platform team. These APIs embed governance, compliance, and organizational guardrails while giving autonomy to development teams.
Option A (manual deployment services) defeats the purpose of self-service. Option B (knowledge centers) improve documentation but do not provide automation. Option C (logging/monitoring interfaces) are observability tools, not resource provisioning mechanisms.
Self-service APIs empower developers, reduce cognitive load, and minimize bottlenecks. They also align with the platform engineering principle of "treating the platform as a product," where developers are customers, and the platform offers curated golden paths to simplify consumption of infrastructure and services.
References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 60
In a cloud native environment, which approach is effective for managing resources to ensure a balance between defined states and dynamic adjustments?
- A. Declarative Resource Management
- B. Static Resource Allocation
- C. Imperative Resource Management
- D. Manual Resource Tracking
Answer: A
Explanation:
Declarative resource management is a core principle in Kubernetes and cloud native platforms. Option C is correct because declarative systems define the desired state of resources (e.g., YAML manifests for Deployments, Services, or ConfigMaps), and controllers reconcile the actual state to match the desired state.
This provides consistency, automation, and resilience, while also allowing dynamic adjustments like scaling.
Option A (imperative management) requires step-by-step commands, which are error-prone and not scalable.
Option B (manual tracking) adds overhead and risk of drift. Option D (static allocation) wastes resources and does not adapt to changing workloads.
Declarative management enables GitOps workflows, automated scaling, and consistent application of policies.
This approach aligns with platform engineering principles by combining automation with governance, enabling efficiency and reliability at scale.
References:- CNCF GitOps Principles- Kubernetes Design Principles- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 61
What does the latest tag usually represent in a container image registry?
- A. A signed image that has passed all security validations.
- B. The only image tag that can be deployed to production systems.
- C. A system-generated version number based on Git history.
- D. The most recently built image unless otherwise specified.
Answer: D
Explanation:
In most container registries, the latest tag is simply an alias pointing to whichever image was most recently built and pushed, unless explicitly overridden. Option A is correct because the latest tag does not carry any semantic guarantee beyond being the most recently tagged version.
Option B is incorrect-latest does not imply security validation or attestation. Option C is false because production systems should not rely on latest; instead, immutable, versioned tags or digests should be used for reproducibility. Option D is misleading, as latest is not tied to Git history but rather to tag assignment during the build/push process.
While convenient for testing or local development, relying on latest in production pipelines is discouraged.
Platform engineering best practices emphasize explicit versioning and image immutability to ensure consistency, reproducibility, and traceability. Using signed images with SBOM attestation is recommended for security and compliance, while latest should only be used in controlled, non-production workflows.
References:- CNCF Supply Chain Security Whitepaper- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 62
Which CI/CD tool is specifically designed as a continuous delivery platform for Kubernetes that follows GitOps principles?
- A. TravisCI
- B. CircleCI
- C. Jenkins
- D. Argo CD
Answer: D
Explanation:
Argo CD is a GitOps-native continuous delivery tool specifically designed for Kubernetes. Option B is correct because Argo CD continuously monitors Git repositories for desired application state and reconciles Kubernetes clusters accordingly. It is declarative, Kubernetes-native, and aligned with GitOps principles, making it a key tool in platform engineering.
Option A (TravisCI) and Option C (CircleCI) are CI/CD systems but not Kubernetes-native or GitOps-driven.
Option D (Jenkins) is a widely used CI/CD tool but operates primarily in a push-based model unless extended with plugins, and is not purpose-built for GitOps.
Argo CD provides automated deployments, drift detection, rollback, and auditability-features central to GitOps workflows. It simplifies multi-cluster management, enforces compliance, and reduces manual intervention, making it a leading choice in Kubernetes-based platform engineering.
References:- CNCF GitOps Principles- Argo CD CNCF Project Documentation- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 63
As a Cloud Native Platform Associate, which of the following is the best example of a self-service use case that should be implemented within a cloud platform?
- A. An automated resource provisioning system to spin up environments on demand.
- B. A manual request process for acquiring additional storage resources.
- C. An internal wiki for documenting best practices in cloud usage.
- D. A centralized dashboard for monitoring application performance.
Answer: A
Explanation:
Self-service capabilities are a cornerstone of platform engineering, enabling developers to move quickly while reducing dependency on platform teams. Option C is correct because an automated resource provisioning system allows developers to spin up sandbox or test environments on demand, supporting experimentation and rapid iteration. This aligns with the principle of treating platforms as products, focusing on developer experience and productivity.
Option A (manual request process) creates bottlenecks and is the opposite of self-service. Option B (documentation) is helpful but does not enable automation or self-service. Option D (centralized monitoring) improves observability but is not a self-service capability by itself.
By implementing automated provisioning, developers gain autonomy while platform teams maintain governance through abstractions, golden paths, and policy enforcement. This fosters agility, consistency, and scalability, improving both developer experience and organizational efficiency.
References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 64
Which of the following observability pillars provides detailed information about the path a request takes through different services in a distributed system?
- A. Traces
- B. Metrics
- C. Logs
- D. Events
Answer: A
Explanation:
Traces provide end-to-end visibility into how a request flows through multiple services in a distributed system. Option A is correct because tracing captures spans (individual service operations) and stitches them together to form a complete picture of request execution, including latency, bottlenecks, and dependencies.
Option B (logs) provide detailed event records but lack contextual linkage across services. Option C (events) are discrete system occurrences, not correlated request flows. Option D (metrics) provide aggregated numerical data like latency or throughput but cannot show request-level detail across distributed systems.
Tracing is especially critical in microservices architectures where a single request may traverse dozens of services. Tools like OpenTelemetry, Jaeger, and Zipkin are commonly used to implement distributed tracing, which is essential for debugging, performance optimization, and improving reliability.
References:- CNCF Observability Whitepaper- OpenTelemetry CNCF Project Documentation- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 65
A Cloud Native Platform Engineer is tasked with improving the integration between teams through effective API management. Which aspect of API-driven initiatives is most crucial for fostering collaboration in platform engineering?
- A. APIs should be tightly coupled to specific teams to enforce accountability.
- B. APIs should be released without versioning to simplify maintenance.
- C. APIs should be designed to be as complex as possible to accommodate all potential use cases.
- D. APIs must be documented properly to ensure all teams understand how to use them.
Answer: D
Explanation:
Proper documentation is critical for fostering collaboration through APIs. Option A is correct because well- documented APIs ensure that all teams-platform engineers, developers, and operations-understand how to consume and integrate services effectively. Clear documentation reduces friction, accelerates adoption, and minimizes support overhead.
Option B (no versioning) is poor practice, as versioning ensures backward compatibility and safe upgrades.
Option C (tight coupling) restricts collaboration and creates silos, which goes against platform engineering principles. Option D (complex design) reduces usability and increases cognitive load, the opposite of platform goals.
APIs serve as the contracts between teams and systems. In platform engineering, well-documented, versioned, and abstracted APIs provide a consistent and predictable way to interact with platform services, improving collaboration and developer experience.
References:- CNCF Platforms Whitepaper- Team Topologies Guidance- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 66
A platform engineering team needs to provide comprehensive cost visibility for Kubernetes workloads to optimize infrastructure utilization. Which tool is recommended to achieve this goal?
- A. Cloud provider cost estimation tools with basic Kubernetes integration.
- B. Application performance monitoring tools with limited resource cost tracking.
- C. Kubernetes resource usage metrics paired with cloud provider billing data.
- D. OpenCost for real-time, granular Kubernetes cost allocation and analysis.
Answer: D
Explanation:
OpenCost is the CNCF-supported open-source project designed specifically for Kubernetes cost visibility and optimization. Option B is correct because OpenCost provides granular, real-time allocation of Kubernetes costs across namespaces, workloads, and teams. This allows organizations to understand true cost drivers and optimize resource utilization effectively.
Option A (APM tools) may track performance but usually lack deep integration with Kubernetes cost allocation. Option C provides partial visibility but requires complex manual correlation of resource usage with billing data. Option D (cloud provider estimators) typically offer limited or high-level insights and do not map costs down to Kubernetes workloads.
By adopting OpenCost, platform teams can align financial accountability with engineering usage, a practice known as FinOps. This supports sustainable scaling, cost efficiency, and transparency-critical aspects of measuring platform success.
References:- CNCF OpenCost Project- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 67
Which IaC approach ensures Kubernetes infrastructure maintains its desired state automatically?
- A. Declarative
- B. Hybrid
- C. Imperative
- D. Manual
Answer: A
Explanation:
The declarative approach to Infrastructure as Code (IaC) is the foundation of Kubernetes and GitOps practices. Option A is correct because declarative IaC defines the desired state of the infrastructure (e.g., Kubernetes YAML manifests) and relies on controllers or reconciliation loops to ensure the actual state matches the declared one. This allows for automation, consistency, and drift correction without manual intervention.
Option B (imperative) requires explicit step-by-step instructions, which are not automatically enforced after execution. Option C (hybrid) can combine both methods but does not guarantee reconciliation. Option D (manual) is error-prone and eliminates the benefits of IaC entirely.
Declarative IaC reduces cognitive load, improves reproducibility, and ensures compliance through automated drift detection and reconciliation, which are essential in platform engineering for multi-cluster and multi-team environments.
References:- CNCF GitOps Principles- Kubernetes Declarative Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 68
What is the goal of automating processes in platform teams?
- A. Ensuring high-quality coding standards.
- B. Reducing time spent on repetitive tasks.
- C. Focusing on manual processes.
- D. Increasing the number of tasks completed.
Answer: B
Explanation:
Comprehensive and Detailed Explanation at least 150 to 200 words:
In platform engineering, automation's primary goal is to eliminate manual, repetitive toil by codifying repeatable workflows and guardrails so teams can focus on higher-value work. Authoritative Cloud Native Platform Engineering guidance emphasizes that platforms should provide consistent, reliable, and secure self- service capabilities-achieved by automating provisioning, configuration, policy enforcement, and delivery pipelines. This directly reduces cognitive load and handoffs, shortens lead time for changes, decreases error rates, and improves overall reliability. While automation often improves code quality indirectly (e.g., through automated testing, linting, and policy-as-code), the central, explicitly stated aim is to remove repetitive manual work and standardize operations, not to simply "do more tasks" or prioritize manual intervention.
Therefore, option A most accurately captures the intent. Options B and C misframe the objective: platform engineering seeks fewer manual steps and better outcomes, not just higher task counts. Option D is a beneficial consequence but not the core purpose. By systematizing common paths ("golden paths") and embedding security and compliance controls into automated workflows, platforms deliver predictable, compliant environments at scale while freeing engineers to focus on product value.
References:- CNCF Platforms Whitepaper (Platform Engineering)- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 69
Development teams frequently raise support tickets for short-term access to staging clusters, creating a growing burden on the platform team. What's the best long-term solution to balance control, efficiency, and developer experience?
- A. Provide pre-approved kubeconfigs to trusted developers so they can access staging clusters without platform intervention.
- B. Set up scheduled access windows and batch all requests into specific time slots managed by the platform team.
- C. Use GitOps to manage RBAC roles and allow teams to request access via pull requests with automatic approval for non-sensitive environments.
- D. Dedicate one Cloud Native Platform Engineer to triage and fulfill all access requests to maintain fast turnaround times.
Answer: C
Explanation:
The most sustainable solution for managing developer access while balancing governance and self-service is to adopt GitOps-based RBAC management. Option A is correct because it leverages Git as the source of truth for access permissions, allowing developers to request access through pull requests. For non-sensitive environments such as staging, approvals can be automated, ensuring efficiency while still maintaining auditability. This approach aligns with platform engineering principles of self-service, automation, and compliance.
Option B places the burden entirely on one engineer, which does not scale. Option C introduces bottlenecks, delays, and reduces developer experience. Option D bypasses governance and auditability, potentially creating security risks.
GitOps for RBAC not only improves developer experience but also ensures all changes are versioned, reviewed, and auditable. This model supports compliance while reducing manual intervention from the platform team, thus enhancing efficiency.
References:- CNCF GitOps Principles- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 70
A cloud native application needs to establish secure communication between its microservices. Which mechanism is essential for implementing security in service-to-service communications?
- A. API Gateway
- B. Service Mesh
- C. Load Balancer
- D. mTLS (Mutual TLS)
Answer: D
Explanation:
Mutual TLS (mTLS) is the core mechanism for securing service-to-service communication in cloud native environments. Option B is correct because mTLS provides encryption in transit and mutual authentication, ensuring both the client and server verify each other's identity. This prevents unauthorized access, man-in-the- middle attacks, and data leakage.
Option A (API Gateway) manages ingress traffic from external clients but does not secure internal service-to- service communication. Option C (Service Mesh) is a broader infrastructure layer (e.g., Istio, Linkerd) that implements mTLS, but mTLS itself is the mechanism that enforces secure communications. Option D (Load Balancer) distributes traffic but does not handle encryption or authentication.
mTLS is foundational to zero-trust networking inside Kubernetes clusters. Service meshes typically provide automated certificate management and policy enforcement, ensuring seamless adoption of mTLS without requiring developers to modify application code.
References:- CNCF Service Mesh Whitepaper- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 71
Which approach is effective for scalable Kubernetes infrastructure provisioning?
- A. Static YAML with kubectl apply
- B. Helm charts with the environment values.yaml
- C. Crossplane compositions defining custom CRDs
- D. Imperative scripts using Kubernetes API
Answer: C
Explanation:
The most effective approach for scalable Kubernetes infrastructure provisioning is Crossplane compositions.
Option D is correct because compositions let platform teams define custom CRDs (Composite Resources) that abstract infrastructure details while embedding organizational policies and guardrails. Developers then consume these abstractions through simple Kubernetes-native APIs, enabling self-service at scale.
Option A (Helm with values.yaml) is useful for application deployment but not for scalable infrastructure provisioning across multiple clouds. Option B (imperative scripts) lacks scalability, repeatability, and governance. Option C (static YAML with kubectl apply) is manual and not suited for dynamic, multi-team environments.
Crossplane compositions allow platform teams to curate golden paths while giving developers autonomy. This reduces complexity, ensures compliance, and supports multi-cloud provisioning-all key aspects of platform engineering.
References:- CNCF Crossplane Project Documentation- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 72
A development team is struggling to find and connect to various services within a cloud platform. What is the primary benefit of implementing an API-driven service catalog for this team?
- A. It increases the time taken to provision services.
- B. It allows the team to bypass security protocols.
- C. It enables easier service discovery through a consistent interface.
- D. It requires the development team to manage provisioning details themselves.
Answer: C
Explanation:
An API-driven service catalog provides a centralized and standardized interface where developers can discover and provision platform services. Option A is correct because it simplifies service discovery, allowing teams to connect to databases, messaging systems, and other infrastructure without needing in-depth platform knowledge. This improves productivity and developer experience by reducing cognitive load and ensuring consistent, governed access.
Option B is the opposite of the benefit-catalogs accelerate provisioning. Option C is incorrect because catalogs do not bypass security; they enforce guardrails and compliance. Option D is also incorrect because service catalogs abstract away provisioning details rather than forcing developers to manage them.
By providing golden paths and API-driven self-service, service catalogs ensure developers focus on building applications while platform teams maintain consistency and compliance.
References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
NEW QUESTION # 73
......
Pass Linux Foundation CNPA Exam – Experts Are Here To Help You: https://freetorrent.actual4dumps.com/CNPA-study-material.html