Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Linux Foundation
  3. CNPA

Linux Foundation CNPA Exam (page: 2)
Linux Foundation Certified Cloud Native Platform Engineering Associate
Updated on: 02-Mar-2026

Viewing Page 2 of 12
CNPA PDF 85 Questions

In a Kubernetes environment, which component is responsible for watching the state of resources during the reconciliation process?

  1. Kubernetes Scheduler
  2. Kubernetes Dashboard
  3. Kubernetes API Server
  4. Kubernetes Controller

Answer(s): D

Explanation:

The Kubernetes reconciliation process ensures that the actual cluster state matches the desired state defined in manifests. The Kubernetes Controller (option D) is responsible for watching the state of resources through the API Server and taking action to reconcile differences. For example, the Deployment Controller ensures that the number of Pods matches the replica count specified, while the Node Controller monitors node health.

Option A (Scheduler) is incorrect because the Scheduler's role is to assign Pods to nodes based on constraints and availability, not ongoing reconciliation. Option B (Dashboard) is simply a UI for visualization and does not manage cluster state. Option C (API Server) exposes the Kubernetes API and serves as the communication hub, but it does not perform reconciliation logic itself.

Controllers embody the core Kubernetes design principle: continuous reconciliation between declared state and observed state. This makes them fundamental to declarative infrastructure and aligns with GitOps practices where controllers continuously enforce desired configurations from source control.


Reference:

-- CNCF Kubernetes Documentation

-- CNCF GitOps Principles

-- Cloud Native Platform Engineering Study Guide



To simplify service consumption for development teams on a Kubernetes platform, which approach combines service discovery with an abstraction of underlying infrastructure details?

  1. Manual service dependencies configuration within application code.
  2. Shared service connection strings and network configurations document.
  3. Direct Kubernetes API access with detailed documentation.
  4. Service catalog with abstracted APIs and automated service registration.

Answer(s): D

Explanation:

Simplifying developer access to platform services is a central goal of internal developer platforms (IDPs). Option D is correct because a service catalog with abstracted APIs and automated registration provides a unified interface for developers to consume services without dealing with low-level infrastructure details. This approach combines service discovery with abstraction, offering golden paths and self-service capabilities.

Option A burdens developers with hardcoded dependencies, reducing flexibility and portability. Option B relies on manual documentation, which is error-prone and not dynamic. Option C increases cognitive load by requiring developers to interact directly with Kubernetes APIs, which goes against platform engineering's goal of reducing complexity.

A service catalog enables developers to provision databases, messaging queues, or APIs with minimal input, while the platform automates backend provisioning and wiring. It also improves consistency, compliance, and observability by embedding platform-wide policies into the service provisioning workflows. This results in a seamless developer experience that accelerates delivery while maintaining governance.


Reference:

-- CNCF Platforms Whitepaper

-- CNCF Platform Engineering Maturity Model

-- Cloud Native Platform Engineering Study Guide



A team wants to deploy a new feature to production for internal users only and be able to instantly disable it if problems occur, without redeploying code.
Which strategy is most suitable?

  1. Use a blue/green deployment to direct internal users to one version and switch as needed.
  2. Use feature flags to release the feature to selected users and control its availability through settings.
  3. Use a canary deployment to gradually expose the feature to a small group of random users.
  4. Deploy the feature to all users and prepare to roll it back manually if an issue is detected.

Answer(s): B

Explanation:

Feature flags are the most effective way to control feature exposure to specific users, such as internal testers, while enabling fast rollback without redeployment. Option B is correct because feature flags allow teams to decouple deployment from release, giving precise runtime control over feature availability. This means that once the code is deployed, the team can toggle the feature on or off for different cohorts (e.g., internal users) dynamically.

Option A (blue/green deployment) controls traffic between two environments but does not provide user-level granularity. Option C (canary deployments) gradually expose changes but focus on random subsets of users rather than targeted groups such as internal employees. Option D requires redeployment or rollback, which introduces risk and slows down incident response.

Feature flags are widely recognized in platform engineering as a core continuous delivery practice that improves safety, accelerates experimentation, and enhances resilience by enabling immediate mitigation of issues.


Reference:

-- CNCF Platforms Whitepaper

-- Cloud Native Platform Engineering Study Guide

-- Continuous Delivery Foundation Guidance



In the context of observability, which telemetry signal is primarily used to record events that occur within a system and are timestamped?

  1. Logs
  2. Alerts
  3. Traces
  4. Metrics

Answer(s): A

Explanation:

Logs are detailed, timestamped records of discrete events that occur within a system. They provide granular insight into what has happened, making them crucial for debugging, auditing, and incident investigations. Option A is correct because logs capture both normal and error events, often containing contextual information such as error codes, user IDs, or request payloads.

Option B (alerts) are secondary outputs generated from telemetry signals like logs or metrics and are not raw data themselves. Option C (traces) represent the flow of requests across distributed systems, showing relationships and latency between services but not arbitrary events. Option D (metrics) are numeric aggregates sampled over intervals (e.g., CPU usage, latency), not discrete, timestamped events.

Observability guidance in cloud native systems emphasizes the "three pillars" of telemetry: logs, metrics, and traces. Logs are indispensable for root cause analysis and compliance because they preserve historical event context.


Reference:

-- CNCF Observability Whitepaper

-- OpenTelemetry Documentation (aligned with CNCF)

-- Cloud Native Platform Engineering Study Guide



In assessing the effectiveness of platform engineering initiatives, which DORA metric most directly correlates to the time it takes for code from its initial commit to be deployed into production?

  1. Lead Time for Changes
  2. Deployment Frequency
  3. Mean Time to Recovery
  4. Change Failure Rate

Answer(s): A

Explanation:

Lead Time for Changes is a DORA (DevOps Research and Assessment) metric that measures the time from code commit to successful deployment in production. Option A is correct because it directly reflects how quickly the platform enables developers to turn ideas into delivered software. Shorter lead times indicate an efficient delivery pipeline, streamlined workflows, and effective automation.

Option B (Deployment Frequency) measures how often code is deployed, not how long it takes to reach production. Option C (Mean Time to Recovery) measures operational resilience after failures. Option D (Change Failure Rate) indicates stability by measuring the percentage of deployments causing incidents.
While all DORA metrics are valuable, only Lead Time for Changes measures end- to-end speed of delivery.

In platform engineering, improving lead time often involves automating CI/CD pipelines, implementing GitOps, and reducing manual approvals. It is a core measurement of developer experience and platform efficiency.


Reference:

-- CNCF Platforms Whitepaper

-- Accelerate: State of DevOps Report (DORA Metrics)

-- Cloud Native Platform Engineering Study Guide



In the context of observability for cloud native platforms, which of the following best describes the role of OpenTelemetry?

  1. OpenTelemetry is primarily used for logging data only.
  2. OpenTelemetry is a proprietary solution that limits its use to specific cloud providers.
  3. OpenTelemetry provides a standardized way to collect and transmit observability data.
  4. OpenTelemetry is solely focused on infrastructure monitoring.

Answer(s): C

Explanation:

OpenTelemetry is an open-source CNCF project that provides vendor-neutral, standardized APIs, SDKs, and agents for collecting and exporting observability data such as metrics, logs, and traces. Option C is correct because OpenTelemetry's purpose is to unify how telemetry data is generated, transmitted, and consumed, regardless of which backend (e.g., Prometheus, Jaeger, Elastic, commercial APM tools) is used.

Option A is incorrect because OpenTelemetry supports all three signal types (metrics, logs, traces), not just logs. Option B is incorrect because it is an open, community-driven standard and not tied to a single vendor or cloud provider. Option D is misleading because OpenTelemetry covers distributed applications, services, and infrastructure--far beyond just infrastructure monitoring.

OpenTelemetry reduces vendor lock-in and promotes interoperability, making it a cornerstone of cloud native observability strategies. Platform engineering teams rely on it to ensure consistent data collection, enabling better insights, faster debugging, and improved reliability of cloud native platforms.


Reference:

-- CNCF Observability Whitepaper

-- OpenTelemetry CNCF Project Documentation

-- Cloud Native Platform Engineering Study Guide



A company is implementing a service mesh for secure service-to-service communication in their cloud native environment.
What is the primary benefit of using mutual TLS (mTLS) within this context?

  1. Allows services to authenticate each other and secure data in transit.
  2. Allows services to bypass security checks for better performance.
  3. Enables logging of all service communications for audit purposes.
  4. Simplifies the deployment of microservices by automatically scaling them.

Answer(s): A

Explanation:

Mutual TLS (mTLS) is a core feature of service meshes, such as Istio or Linkerd, that enhances security in cloud native environments by ensuring that both communicating services authenticate each other and that the communication channel is encrypted. Option A is correct because mTLS delivers two critical benefits: authentication (verifying the identity of both client and server services) and encryption (protecting data in transit from interception or tampering).

Option B is incorrect because mTLS does not bypass security--it enforces it. Option C is partly true in that service meshes often support observability and logging, but that is not the primary purpose of mTLS. Option D relates to scaling, which is outside the scope of mTLS.

In platform engineering, mTLS is a fundamental security mechanism that provides zero-trust networking between microservices, ensuring secure communication without requiring application- level changes. It strengthens compliance with security and data protection requirements, which are crucial in regulated industries.


Reference:

-- CNCF Service Mesh Whitepaper

-- CNCF Platforms Whitepaper

-- Cloud Native Platform Engineering Study Guide



What is the primary purpose of using multiple environments (e.g., development, staging, production) in a cloud native platform?

  1. Isolates different stages of application development and deployment
  2. Reduces cloud costs by running applications in different locations.
  3. Increases application performance by distributing traffic.
  4. Ensures all applications use the same infrastructure.

Answer(s): A

Explanation:

The primary reason for implementing multiple environments in cloud native platforms is to isolate the different phases of the software development lifecycle. Option A is correct because environments such as development, staging, and production enable testing and validation at each stage without impacting end users. Development environments allow rapid iteration, staging environments simulate production for integration and performance testing, and production environments serve real users.

Option B (reducing costs) may be a side effect but is not the main purpose. Option C (distributing traffic) relates more to load balancing and high availability, not environment separation. Option D is the opposite of the goal--different environments often require tailored infrastructure to meet their distinct purposes.

Isolation through multiple environments is fundamental to reducing risk, supporting continuous delivery, and ensuring stability. This practice also allows for compliance checks, automated testing, and user acceptance validation before changes reach production.


Reference:

-- CNCF Platforms Whitepaper

-- Team Topologies & Platform Engineering Guidance

-- Cloud Native Platform Engineering Study Guide



Viewing Page 2 of 12



Share your comments for Linux Foundation CNPA exam with other users:

Christopher 9/5/2022 10:54:00 PM

the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.
CANADA


Sam 9/7/2023 6:51:00 AM

question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
UNITED STATES


Tanvi Rajput 8/14/2023 10:55:00 AM

question 13 tda - c01 answer : quick table calculation -> percentage of total , compute using table down
UNITED KINGDOM


PMSAGAR 9/19/2023 2:48:00 AM

pls share teh dump
UNITED STATES


zazza 6/16/2023 10:47:00 AM

question 44 answer is user risk
ITALY


Prasana 6/23/2023 1:59:00 AM

please post the questions for preparation
Anonymous


test user 9/24/2023 3:15:00 AM

thanks for the questions
AUSTRALIA


Draco 7/19/2023 5:34:00 AM

please reopen it now ..its really urgent
UNITED STATES


Megan 4/14/2023 5:08:00 PM

these practice exam questions were exactly what i needed. the variety of questions and the realistic exam-like environment they created helped me assess my strengths and weaknesses. i felt more confident and well-prepared on exam day, and i owe it to this exam dumps!
UNITED KINGDOM


abdo casa 8/9/2023 6:10:00 PM

thank u it very instructuf
Anonymous


Danny 1/15/2024 9:10:00 AM

its helpful?
INDIA


hanaa 10/3/2023 6:57:00 PM

is this dump still valid???
Anonymous


Georgio 1/19/2024 8:15:00 AM

question 205 answer is b
Anonymous


Matthew Dievendorf 5/30/2023 9:37:00 PM

question 39, should be answer b, directions stated is being sudneted from /21 to a /23. a /23 has 512 ips so 510 hosts. and can make 4 subnets out of the /21
Anonymous


Adhithya 8/11/2022 12:27:00 AM

beautiful test engine software and very helpful. questions are same as in the real exam. i passed my paper.
UNITED ARAB EMIRATES


SuckerPumch88 4/25/2022 10:24:00 AM

the questions are exactly the same in real exam. just make sure not to answer all them correct or else they suspect you are cheating.
UNITED STATES


soheib 7/24/2023 7:05:00 PM

question: 78 the right answer i think is d not a
Anonymous


srija 8/14/2023 8:53:00 AM

very helpful
EUROPEAN UNION


Thembelani 5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps
Anonymous


Anita 10/1/2023 4:11:00 PM

can i have the icdl excel exam
Anonymous


Ben 9/9/2023 7:35:00 AM

please upload it
Anonymous


anonymous 9/20/2023 11:27:00 PM

hye when will post again the past year question for this h13-311_v3 part since i have to for my test tommorow…thank you very much
Anonymous


Randall 9/28/2023 8:25:00 PM

on question 22, option b-once per session is also valid.
Anonymous


Tshegofatso 8/28/2023 11:51:00 AM

this website is very helpful
SOUTH AFRICA


philly 9/18/2023 2:40:00 PM

its my first time exam
SOUTH AFRICA


Beexam 9/4/2023 9:06:00 PM

correct answers are device configuration-enable the automatic installation of webview2 runtime. & policy management- prevent users from submitting feedback.
NEW ZEALAND


RAWI 7/9/2023 4:54:00 AM

is this dump still valid? today is 9-july-2023
SWEDEN


Annie 6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful
PAKISTAN


Shubhra Rathi 8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps
Anonymous


Shiji 10/15/2023 1:34:00 PM

very good questions
INDIA


Rita Rony 11/27/2023 1:36:00 PM

nice, first step to exams
Anonymous


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA


Calbert Francis 1/15/2024 8:19:00 PM

great exam for people taking 220-1101
UNITED STATES


Ayushi Baria 11/7/2023 7:44:00 AM

this is very helpfull for me
Anonymous