Text preview & study summary
Kubernetes CKAD - Certified Kubernetes Application Developer - Application Design Workloads Config Observability
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A developer needs to run a DaemonSet that deploys a log collection agent on every node, including control plane nodes. By default, the DaemonSet pods are NOT being scheduled on control plane nodes. What is the cause and solution?
Explanation
Control plane nodes typically have the taint `node-role.kubernetes.io/control-plane:NoSchedule` (and/or `node-role.kubernetes.io/master:NoSchedule` in older versions). This prevents regular pods from being scheduled there. To deploy DaemonSet pods on control plane nodes, add a toleration in the pod spec:
```yaml
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
```
DaemonSets fully support control plane nodes once the toleration is added.
Question 2
An application needs to gracefully handle shutdown signals. When a pod is deleted, Kubernetes sends `SIGTERM` to the container. The application needs 20 seconds to finish processing in-flight requests before terminating. How should this be configured?
Explanation
`terminationGracePeriodSeconds` (default: 30 seconds) defines how long Kubernetes waits after sending SIGTERM before force-killing with SIGKILL. Setting it to 20 gives the application 20 seconds to complete graceful shutdown. Option B (preStop hook sleep) is actually a valid complementary technique to ensure the pod is removed from service endpoints before shutdown, but the application itself needs to handle SIGTERM. `activeDeadlineSeconds` limits total pod running time, not shutdown time.
Question 3
A developer needs to run a data processing job that downloads a file, processes it, and exits. The job must retry up to 4 times if it fails. Which Kubernetes resource and configuration is correct?
Explanation
A Kubernetes Job with `backoffLimit: 4` allows up to 4 retries before marking the job as failed. The `restartPolicy: OnFailure` or `Never` is required for Jobs (not `Always`, which is used for Deployments). This is the correct pattern for batch/one-off processing tasks.
Question 4
A developer needs to ensure a specific container in a pod runs as a non-root user (UID 1000) and cannot escalate privileges. Which security configuration is correct?
```yaml
containers:
- name: app
image: myapp:v1
securityContext:
???
```
Explanation
The correct container-level `securityContext` fields are `runAsUser: 1000` (sets the UID) and `allowPrivilegeEscalation: false` (prevents the process from gaining more privileges than its parent). Option D is incorrect — `runAsNonRoot: true` verifies that the container does not run as UID 0, but does NOT set a specific UID. The image must already have a non-root USER defined. Options B and C use non-existent field names.
Question 5
You need to build a multi-container pod where an init container downloads configuration files before the main application container starts. The init container should run `wget -O /config/app.conf http://config-server/app.conf`. Which pod spec structure is correct?
Explanation
Init containers are defined under `spec.initContainers[]` and run to completion before any containers in `spec.containers[]` start. Sharing an `emptyDir` volume between the init container (writing to `/config`) and the main container (reading from `/config`) is the standard pattern. There is no `depends_on` in Kubernetes pod specs.
