2023 Correct and Up-to-date Linux Foundation CKA BrainDumps [Q38-Q61]

2023 Correct and Up-to-date Linux Foundation CKA BrainDumps

Current CKA dumps Preparation through Our Practice Test

The Key Subjects for CNCF CKA Certification Exam

The CNCF Certified Kubernetes Administrator exam focuses on the deployment, management, and troubleshooting of applications running on Kubernetes clusters. Competition to get on the shortlists for CNCF Certified Kubernetes Administrator certification is fierce. Control over the major features of Kubernetes is crucial in passing the CNCF Certified Kubernetes Administrator exam. CNCF CKA exam dumps is recommended for candidates who want to find out more. Application of knowledge from the study guide to real life configuration will help candidates pass the CNCF Certified Kubernetes Administrator exam. Aspects of Kubernetes are crucial to passing the CNCF Certified Kubernetes Administrator exam. Product managers are operating the Kubernetes dashboard panel by using the dashboard panel. The format of options of the information displayed on the dashboard panel may change in the future. Months after the CNCF Certified Kubernetes Administrator certification exam has been released, changes will be made to the format of the portions of the dashboard panel that will be important to those who want to pass the exam.

Clients seeking to hire a Kubernetes engineer need to have a solid understanding of vendor offerings in order to secure the best options. Feel confident about your Kubernetes environment before taking the CNCF CKA exam. A perfect understanding of vendor offerings will be a major factor in passing the CNCF Certified Kubernetes Administrator exam. Basic knowledge of Kubernetes configuration for the CNCF CKA exam will help candidates pass the CNCF Certified Kubernetes Administrator exam. Configure Kubernetes to work with external software. Satisfied clients will be in a position to recommend Kubernetes engineers.

How to Register the CNCF CKA Certification Exam

Registration:

Please click “Register” and follow the instructions on-screen to sign up for your preferred exam date and time. To register for the CKA exam, go to CNCF Website.
After registration, you will receive a confirmation email with instructions on how to complete your exam registration.
You will need your examination confirmation within 48 hours of the exam date and time.
CNCF Certification Exams is an online exam. You must take an official CNCF Certification exam to receive a certificate after the examination.

NEW QUESTION 38
Create a Kubernetes secret asfollows:
* Name: super-secret
* password: bob
Create a pod namedpod-secrets-via-file Image, which mounts a secret namedsuper-secretat
/secrets.
Create a second pod namedpod-secrets-via-env Image, which exportspasswordas CONFIDENTIAL

Answer:

Explanation:
See the solution below.
Explanation
solution

NEW QUESTION 39
// Create a configmap
kubectl create configmap redis-config --from-file=/opt/redisconfig
// Verify
kubectl get configmap redis-config -o yaml
// first run this command to save the pod yml
kubectl run redis-pod --image=redis --restart=Always --dry-run
-o yaml > redis-pod.yml
// edit the yml to below file and create
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
env:
- name: MASTER
value: "true"
ports:
- containerPort: 6379
volumeMounts:
- mountPath: /redis-master-data
name: data
- mountPath: /redis-master
name: config
volumes:
- name: data
emptyDir: {}
- name: config
configMap:
name: example-redis-config

A. items:
- key: redis-config
path: redis.conf
cf
// // Verify
K kubectl exec -it redis - cat /redis-master-data/redis.conf
B. items:
- key: redis-config
path: redis.conf
cf
kk kubectl apply -f redis-pod.yml
// // Verify
K kubectl exec -it redis - cat /redis-master-data/redis.conf

Answer: B

NEW QUESTION 40
Get list of all the pods showing name and namespace with a jsonpath expression.

Answer:

Explanation:
kubectl get pods -o=jsonpath="{.items[*]['metadata.name' , 'metadata.namespace']}"

NEW QUESTION 41
Create a secret mysecret with values user=myuser and password=mypassword

A. kubectl create secret generic my-secret --fromliteral=username=user --from-literal=password=mypassword
// Verify
kubectl get secret --all-namespaces
kubectl get secret generic my-secret -o yaml
B. kubectl create secret generic my-secret --fromliteral=username=user --from-literal=password=mypassword
// Verify
kubectl get secret generic my-secret -o yaml

Answer: A

NEW QUESTION 42
View certificate details in /etc/kubernetes/pki

Answer:

Explanation:
// Verify Public Key / Certificate file Openssl x509 -in certificate.crt -noout -text // Verify Private Key Openssl rsa -in "private-key" -check // Verify CSR Openssl req -text -noout -verify

NEW QUESTION 43
Create a deployment as follows:
Name: nginx-random
Exposed via a service nginx-random
Ensure that the service & pod are accessible via their respective DNS records The container(s) within any pod(s) running as a part of this deployment should use the nginx Image Next, use the utility nslookup to look up the DNS records of the service & pod and write the output to
/opt/KUNW00601/service.dns and /opt/KUNW00601/pod.dns respectively.

Answer:

Explanation:
See the solution below.
Explanation
Solution:
F:\Work\Data Entry Work\Data Entry\20200827\CKA\17 C.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\17 D.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\17 E.JPG

NEW QUESTION 44
Create a ETCD backup of kubernetes cluster
Note : You don't need to memorize command, refer -
https://kubernetes.io/docs/tasks/administer-cluster/configureupgrade-etcd/ during exam

A. ETCDCTL_API=3 etcdctl --endpoints=[ENDPOINT] --cacert=[CA CERT]
--cert=[ETCD SERVER CERT] --key=[ETCD SERVER KEY] snapshot save
[BACKUP FILE NAME]
In exam, cluster setup is done with kubeadm , this means ETCD
used by the kubernetes cluster is coming from static pod.
kubectl get pod -n kube-system
kubectl describe pod etcd-master -n kube-system
You can locate the information on
endpoint: - advertise-client-urls=https://172.16.0.18:2379
ca certificate: - trusted-cafile=/etc/kubernetes/pki/etcd/ca.crt
server certificate : - certfile=/etc/kubernetes/pki/etcd/server.crt
key: - key-file=/etc/kubernetes/pki/etcd/server.key
To Create backup
export ETCDCTL_API=3
(or)
ETCDCTL_API=3 etcdctl ETCDCTL_API=3 etcdctl --
endpoints=https://172.17.0.15:2379 --
key=/etc/kubernetes/pki/etcd/server.key snapshot save etcdsnapshot.db
//Verify
ETCDCTL_API=3 etcdctl --write-out=table snapshot status
snapshot.db
B. ETCDCTL_API=3 etcdctl --endpoints=[ENDPOINT] --cacert=[CA CERT]
--cert=[ETCD SERVER CERT] --key=[ETCD SERVER KEY] snapshot save
[BACKUP FILE NAME]
In exam, cluster setup is done with kubeadm , this means ETCD
used by the kubernetes cluster is coming from static pod.
kubectl get pod -n kube-system
kubectl describe pod etcd-master -n kube-system
You can locate the information on
endpoint: - advertise-client-urls=https://172.17.0.15:2379
ca certificate: - trusted-cafile=/etc/kubernetes/pki/etcd/ca.crt
server certificate : - certfile=/etc/kubernetes/pki/etcd/server.crt
key: - key-file=/etc/kubernetes/pki/etcd/server.key
To Create backup
export ETCDCTL_API=3
(or)
ETCDCTL_API=3 etcdctl ETCDCTL_API=3 etcdctl --
endpoints=https://172.17.0.15:2379 --
cacert=/etc/kubernetes/pki/etcd/ca.crt --
cert=/etc/kubernetes/pki/etcd/server.crt --
key=/etc/kubernetes/pki/etcd/server.key snapshot save etcdsnapshot.db
//Verify
ETCDCTL_API=3 etcdctl --write-out=table snapshot status
snapshot.db

Answer: B

NEW QUESTION 45
Delete the pod without any delay (force delete)

Answer:

Explanation:
Kubect1 delete po "POD-NAME" --grace-period=0 --force

NEW QUESTION 46
For this item, you will have to ssh and complete all tasks on these
nodes. Ensure that you return to the base node (hostname: ) when you have completed this item.
Context
As an administrator of a small development team, you have been asked to set up a Kubernetes cluster to test the viability of a new application.
Task
You must use kubeadm to perform this task. Any kubeadm invocations will require the use of the
--ignore-preflight-errors=all option.
Configure the node ik8s-master-O as a master node. .
Join the node ik8s-node-o to the cluster.

Answer:

Explanation:
See the solution below.
Explanation
solution
You must use the kubeadm configuration file located at /etc/kubeadm.conf when initializingyour cluster.
You may use any CNI plugin to complete this task, but if you don't have your favourite CNI plugin's manifest URL at hand, Calico is one popular option:
https://docs.projectcalico.org/v3.14/manifests/calico.yaml
Docker is already installed on both nodes and apt has been configured so that you can install the required tools.

NEW QUESTION 47
Scale the deploymentwebserverto6pods.

Answer:

Explanation:
See the solution below.
Explanation
solution

NEW QUESTION 48
Create an nginx pod and list the pod with different levels of verbosity

A. // create a pod
kubectl run nginx --image=nginx --restart=Never --port=80
// List the pod with different verbosity
kubectl get po nginx --v=7
kubectl get po nginx --v=6
kubectl get po nginx --v=9
B. // create a pod
kubectl run nginx --image=nginx --restart=Never --port=80
// List the pod with different verbosity
kubectl get po nginx --v=7
kubectl get po nginx --v=8
kubectl get po nginx --v=9

Answer: B

NEW QUESTION 49
Create a deployment as follows:
* Name:nginx-random
* Exposed via a servicenginx-random
* Ensure that the service & podare accessible via theirrespective DNS records
* The container(s) within anypod(s) running as a part of thisdeployment should use thenginxImage Next, use the utilitynslookupto lookup the DNS records of the service &pod and write the output to
/opt/KUNW00601/service.dnsand/opt/KUNW00601/pod.dnsrespectively.

Answer:

Explanation:
See the solution below.
Explanation
Solution:

NEW QUESTION 50
Configure the kubelet systemd- managed service, on the node labelled with name=wk8s-node-1, to launch a pod containing a single container of Image httpd named webtool automatically. Any spec files required should be placed in the /etc/kubernetes/manifests directory on the node.
You can ssh to the appropriate node using:
[student@node-1] $ ssh wk8s-node-1
You can assume elevated privileges on the node with the following command:
[student@wk8s-node-1] $ | sudo -i

Answer:

Explanation:
See the solution below.
Explanation
solution
F:\Work\Data Entry Work\Data Entry\20200827\CKA\21 C.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\21 D.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\21 E.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\21 F.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\21 G.JPG

NEW QUESTION 51
What are the differences between using a service versus using an application for Security Policy match?

A. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an "application allows the firewall to take immediate action if the port being used is a member of the application standard port list
B. There are no differences between "service" or "application." Use of an "application simplifies configuration by allowing use of a friendly application name instead of port numbers.
C. Use of a "service" enables the firewall to take action after enough packets allow for App-ID identification
D. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an application allows the firewall to take action after enough packets allow for App-ID identification regardless of the ports being used

Answer: A

NEW QUESTION 52
Get IP address of the pod - "nginx-dev"

Answer:

Explanation:
See the solution below.
Explanation
Kubect1 get po -o wide
Using JsonPath
kubect1 get pods -o=jsonpath='{range
items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'

NEW QUESTION 53
Create a busybox pod and add "sleep 3600" command

Answer:

Explanation:
See the solution below.
Explanation
kubectl run busybox --image=busybox --restart=Never -- /bin/sh -c
"sleep 3600"

NEW QUESTION 54
List all service account and create a service account called "admin"

A. kubectl get sa
kubectl get sa --all-namespaces
//Verify
kubectl get sa admin -o yaml
B. kubectl get sa
kubectl get sa --all-namespaces
kubectl create sa admin
//Verify
kubectl get sa admin -o yaml

Answer: B

NEW QUESTION 55
A Kubernetes worker node, named wk8s-node-0 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any changes are made permanent.
You can ssh to the failed node using:
[student@node-1] $ | ssh Wk8s-node-0
You can assume elevated privileges on the node with the following command:
[student@w8ks-node-0] $ | sudo -i

Answer:

Explanation:
solution

NEW QUESTION 56
Pause the rollout of the deployment

Answer:

Explanation:
kubectl rollout pause deploy webapp

NEW QUESTION 57
Create an nginx pod and load environment values from the above configmap "keyvalcfgmap" and exec into the pod and verify the environment variables and delete the pod

A. // first run this command to save the pod yaml
kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nginx-pod.yml
// edit the yml to below file and create
vim nginx-pod.yml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
envFrom:
- configMapRef:
name: keyvalcfgmap
restartPolicy: Always
kubectl apply -f nginx-pod.yml
// verify
kubectl exec -it nginx -- env
kubectl delete po nginx
B. // first run this command to save the pod yaml
kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nginx-pod.yml
// edit the yml to below file and create
vim nginx-pod.yml
apiVersion: v1
name: nginx
envFrom:
- configMapRef:
name: keyvalcfgmap
restartPolicy: Always
kubectl apply -f nginx-pod.yml
// verify
kubectl exec -it nginx -- env
kubectl delete po nginx

Answer: A

NEW QUESTION 58
Create a hostPath PersistentVolume named task-pv-volume with storage 10Gi, access modes ReadWriteOnce, storageClassName manual, and volume at /mnt/data and verify

A. vim task-pv-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: task-pv-volume
labels:
type: local
spec:
storageClassName: ""
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
kubectl apply -f task-pv-volume.yaml
//Verify
kubectl get pv
NAME CAPACITY ACCESS
MODES RECLAIM POLICY STATUS CLAIM
STORAGECLASS REASON AGE
task-pv-volume 5Gi RWO
Retain Available
3s
B. vim task-pv-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: task-pv-volume
labels:
type: local
spec:
storageClassName: ""
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
kubectl apply -f task-pv-volume.yaml
//Verify
kubectl get pv
NAME CAPACITY ACCESS
MODES RECLAIM POLICY STATUS CLAIM
STORAGECLASS REASON AGE
task-pv-volume 4Gi RWO
Retain Available
8s

Answer: A

NEW QUESTION 59
Given a partially-functioning Kubernetes cluster, identify symptoms of failure on the cluster.
Determine the node, the failing service, and take actions to bring up the failed service and restore the health of the cluster. Ensure that any changes are made permanently.
You can ssh to the relevant I nodes (bk8s-master-0 or bk8s-node-0) using:
[student@node-1] $ ssh <nodename>
You can assume elevated privileges on any node in the cluster with the following command:
[student@nodename] $ | sudo -i

Answer:

Explanation:
solution

NEW QUESTION 60
Create a persistent volume with name app-data, of capacity 2Gi and access mode ReadWriteMany. The type of volume is hostPath and its location is /srv/app-data.

Answer:

Explanation:
See the solution below.
Explanation
solution
Persistent Volume
A persistent volume is a piece of storage in a Kubernetes cluster. PersistentVolumes are a cluster-level resource like nodes, which don't belong to any namespace. It is provisioned by the administrator and has a particular file size. This way, a developer deploying their app on Kubernetes need not know the underlying infrastructure. When the developer needs a certain amount of persistent storage for their application, the system administrator configures the cluster so that they consume the PersistentVolume provisioned in an easy way.
Creating Persistent Volume
kind: PersistentVolumeapiVersion: v1metadata: name:app-dataspec: capacity: # defines the capacity of PV we are creating storage: 2Gi #the amount of storage we are tying to claim accessModes: # defines the rights of the volume we are creating - ReadWriteMany hostPath: path: "/srv/app-data" # path to which we are creating the volume Challenge
* Create a Persistent Volume named ReadWriteMany, storage classname
shared, 2Gi of storage capacity and the host path

2. Save the file and create the persistent volume.
Image for post

3. View the persistent volume.

* Our persistent volume status is available meaning it is available and it has not been mounted yet. This status will change when we mount the persistentVolume to a persistentVolumeClaim.
PersistentVolumeClaim
In a real ecosystem, a system admin will create the PersistentVolume then a developer will create a PersistentVolumeClaim which will be referenced in a pod. A PersistentVolumeClaim is created by specifying the minimum size and the access mode they require from the persistentVolume.
Challenge
* Create a Persistent Volume Claim that requests the Persistent Volume we had created above. The claim should request 2Gi. Ensure that the Persistent Volume Claim has the same storageClassName as the persistentVolume you had previously created.
kind: PersistentVolumeapiVersion: v1metadata: name:
spec:
accessModes: - ReadWriteMany
requests: storage: 2Gi
storageClassName: shared
2. Save and create the pvc
njerry191@cloudshell:~ (extreme-clone-2654111)$ kubect1 create -f app-data.yaml persistentvolumeclaim/app-data created
3. View the pvc
Image for post

4. Let's see what has changed in the pv we had initially created.
Image for post

Our status has now changed from available to bound.
5. Create a new pod named myapp with image nginx that will be used to Mount the Persistent Volume Claim with the path /var/app/config.
Mounting a Claim
apiVersion: v1kind: Podmetadata: creationTimestamp: null name: app-dataspec: volumes: - name:congigpvc persistenVolumeClaim: claimName: app-data containers: - image: nginx name: app volumeMounts: - mountPath: "/srv/app-data " name: configpvc