Linux Foundation CNPA Exam Questions

Compliance with regulations like GDPR and PCI DSS requires fine-grained control, auditing, and data protection. Option C is correct because deploying a policy engine like Open Policy Agent (OPA) enables dynamic enforcement of policies, real-time data masking, and comprehensive audit logging. This ensures sensitive data is protected while providing traceability and compliance reporting.

Option A is insufficient, as default IAM policies without Kubernetes-level governance do not provide the granularity required for compliance. Option B (Kubernetes Secrets) adds encryption but lacks auditability and runtime enforcement. Option D (RBAC and network policies) improves security posture but does not provide comprehensive compliance coverage or data privacy features like masking and logging.

OPA and similar tools integrate with Kubernetes admission control to enforce compliance policies consistently, providing the flexibility and auditability needed in regulated industries.

--- CNCF Security TAG Best Practices

--- CNCF Platforms Whitepaper

--- Cloud Native Platform Engineering Study Guide

OpenTelemetry is a CNCF project providing standardized APIs and SDKs for collecting observability data. Among its supported telemetry signals are metrics, logs, and traces. Option C is correct because traces are a core OpenTelemetry signal type that captures the journey of requests across distributed systems, making them vital for detecting latency, dependencies, and bottlenecks.

Option A (user interface), Option B (networking), and Option D (databases) represent system components or domains, not observability signals. While OpenTelemetry can instrument applications in these areas, it expresses data through its standard telemetry signals.

By supporting consistent collection of logs, metrics, and traces, OpenTelemetry enables observability pipelines to integrate seamlessly with different backends while avoiding vendor lock-in. Traces specifically provide visibility into distributed microservices, which is critical in cloud native environments.

--- CNCF Observability Whitepaper

--- OpenTelemetry CNCF Project Documentation

--- Cloud Native Platform Engineering Study Guide

Compliance with regulations like GDPR and PCI DSS requires fine-grained control, auditing, and data protection. Option C is correct because deploying a policy engine like Open Policy Agent (OPA) enables dynamic enforcement of policies, real-time data masking, and comprehensive audit logging. This ensures sensitive data is protected while providing traceability and compliance reporting.

Option A is insufficient, as default IAM policies without Kubernetes-level governance do not provide the granularity required for compliance. Option B (Kubernetes Secrets) adds encryption but lacks auditability and runtime enforcement. Option D (RBAC and network policies) improves security posture but does not provide comprehensive compliance coverage or data privacy features like masking and logging.

OPA and similar tools integrate with Kubernetes admission control to enforce compliance policies consistently, providing the flexibility and auditability needed in regulated industries.

--- CNCF Security TAG Best Practices

--- CNCF Platforms Whitepaper

--- Cloud Native Platform Engineering Study Guide

OpenTelemetry is a CNCF project providing standardized APIs and SDKs for collecting observability data. Among its supported telemetry signals are metrics, logs, and traces. Option C is correct because traces are a core OpenTelemetry signal type that captures the journey of requests across distributed systems, making them vital for detecting latency, dependencies, and bottlenecks.

Option A (user interface), Option B (networking), and Option D (databases) represent system components or domains, not observability signals. While OpenTelemetry can instrument applications in these areas, it expresses data through its standard telemetry signals.

By supporting consistent collection of logs, metrics, and traces, OpenTelemetry enables observability pipelines to integrate seamlessly with different backends while avoiding vendor lock-in. Traces specifically provide visibility into distributed microservices, which is critical in cloud native environments.

--- CNCF Observability Whitepaper

--- OpenTelemetry CNCF Project Documentation

--- Cloud Native Platform Engineering Study Guide

Platform engineering clearly separates responsibilities between platform teams and application teams. Option C is correct because platform teams manage the platform and infrastructure layer, ensuring stability, compliance, and availability, while application teams own their applications, including troubleshooting application-specific issues.

Option A (creating a single merged team) introduces inefficiency and removes specialization. Option B incorrectly suggests application teams should also solve infrastructure issues, which conflicts with platform-as-a-product principles. Option D places all responsibilities on platform teams, which creates bottlenecks and undermines application team ownership.

By splitting responsibilities, IDPs empower developers with self-service provisioning while maintaining clear boundaries. This ensures both agility and accountability: platform teams focus on enabling and securing the platform, while application teams take ownership of their code and services.

--- CNCF Platforms Whitepaper

--- Team Topologies (Platform as a Product Model)

--- Cloud Native Platform Engineering Study Guide