Free Preparation Discussions
MENU
Linux Foundation KCNA Exam Questions
- Topic 1: Kubernetes Fundamentals: In this topic, existing and aspiring developers, administrators, architects, and managers are introduced to foundational Kubernetes concepts, covering Kubernetes resources, architecture, and the Kubernetes API. The topic discusses the role of containers and their relationship to Kubernetes, emphasizing how scheduling works within the cluster.
- Topic 2: Container Orchestration: This topic delves into the principles of container orchestration, including runtime, security, and networking within Kubernetes clusters. The discussion extends to service mesh and storage solutions, enabling the audience to design and manage scalable, secure containerized workloads. Understanding these concepts prepares the target audience to navigate Kubernetes orchestration and enhance operational efficiency in cloud-native workflows.
- Topic 3: Cloud Native Architecture: This section highlights autoscaling, serverless technologies, and the roles and personas that drive cloud-native innovation. It explores open standards, community involvement, and governance frameworks, enabling the target audience to design systems aligned with modern practices.
- Topic 4: Cloud Native Observability: In this topic, telemetry and observability tools like Prometheus are examined, focusing on monitoring, logging, and diagnostics. Cost management strategies are also discussed, offering insights into optimizing resource usage. This equips the target audience to ensure the reliability and cost-efficiency of cloud-native applications, enhancing system performance and business value.
- Topic 5: Cloud Native Application Delivery: This section introduces the fundamentals of application delivery, emphasizing GitOps and CI/CD pipelines. It outlines strategies for deploying and managing cloud-native applications effectively. By mastering these concepts, the target audience learns to streamline delivery processes and adopt modern workflows for continuous integration and deployment in Kubernetes environments.
Free Linux Foundation KCNA Exam Actual Questions
Note: Premium Questions for KCNA were last updated On Mar. 17, 2026 (see below)
What is the main role of the Kubernetes DNS within a cluster?
Kubernetes DNS (commonly implemented by CoreDNS) provides service discovery inside the cluster by assigning stable, consistent DNS names to Services and (optionally) Pods, which makes D correct. In a Kubernetes environment, Pods are ephemeral---IP addresses can change when Pods restart or move between nodes. DNS-based discovery allows applications to communicate using stable names rather than hardcoded IPs.
For Services, Kubernetes creates DNS records like service-name.namespace.svc.cluster.local, which resolve to the Service's virtual IP (ClusterIP) or, for headless Services, to the set of Pod endpoints. This supports both load-balanced communication (standard Service) and per-Pod addressing (headless Service, commonly used with StatefulSets). Kubernetes DNS is therefore a core building block that enables microservices to locate each other reliably.
Option A is not Kubernetes DNS's purpose; it serves cluster workloads rather than external VMs. Option B describes a managed DNS hosting product (creating zones/registries), which is outside the scope of cluster DNS. Option C describes protocol translation, which is not the role of DNS. Dual-stack support relates to IP families and networking configuration, not DNS translating IPv6 to IPv4.
In day-to-day Kubernetes operations, DNS reliability impacts everything: if DNS is unhealthy, Pods may fail to resolve Services, causing cascading outages. That's why CoreDNS is typically deployed as a highly available add-on in kube-system, and why DNS caching and scaling are important for large clusters.
So the correct statement is D: Kubernetes DNS provides consistent DNS names so workloads can communicate reliably.
=========
Which authorization-mode allows granular control over the operations that different entities can perform on different objects in a Kubernetes cluster?
Role Based Access Control (RBAC) is the standard Kubernetes authorization mode that provides granular control over what users and service accounts can do to which resources, so B is correct. RBAC works by defining Roles (namespaced) and ClusterRoles (cluster-wide) that contain sets of rules. Each rule specifies API groups, resource types, resource names (optional), and allowed verbs such as get, list, watch, create, update, patch, and delete. You then attach these roles to identities using RoleBindings or ClusterRoleBindings.
This gives fine-grained, auditable access control. For example, you can allow a CI service account to create and patch Deployments only in a specific namespace, while restricting it from reading Secrets. You can allow developers to view Pods and logs but prevent them from changing cluster-wide networking resources. This is exactly the ''granular control over operations on objects'' described by the question.
Why other options are not the best answer: ''Webhook mode'' is an authorization mechanism where Kubernetes calls an external service to decide authorization. While it can be granular depending on the external system, Kubernetes' common built-in answer for granular object-level control is RBAC. ''Node authorization'' is a specialized authorizer for kubelets/nodes to access resources they need; it's not the general-purpose system for all cluster entities. ABAC (Attribute-Based Access Control) is an older mechanism and is not the primary recommended authorization model; it can be expressive but is less commonly used and not the default best-practice for Kubernetes authorization today.
In Kubernetes security practice, RBAC is typically paired with authentication (certs/OIDC), admission controls, and namespaces to build a defense-in-depth security posture. RBAC policy is also central to least privilege: granting only what is necessary for a workload or user role to function. This reduces blast radius if credentials are compromised.
Therefore, the verified answer is B: Role Based Access Control.
What framework does Kubernetes use to authenticate users with JSON Web Tokens?
Kubernetes commonly authenticates users using OpenID Connect (OIDC) when JSON Web Tokens (JWTs) are involved, so A is correct. OIDC is an identity layer on top of OAuth 2.0 that standardizes how clients obtain identity information and how JWTs are issued and validated.
In Kubernetes, authentication happens at the API server. When OIDC is configured, the API server validates incoming bearer tokens (JWTs) by checking token signature and claims against the configured OIDC issuer and client settings. Kubernetes can use OIDC claims (such as sub, email, groups) to map the authenticated identity to Kubernetes RBAC subjects. This is how enterprises integrate clusters with identity providers such as Okta, Dex, Azure AD, or other OIDC-compliant IdPs.
Options B, C, and D are fabricated phrases and not real frameworks. Kubernetes documentation explicitly references OIDC as a supported method for token-based user authentication (alongside client certificates, bearer tokens, static token files, and webhook authentication). The key point is that Kubernetes does not ''invent'' JWT auth; it integrates with standard identity providers through OIDC so clusters can participate in centralized SSO and group-based authorization.
Operationally, OIDC authentication is typically paired with:
RBAC for authorization (''what you can do'')
Audit logging for traceability
Short-lived tokens and rotation practices for security
Group claim mapping to simplify permission management
So, the verified framework Kubernetes uses with JWTs for user authentication is OpenID Connect.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Shad
1 day agoLoren
9 days agoVeronique
16 days agoAnglea
24 days agoLizbeth
1 month agoAracelis
1 month agoJusta
2 months agoJani
2 months agoSlyvia
2 months agoBrett
2 months agoShala
2 months agoStephane
3 months agoMargart
3 months agoJeanice
3 months agoMariann
3 months agoLatosha
4 months agoMinna
4 months agoEvangelina
4 months agoNakita
4 months agoEllsworth
5 months agoCherri
5 months agoRanee
5 months agoCelia
5 months agoLyndia
6 months agoPeter
6 months agoMel
6 months agoGail
6 months agoCallie
7 months agoAlbina
7 months agoKeena
7 months agoWalker
8 months agoJina
9 months agoWillard
9 months agoPeggy
9 months agoGretchen
10 months agoMelda
11 months agoGabriele
11 months agoBarrie
12 months agoKasandra
1 year agoSharmaine
1 year agoArletta
1 year agoJaime
1 year agoKarl
1 year agoGlendora
1 year agoElke
1 year agoCarman
1 year agoJeanice
1 year agoNicolette
1 year agoBrittney
1 year agoIluminada
1 year agoLuann
1 year agoDelpha
1 year agoEmilio
1 year agoStevie
1 year agoCarey
1 year agoRickie
1 year agoCarli
1 year agoTegan
1 year agoHillary
1 year agoLilli
1 year agoKatina
1 year agoShoshana
1 year agoCarri
1 year agoCordelia
2 years agoMiesha
2 years agoTheola
2 years agoKaitlyn
2 years agoJeannetta
2 years agoTruman
2 years agoBrynn
2 years agoJeannetta
2 years agoCorinne
2 years agoValentin
2 years agoGerman
2 years agoAngelo
2 years ago