출처: Udemy, Kubernetes Certified (KCNA) + Hands On Labs + Practice Exams
섹션5
퀴즈26
Q3. Which component of Kubernetes uses the API to track the state of pods and nodes, and to schedule pods onto nodes?
A. kube-scheduler
Q6. If the --authorization-mode flag is not specified when starting the API server, what default mode does the Kubernetes API server use?
A. AlwaysAllow
Q8. In the path a request to the Kubernetes API follows, which step occurs immediately after Authorization?
A. Admission Control
+) 요청 → Route Matching → Authentication → Authorization → Admission Control → 실행
Q10. If you want to quickly list all available API resources in your current Kubernetes cluster from the command line, which command would you use?
A. kubectl api-resource
Q12. What are the three crucial stages that a request to the Kubernetes API goes through in the context of security and policy enforcement?
A. Authentication, Authorisation, Admission Control
퀴즈27
Q3. What is the purpose of Certificate Authority (CA) in Kubernetes?
A. To create and verify certificates in the cluster
Q4. How are Users and Groups typically managed in Kubernetes?
A. Managed externally
Q8. Which command is used to create an RSA private key?
A. openssl genrsa -out user.key 4096
+) openssl rsa: 이미 존재하는 RSA 키를 수정하거나 정보 추출할 때 사용
Q10. How is a new user, such as "batman", associated with a group in Kubernetes RBAC?
A. Through the "O" field in the certificate subject
Q11. What does the "CN" stand for in the subject line of a Kubernetes certificate?
A. Common Name
Q13. In Kubernetes, if a Pod is deployed without an explicitly assigned Service Account, which Service Account is automatically assigned?
A. default
퀴즈28
Q4. What is the purpose of the schedulerName field in a pod’s specification?
A. To specify which scheduler should dispatch the pod
퀴즈29
Q8. In the video example what was the purpose of adding a nodeSelector to the pod configuration?
A. To ensure the pod runs on a specific node due to storage limitations
Q10. Which storage solution is known for providing comprehensive storage capabilities, including block, file, and object storage, in distributed systems?
Q. Ceph
+) Ceph는 오픈 소스 분산 스토리지 시스템으로, 대규모 환경에서 고가용성, 확장성, 그리고 다양한 스토리지 인터페이스를 제공
퀴즈30
Q1. What is the primary difference between Deployments and StatefulSets in Kubernetes?
A. StatefulSets provide a sticky identity for each pod
+) Deployment는 상태 없는 앱에, StatefulSet은 상태 유지가 필요한 앱에 사용
StatefulSet의 핵심은 Pod 개별 식별성(Sticky Identity) 과 고유한 스토리지 유지 -> Pod가 죽었다가 살아나도 그 정체성이 유지되기 때문에 데이터베이스, Kafka, Zookeeper 등과 같이 상태를 가지는 서비스에 적합
Q2. When a StatefulSet is used in Kubernetes, how does each pod manage its storage?
A. Each pod creates its own Persistent Volume Claim
Q3. What is the purpose of the 'serviceName' in a StatefulSet's configuration?
A. It is used to define a headless service for network identity
Q6. In a StatefulSet's updateStrategy, what is the purpose of the 'partition' value?
A. It indicates the starting point for a rolling update
퀴즈31
Q3.How does a NetworkPolicy in Kubernetes become effective?
A. It becomes effective after it is applied
Q4. When a pod is created using kubectl run in Kubernetes, what type of label is automatically assigned to it?
A. run: <name>
Q6. What is the default behaviour of a pod in a Kubernetes cluster that does not have any NetworkPolicies applied to it?
A. It can send and receive traffic from any source
퀴즈32
Q1. What is the primary purpose of Pod Disruption Budgets (PDBs) in Kubernetes?
A. To ensure high availability during voluntary disruptions
+) PDB는 Kubernetes에서 고가용성을 유지하기 위한 정책
Q3. Which Kubernetes command is used to make a node un-schedulable?
A. kubectl cordon
+) cordon은 노드를 unschedulable(스케줄 불가) 상태로 만드는 명령어
Q4. What happens when you use the 'kubectl drain' command on a node?
A. It removes all pods from the node
+) kubectl cordon: 노드를 "스케줄 불가" 상태로 만듦
kubectl drain: 노드에서 파드 제거 + cordon
퀴즈33
Q1. What Kubernetes feature defines privilege and access control settings for a Pod or Container?
A. Security Contexts
Q3. What Kubernetes security feature was deprecated in version 1.21 and removed in version 1.25?
A. Pod Security Policies
Q5. Which protocol is recommended for enhanced authentication in large-scale Kubernetes deployments?
A. OpenID Connect (OIDC)
+) OAuth 2.0은 권한 위임(Authorization)을 위한 프로토콜
OIDC는 그 위에 사용자 인증(Authentication) 기능을 추가한 것
Q6. Which tool is designed for vulnerability and misconfiguration scanning in Kubernetes clusters?
A. Kubescape
Q9. Which sequence correctly represents the 4C's of Cloud Native Security?
A. Cloud, Clusters, Containers, Code
퀴즈34
Q2. Which of the following is required for Helm's plugin installation?
A. git
Q4. How can Helm Charts be packaged for distribution?
A. Using the hlem package command
퀴즈35
Q3. What is one of the key security features provided by a Service Mesh?
A. Mutual TLS
Q6. Which aspect is NOT directly addressed by Service Mesh Interface (SMI) API specifications?
A. Data Storage
+) SMI가 하는 일: 트래픽 라우팅, 접근 제어, 메트릭 수집
섹션6
퀴즈37
Q1. Who was the original creator of Prometheus before it was donated to CNCF?
A. SoundCloud
Q4. What is the primary role of the Node-exporter in Prometheus?
A. Providing hardware and OS metrics from the Kernel
+) Node-exporter는 Prometheus와 함께 사용되는 Exporter 중 하나로, 리눅스 커널로부터 하드웨어 및 운영체제 수준의 메트릭을 수집하는 역할
퀴즈38
Q2. Which of the following is a characteristic of On-Demand instances in cloud computing?
A. 'They can be spun up in seconds and disposed of as needed
Q3. What is a key consideration when using Reserved Instances in cloud computing?
A. They involve upfront payment for a committed period with potential cost savings
Q4. What is a significant risk associated with using Spot Instances in cloud computing?
A. There is no guarantee of instance availability
+) 언제든지 회수(중단)될 수 있음
→ 클라우드 공급자가 더 높은 우선순위의 워크로드에 자원을 재할당해야 할 경우
→ Spot 인스턴스를 중단(terminate)할 수 있음
→ 사용자에게 사전 통보는 있지만, 보장된 지속 사용은 불가능
퀴즈39
Q1. GitOps can be best described as:
A. A set of practices that uses Git as a single source of truth for cluster management and application delivery
Q3. In Argo CD, how is the initial admin password retrieved?
A. By querying the argocd-initial-admin-secret using a kubectl get secret command
Q5. Which GitOps delivery tool utilises the GitOps Toolkit?
A. Flux
Q6. In the GitOps paradigm for Kubernetes, which tool is specifically designed to ensure that the state of a cluster matches the configuration stored in a Git repository?
A. Flux
단어
| 영어단어 | 뜻 |
|---|---|
| compatible | 호환되는 |
| ephemeral | 일시적인 |
| comprehensive | 포괄적인 |
| Disruption | 분열 |
| eviction | 추방, 내쫓음 |
| Observability | 가시성, (it) 시스템의 내부 상태를 외부 데이터를 통해 이해하는 능력 |
| telemetry | 원격측정 |
| bandwith | 대역폭 |
| pillar | 핵심요소 |
| compliant | 준수하는 |
| spun up | 시작하다, 가동하다 |
| upfront | 미리, 선불로 |
