[Mar-2022] Linux Foundation CKA Dumps - Secret To Pass in First Attempt
Linux Foundation CKA Exam Dumps [2022] Practice Valid Exam Dumps Question
NEW QUESTION 37
On the NGFW, how can you generate and block a private key from export and thus harden your security posture and prevent rogue administrators or other bad actors from misusing keys?
- A. 1) Select Device > Certificates
2) Select Certificate Profile.
3) Generate the certificate
4) Select Block Private Key Export. - B. 1) Select Device > Certificate Management > Certificates Device > Certificates
2) Generate the certificate.
3) Select Block Private Key Export.
4) Click Generate to generate the new certificate. - C. 1) Select Device > Certificates
2) Select Certificate Profile
3) Generate the certificate
4) Select Block Private Key Export - D. 1) Select Device > Certificate Management > Certificates >Device > Certificates
2) Import the certificate.
3) Select Import Private Key
4) Click Generate to generate the new certificate.
Answer: C
NEW QUESTION 38
Create a nginx pod with label env=test in engineering namespace
Answer:
Explanation:
See the solution below.
Explanation
kubectl run nginx --image=nginx --restart=Never --labels=env=test --namespace=engineering --dry-run -o yaml > nginx-pod.yaml kubectl run nginx --image=nginx --restart=Never --labels=env=test --namespace=engineering --dry-run -o yaml | kubectl create -nengineering-f - YAML File:
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: engineering
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
restartPolicy: Never
kubectl create -f nginx-pod.yaml
NEW QUESTION 39
What is the maximum number of samples that can be submitted to WildFire manually per day?
- A. 15,000
- B. 5,000
- C. 2,000
- D. 1,000
Answer: D
NEW QUESTION 40
Create a configmap called cfgvolume with values var1=val1,
var2=val2 and create an nginx pod with volume nginx-volume which
reads data from this configmap cfgvolume and put it on the path
/etc/cfg
- A. // first create a configmap cfgvolume
kubectl create cm cfgvolume --from-literal=var1=val1 --fromliteral=var2=val2
// verify the configmap
kubectl describe cm cfgvolume
// create the config map
kubectl create -f nginx-volume.yml
vim nginx-configmap-pod.yaml
apiVersion: v1
kind: Pod
- name: nginx-volume
configMap:
name: cfgvolume
containers:
- image: nginx
name: nginx
volumeMounts:
- name: nginx-volume
mountPath: /etc/cfg
restartPolicy: Always
k kubectl apply -f nginx-configmap-pod.yaml
/ // Verify
// exec into the pod
kubectl exec -it nginx -- /bin/sh
// check the path
cd /etc/cfg - B. // first create a configmap cfgvolume
kubectl create cm cfgvolume --from-literal=var1=val1 --fromliteral=var2=val2
// verify the configmap
kubectl describe cm cfgvolume
// create the config map
kubectl create -f nginx-volume.yml
vim nginx-configmap-pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
volumes:
- name: nginx-volume
configMap:
name: cfgvolume
containers:
- image: nginx
name: nginx
volumeMounts:
- name: nginx-volume
mountPath: /etc/cfg
restartPolicy: Always
k kubectl apply -f nginx-configmap-pod.yaml
/ // Verify
// exec into the pod
kubectl exec -it nginx -- /bin/sh
// check the path
cd /etc/cfg
Answer: B
NEW QUESTION 41
Resume the rollout of the deployment
Answer:
Explanation:
kubectl rollout resume deploy webapp
NEW QUESTION 42
Create a pod with image nginx called nginx and allow traffic on port 80
Answer:
Explanation:
kubectl run nginx --image=nginx --restart=Never --port=80
NEW QUESTION 43
Add a taint to node "worker-2" with effect as "NoSchedule" and
list the node with taint effect as "NoSchedule"
- A. // Add taint to node "worker-2"
kubectl taint nodes worker-2 key=value:NoSchedule
.items[*]}{.metadata.name} {.spec.taints[?(
@.effect=='NoSchedule' )].effect}{\"\n\"}{end}" | awk 'NF==2
{print $0}' - B. // Add taint to node "worker-2"
kubectl taint nodes worker-2 key=value:NoSchedule
// Verify
// Using "custom-coloumns" , you can customize which coloumn to
be printed
kubectl get nodes -o customcolumns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers
// Using jsonpath
kubectl get nodes -o jsonpath="{range
.items[*]}{.metadata.name} {.spec.taints[?(
@.effect=='NoSchedule' )].effect}{\"\n\"}{end}" | awk 'NF==2
{print $0}'
Answer: B
NEW QUESTION 44
List "nginx-dev" and "nginx-prod" pod and delete those pods
- A. kubect1 get pods -o wide
kubectl delete po "nginx-dev" kubectl delete po "nginx-prod" - B. kubect1 get pods -o wide
kubectl delete po "nginx-dev" kubectl delete po "nginx-prod"
Answer: B
NEW QUESTION 45
Check the history of deployment
Answer:
Explanation:
kubectl rollout history deployment webapp
NEW QUESTION 46
Set the node named ek8s-node-1 as unavailable and reschedule all the pods running on it.
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION 47
Create a file:
/opt/KUCC00302/kucc00302.txt that lists all pods that implement service in namespace development.
The format of the file should be one pod name per line.
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION 48
Evict all existing pods from a node-1 and make the node unschedulable for new pods.
- A. kubectl get nodes
kubectl drain node-1 #It will evict pods running on node-1 to
other nodes in the cluster
// Verify
kubectl get no
When you cordon a node, the status shows "SchedulingDisabled" - B. kubectl get nodes
kubectl drain node-1 #It will evict pods running on node-1 to
other nodes in the cluster
kubectl cordon node-1 # New pods cannot be scheduled to the
node
// Verify
kubectl get no
When you cordon a node, the status shows "SchedulingDisabled"
Answer: B
NEW QUESTION 49
Create a redis pod named "test-redis" and exec into that pod and create a file named "test-file.txt" with the text 'This is called the test file' in the path /data/redis and open another tab and exec again with the same pod and verifies file exist in the same path.
- A. vim test-redis.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-redis
spec:
containers:
- name: redis
image: redis
ports:
- containerPort: 6379
volumeMounts:
- mountPath: /data/redis
name: redis-storage
volumes:
kubectl exec -it test-redis /bin/sh
cd /data/redis
echo 'This is called the test file' > file.txt
//open another tab
kubectl exec -it test-redis /bin/sh
cat /data/redis/file.txt - B. vim test-redis.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-redis
spec:
containers:
- name: redis
image: redis
ports:
- containerPort: 6379
volumeMounts:
- mountPath: /data/redis
name: redis-storage
volumes:
- name: redis-storage
emptyDir: {}
kubectl apply -f redis-pod-vol.yaml
// first terminal
kubectl exec -it test-redis /bin/sh
cd /data/redis
echo 'This is called the test file' > file.txt
//open another tab
kubectl exec -it test-redis /bin/sh
cat /data/redis/file.txt
Answer: B
NEW QUESTION 50
Deployment
a. Create a deployment of webapp with image nginx:1.17.1 with
container port 80 and verify the image version
- A. // Create initial YAML file with -dry-run option
kubectl create deploy webapp --image=nginx:1.17.1 --dryrun=client -o yaml > webapp.yaml vim webapp.yaml apiVersion: apps/v1 kind: Deployment metadata:
labels:
app: webapp
name: webapp
spec: replicas: 1 containers: - image: nginx:1.17.1 name: nginx kubectl create -f webapp.yaml -record=true //Verify Image Version kubectl describe deploy webapp | grep -i "Image" Using JsonPath kubectl get deploy -o=jsonpath='{range.items [*]}{.[*]} {.metadata.name}{"\t"}{.spec.template.spec.containers[*].i mage}{"\n"}' - B. // Create initial YAML file with -dry-run option
kubectl create deploy webapp --image=nginx:1.17.1 --dryrun=client -o yaml > webapp.yaml vim webapp.yaml apiVersion: apps/v1 kind: Deployment metadata:
labels:
app: webapp
name: webapp
spec: replicas: 1 selector: matchLabels: app: webapp template: metadata: labels: app: webapp spec: containers: - image: nginx:1.17.1 name: nginx kubectl create -f webapp.yaml -record=true //Verify Image Version kubectl describe deploy webapp | grep -i "Image" Using JsonPath kubectl get deploy -o=jsonpath='{range.items [*]}{.[*]} {.metadata.name}{"\t"}{.spec.template.spec.containers[*].i mage}{"\n"}'
Answer: B
NEW QUESTION 51
Score: 7%
Task
Given an existing Kubernetes cluster running version 1.20.0, upgrade all of the Kubernetes control plane and node components on the master node only to version 1.20.1.
Be sure to drain the master node before upgrading it and uncordon it after the upgrade.
You are also expected to upgrade kubelet and kubectl on the master node.
Answer:
Explanation:
See the solution below.
Explanation
SOLUTION:
[student@node-1] > ssh ek8s
kubectl cordon k8s-master
kubectl drain k8s-master --delete-local-data --ignore-daemonsets --force apt-get install kubeadm=1.20.1-00 kubelet=1.20.1-00 kubectl=1.20.1-00 --disableexcludes=kubernetes kubeadm upgrade apply 1.20.1 --etcd-upgrade=false systemctl daemon-reload systemctl restart kubelet kubectl uncordon k8s-master
NEW QUESTION 52
Create an nginx pod and set an env value as 'var1=val1'. Check the env value existence within the pod
- A. kubectl run nginx --image=nginx --restart=Never --env=var1=val1
# then
kubectl exec -it nginx -- env
# or
kubectl run nginx --restart=Never --image=nginx --env=var1=val1
-it --rm -- env - B. kubectl run nginx --image=nginx --restart=Never --env=var1=val1
# then
kubectl exec -it nginx -- env
# or
kubectl exec -it nginx -- sh -c 'echo $var1'
# or
kubectl describe po nginx | grep val1
# or
kubectl run nginx --restart=Never --image=nginx --env=var1=val1
-it --rm - env
Answer: B
NEW QUESTION 53
Create a snapshot of the etcd instance running at https://127.0.0.1:2379, saving the snapshot to the file path
/srv/data/etcd-snapshot.db.
The following TLS certificates/key are supplied for connecting to the server with etcdctl:
CA certificate: /opt/KUCM00302/ca.crt
Client certificate: /opt/KUCM00302/etcd-client.crt
Client key: Topt/KUCM00302/etcd-client.key
Answer:
Explanation:
See the solution below.
Explanation
solution
F:\Work\Data Entry Work\Data Entry\20200827\CKA\18 C.JPG
NEW QUESTION 54
Create a nginx pod that will be deployed to node with the label
"gpu=true"
- A. kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nodeselector-pod.yaml
// add the nodeSelector like below and create the pod
kubectl apply -f nodeselector-pod.yaml
vim nodeselector-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
nodeSelector:
gpu: true
yaml
//Verify
kubectl get no -show-labels
kubectl get po
kubectl describe po nginx | grep Node-Selectors - B. kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nodeselector-pod.yaml
// add the nodeSelector like below and create the pod
kubectl apply -f nodeselector-pod.yaml
vim nodeselector-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
nodeSelector:
gpu: true
containers:
- image: nginx
name: nginx
restartPolicy: Always
kubectl apply -f nodeselector-pod.yaml
//Verify
kubectl get no -show-labels
kubectl get po
kubectl describe po nginx | grep Node-Selectors
Answer: B
NEW QUESTION 55
Check the image version in pod without the describe command
Answer:
Explanation:
See the solution below.
Explanation
kubectl get po nginx -o
jsonpath='{.spec.containers[].image}{"\n"}'
NEW QUESTION 56
Create 5 nginx pods in which two of them is labeled env=prod and
three of them is labeled env=dev
- A. kubectl run nginx-dev1 --image=nginx --restart=Never --
labels=env=dev
kubectl run nginx-dev2 --image=nginx --restart=Never --
labels=env=dev
kubectl run nginx-prod1 --image=nginx --restart=Never --
labels=env=prod
kubectl run nginx-prod2 --image=nginx --restart=Never --
labels=env=prod - B. kubectl run nginx-dev1 --image=nginx --restart=Never --
labels=env=dev
kubectl run nginx-dev2 --image=nginx --restart=Never --
labels=env=dev
kubectl run nginx-dev3 --image=nginx --restart=Never --
labels=env=dev
kubectl run nginx-prod1 --image=nginx --restart=Never --
labels=env=prod
kubectl run nginx-prod2 --image=nginx --restart=Never --
labels=env=prod
Answer: B
NEW QUESTION 57
Ensure a single instance of podnginxis running on each node of theKubernetes cluster wherenginxalso represents the Image name whichhas to be used. Do not override anytaints currently in place.
UseDaemonSetto complete thistask and useds-kusc00201asDaemonSet name.
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION 58
Create a persistent volume with nameapp-data, of capacity2Giandaccess modeReadWriteMany. Thetype of volume ishostPathand itslocation is/srv/app-data.
Answer:
Explanation:
See the solution below.
Explanation
solution
Persistent Volume
A persistent volume is a piece of storage in aKubernetes cluster. PersistentVolumes are a cluster-level resource like nodes, which don't belong to any namespace. It is provisioned by the administrator and has a particular file size. This way, a developer deploying their app on Kubernetes need not knowthe underlying infrastructure.
When the developer needs a certain amount of persistent storage for their application, the system administrator configures the cluster so that they consume the PersistentVolume provisioned in an easy way.
Creating PersistentVolume
kind: PersistentVolumeapiVersion: v1metadata:name:app-dataspec:capacity: # defines the capacity of PV we are creatingstorage:2Gi#the amount of storage we are tying to claimaccessModes: # defines the rights of the volumewe are creating-ReadWriteManyhostPath:path: "/srv/app-data" # path to which we are creating the volume Challenge
* Create a Persistent Volume named ReadWriteMany, storage classname
shared,2Giof storage capacity and the host path
2. Save the file and create the persistent volume.
Image for post
3. View the persistent volume.
* Our persistent volume status is available meaning it is available and it has not been mounted yet. This status willchange when we mount the persistentVolume to a persistentVolumeClaim.
PersistentVolumeClaim
In a real ecosystem, a system admin will create the PersistentVolume then a developer will create a PersistentVolumeClaim which will be referenced in a pod. A PersistentVolumeClaim is created by specifying the minimum size and the access mode they require from the persistentVolume.
Challenge
* Create a Persistent Volume Claim that requests the Persistent Volume we had created above. The claim should request 2Gi. Ensurethat the Persistent Volume Claim has the same storageClassName as the persistentVolume you had previously created.
kind: PersistentVolumeapiVersion: v1metadata:name:
spec:
accessModes:-ReadWriteManyresources:
requests:storage:2Gi
storageClassName:shared
2. Save and create the pvc
njerry191@cloudshell:~(extreme-clone-2654111)$ kubect1 create -f app-data.yaml persistentvolumeclaim/app-data created
3. View the pvc
Image for post
4. Let's see what has changed in the pv we had initially created.
Image for post
Our status has now changed fromavailabletobound.
5. Create a new pod named myapp with image nginx that will be used to Mount the Persistent Volume Claim with the path /var/app/config.
Mounting a Claim
apiVersion: v1kind: Podmetadata:creationTimestamp: nullname: app-dataspec:volumes:- name:congigpvcpersistenVolumeClaim:claimName: app-datacontainers:- image: nginxname:
appvolumeMounts:- mountPath: "
NEW QUESTION 59
Create a pod that echo "hello world" and then exists. Have the pod deleted automatically when it's completed
Answer:
Explanation:
kubectl run busybox --image=busybox -it --rm --restart=Never -- /bin/sh -c 'echo hello world' kubectl get po # You shouldn't see pod with the name "busybox"
NEW QUESTION 60
List all the pods sorted by created timestamp
Answer:
Explanation:
See the solution below.
Explanation
kubect1 get pods--sort-by=.metadata.creationTimestamp
NEW QUESTION 61
......
CKA Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions: https://certlibrary.itpassleader.com/Linux-Foundation/CKA-dumps-pass-exam.html