← CBA hub

CBA — Backstage Infrastructure

22% of the CBA exam. Sample questions below; the full library has 26 questions tagged to this domain.

Sample questions on Backstage Infrastructure

Backstage Infrastructure

Q1. How does Backstage handle environment-specific configuration?

Reveal answer and explanations
  1. A Multiple app-config files with environment-specific overrides

    Correct. Backstage supports app-config.yaml base file with environment-specific overrides (app-config.production.yaml, app-config.development.yaml).

  2. B Storing all configuration in the database

    Incorrect. Configuration files are the primary method, not the database.

  3. C Using only environment variables without any YAML files

    Incorrect. While environment variables can be used, YAML files are the standard approach.

  4. D One app-config.yaml file with hardcoded values for each environment

    Incorrect. Hardcoding defeats the purpose of environment-specific config.

Backstage Infrastructure

Q2. When placing Backstage behind a reverse proxy or load balancer, why must the backend be configured to trust forwarded headers correctly?

Reveal answer and explanations
  1. A So Backstage can reconstruct the original protocol and host for redirects, auth callbacks, and generated links

    Correct. Backstage needs the original external URL context to build correct redirects, callback URLs, and links when it's behind a proxy.

  2. B So Node.js can terminate TLS directly in the app even when TLS is already terminated at the proxy

    Incorrect. TLS termination is typically handled at the proxy or load balancer, not by trusting forwarded headers.

  3. C So the catalog can determine which cluster node originally emitted each entity refresh event

    Incorrect. Forwarded headers are about request origin metadata, not catalog event tracking.

  4. D So the frontend can bypass CORS checks for external APIs

    Incorrect. CORS behavior is configured separately and is not bypassed by trusting forwarded headers.

Backstage Infrastructure

Q3. An internal integration needs server-side APIs and scheduled work inside Backstage. What does the backend plugin system enable?

Reveal answer and explanations
  1. A Server-side plugins that add APIs, services, and integrations

    Correct. Backend plugins extend Backstage with server-side APIs, services, tasks, and integrations.

  2. B Running React frontend components directly on the Node.js server

    Incorrect. Frontend React components are rendered in the browser, not as backend plugin code.

  3. C Replacing the entire Backstage backend for every customization

    Incorrect. Backend plugins extend the backend rather than requiring a full replacement.

  4. D Managing Docker containers without Kubernetes or deployment tooling

    Incorrect. Container management is outside the Backstage backend plugin system.

Backstage Infrastructure

Q4. What is the primary security concern when configuring external authentication providers (GitHub, Google, Okta) in Backstage?

Reveal answer and explanations
  1. A External auth providers should be disabled in development to prevent accidental exposures

    Incorrect. Auth providers work fine in development; just ensure secrets are configured.

  2. B All users must be manually synced from the auth provider into Backstage's database

    Incorrect. Backstage doesn't store duplicate user data; it queries the auth provider at runtime.

  3. C The OAuth client ID must be encrypted in the app-config

    Incorrect. Client IDs are public; only secrets need protection.

  4. D The OAuth client secret must be securely stored and never exposed in app-config; credentials should be injected via secrets management

    Correct. OAuth secrets must never be in version control; they're injected via environment variables or secrets management systems.

Backstage Infrastructure

Q5. A production Backstage deployment needs environment-specific auth providers, integrations, and database settings. What role does app-config.yaml serve?

Reveal answer and explanations
  1. A Runtime config for installed features and integrations

    Correct. Backstage reads configuration from app-config files and related sources at runtime, so installed plugins and integrations can be configured per environment.

  2. B It defines Docker image layers for the container build

    Incorrect. Docker image layers are defined by Dockerfiles.

  3. C It declares TypeScript interfaces shared by plugin packages

    Incorrect. TypeScript interfaces are defined in source files, not runtime config.

  4. D It replaces Kubernetes manifests for pods and services

    Incorrect. Kubernetes manifests still define deployment resources.

Drill Backstage Infrastructure with the full bankDomain Drill mode targets your weak areas — paid feature

How this domain is tested

Backstage Infrastructure accounts for 22% of the CBA exam. Expect questions that test recall of terminology and the ability to read short scenarios — not deep configuration. Use the sample questions above as difficulty calibration; if any feel hard, the rest of our 26-question domain bank will close those gaps.