GitOps principles, patterns, and tooling (ArgoCD, Flux). Free practice questions sampled from our full 120-question bank, with detailed explanations for every option.
Format
multi-choice
Duration
90 min
Pass mark
75%
Study time
1–6 wks
Mocks here
2
What the CGOA exam tests
The GitOps Certified Associate exam is structured around 5 weighted domains. Each domain link below opens a focused practice page with sample questions from that area.
One representative question per domain, drawn from the 120-question pool. Click "Reveal answer" to see the correct option plus explanations for every distractor.
GitOps Terminology
Q1. A platform engineer describes their desired application configuration as being stored in a Git repository that serves as the single source of truth. What term best describes this Git repository in GitOps terminology?
Reveal answer and explanations
ADeployment Registry
Incorrect. Deployment registry typically refers to container registries, not configuration repositories.
BManifest Repository
Incorrect. While technically accurate (it does contain manifests), the precise GitOps term is state store.
CConfiguration Cache
Incorrect. While Git could cache configuration, 'cache' implies it's not authoritative, but the state store is the authority.
DState Store
Correct. The Git repository acting as the authoritative source of truth for desired state is the state store.
GitOps Principles
Q2. A platform team's GitOps system pulls deployment manifests from Git every 30 seconds and reconciles the cluster. A developer makes an unauthorized manual change to a running pod. What is the maximum time before the 'Continuously Reconciled' principle re-establishes the desired state?
Reveal answer and explanations
ANever, unless someone manually reruns the sync
Incorrect. Continuous reconciliation is automatic; manual intervention defeats the principle.
BImmediately within milliseconds
Incorrect. While possible with webhooks, a polling-based system reconciles on its interval, not instantly.
CApproximately 30 seconds (the next reconciliation interval)
Correct. With a 30-second reconciliation interval, drift is detected and corrected within that cycle; it's not instant but bounded.
DOnce per hour during the scheduled reconciliation window
Incorrect. Continuous reconciliation operates continuously, not hourly.
Related Practices
Q3. How does 'shift-left' security in DevSecOps complement a GitOps deployment strategy?
Reveal answer and explanations
AShift-left eliminates the need for runtime security controls
Incorrect. Shift-left is upstream prevention; runtime security still matters for defense in depth.
BSecurity testing and scanning occur earlier in CI (before artifacts reach the Git state store), reducing deployment of vulnerable code through GitOps
Correct. By scanning and testing in CI, vulnerable artifacts never reach the state store/registry, so GitOps deploys only pre-validated, secure artifacts.
CGitOps and shift-left security are unrelated practices
Incorrect. They're highly complementary; secure artifacts from CI feed safe GitOps deployments.
DShift-left means moving all security testing to the cluster after deployment
Incorrect. Shift-left means earlier in the pipeline, not later in the cluster.
GitOps Patterns
Q4. What is the primary architectural difference between a 'pull-based' GitOps pattern and an 'event-driven' GitOps pattern?
Reveal answer and explanations
APull-based is faster because it eliminates event latency
Incorrect. Event-driven can be faster, but pull provides consistent, predictable update intervals.
BPull-based requires more infrastructure than event-driven
Incorrect. Event-driven (webhooks) often requires additional infrastructure like event brokers.
CEvent-driven uses Git while pull-based uses databases
Incorrect. Both use Git; the difference is in the trigger mechanism, not the state store.
DPolling controllers versus webhook-triggered reconciliation
Correct. Pull polls periodically; event-driven reacts to webhooks, enabling faster but potentially less consistent updates.
Tooling
Q5. In GitOps, why might a team choose to store manifests in an S3 bucket as an alternative state store compared to a Git repository?
Reveal answer and explanations
AS3 can be useful in legacy or non-Git environments, but lacks Git's auditability, versioning, and branching capabilities, making it a less ideal state store for most GitOps practices
Correct. While S3 can work as a state store, it lacks the versioning, audit trail, and branching that make Git ideal; Git is preferred for GitOps in most scenarios.
BS3 is always faster than Git repositories
Incorrect. Performance depends on implementation and network; neither is intrinsically faster.
CS3 provides better security than Git
Incorrect. Security depends on access controls; Git with proper access control is equally secure.
DS3 eliminates the need for reconciliation controllers, which also requires specialized tooling and infrastructure setup
Incorrect. S3 still requires reconciliation controllers to work with it.
Roughly 1–6 weeks of focused study, but it depends heavily on what you already know. Engineers with hands-on production Kubernetes (or Cilium / Argo / OTel / etc. for project-specific certs) can compress this to a week or two of mocks; people coming in cold should expect the upper end. The exam is multi-choice and recall-heavy — practice exams matter more than reading documentation cover to cover. Aim for 85%+ on full timed mocks before booking the real exam.
Why this practice library
This library was built by a Platform Engineer chasing Golden Kubestronaut who got frustrated by the lack of decent practice material for the associate-tier CNCF exams. Question banks track curriculum updates from CNCF and Linux Foundation.