CGOA Mock Exam Simulator

Free GitOps Certified Associate practice questions with full explanations on every option. GitOps principles, patterns, and tooling (ArgoCD, Flux).

Format
multi-choice
Duration
90 min
Pass mark
75%
Study time
1–6 wks
Mocks here
2

CGOA exam domains

Free CGOA sample questions

GitOps Terminology

Q1. A platform engineer describes their desired application configuration as being stored in a Git repository that serves as the single source of truth. What term best describes this Git repository in GitOps terminology?

Reveal answer and explanations
  1. A Deployment Registry

    Incorrect. Deployment registry typically refers to container registries, not configuration repositories.

  2. B Manifest Repository

    Incorrect. While technically accurate (it does contain manifests), the precise GitOps term is state store.

  3. C Configuration Cache

    Incorrect. While Git could cache configuration, 'cache' implies it's not authoritative, but the state store is the authority.

  4. D State Store

    Correct. The Git repository acting as the authoritative source of truth for desired state is the state store.

GitOps Principles

Q2. A team's GitOps reconciler polls Git only once every 24 hours, applying changes at midnight in a single batch. Which OpenGitOps principle does this most directly weaken, and why?

Reveal answer and explanations
  1. A Declarative, because batch application implies imperative pipelines

    Incorrect. Batch frequency does not change whether the manifests themselves are declarative.

  2. B Versioned and Immutable, because Git is no longer authoritative

    Incorrect. Git remains authoritative; the issue is how often the system converges live state back to that authority.

  3. C Pulled Automatically, because pulling once a day is closer to a manual cadence than a continuous one

    Incorrect. The system still pulls; the principle weakened is the one about continuous convergence, not the pull mechanism.

  4. D Continuously Reconciled, because the system permits a full day of drift between observed reconciliations

    Correct. A 24-hour reconciliation interval means up to a full day of drift is tolerated before the system corrects it, undermining the "continuous" guarantee.

  5. E No principle is weakened; 24-hour reconciliation is still continuous over weeks and months

    Incorrect. "Continuously" in OpenGitOps means short, predictable convergence cycles, not a 24-hour cadence justified by averaging over long horizons.

Related Practices

Q3. How does 'shift-left' security in DevSecOps complement a GitOps deployment strategy?

Reveal answer and explanations
  1. A Shift-left eliminates the need for runtime security controls such as admission policies, network policies, and intrusion detection in the cluster

    Incorrect. Shift-left is upstream prevention; runtime controls such as admission policies, network policies, and intrusion detection still matter for defense in depth.

  2. B Security testing and scanning shift earlier into CI, so vulnerable artifacts are rejected before they are published to the registry and referenced from Git, preventing GitOps from deploying them

    Correct. By scanning and testing in CI, vulnerable artifacts never get published to the registry or referenced by the manifests in Git, so GitOps deploys only pre-validated, secure artifacts.

  3. C GitOps and shift-left security are unrelated practices

    Incorrect. They're highly complementary; secure artifacts gated by CI feed safe GitOps deployments.

  4. D Shift-left means moving all security testing to the cluster after deployment

    Incorrect. Shift-left means earlier in the pipeline, not later in the cluster.

GitOps Patterns

Q4. What is the primary architectural difference between a 'pull-based' GitOps pattern and an 'event-driven' GitOps pattern?

Reveal answer and explanations
  1. A Pull-based is faster because it eliminates event latency

    Incorrect. Event-driven can be faster, but pull provides consistent, predictable update intervals.

  2. B Pull-based requires more infrastructure than event-driven

    Incorrect. Event-driven (webhooks) often requires additional infrastructure like event brokers.

  3. C Event-driven uses Git while pull-based uses databases

    Incorrect. Both use Git; the difference is in the trigger mechanism, not the state store.

  4. D Polling vs. webhook-triggered reconciliation

    Correct. Pull polls periodically; event-driven reacts to webhooks, enabling faster but potentially less consistent updates.

Tooling

Q5. What is the difference between ArgoCD's 'automated sync' and 'manual sync' policies, and when should each be used?

Reveal answer and explanations
  1. A Automated sync is always faster and safer than manual

    Incorrect. Automated sync reduces drift on stable paths, but manual sync can be safer for high-risk changes.

  2. B Automated sync applies Git changes; manual sync waits for approval

    Correct. Automated sync reduces time-to-recovery for drifts but risks pushing bad configs; manual sync adds gate control but requires operator responsiveness.

  3. C ArgoCD does not support manual sync

    Incorrect. Manual sync is a standard ArgoCD option.

  4. D Manual sync is always safer

    Incorrect. Automated is safer for drift recovery.

  5. E Sync policies do not affect deployment reliability

    Incorrect. Sync policy is critical to operational safety.

Start the full CGOA mock exam — free90-min timer · free with account

Prerequisites and background knowledge

Git fundamentals (branches, commits, pull requests) and basic Kubernetes knowledge. Exposure to CI/CD pipelines helps.

Official reference: cncf.io/training/certification/cgoa.

More CGOA practice resources

Free CGOA sample questions CGOA exam tips

Where to go after CGOA

Once you pass CGOA, these certs are natural next steps on the Golden Kubestronaut path:

CAPA — Certified Argo Project AssociateCBA — Certified Backstage Associate

Frequently asked questions about CGOA

What is the passing score for CGOA?

75%.

How long is the CGOA exam?

90 minutes, multi-choice format. See the official CNCF page for the current question count.

How difficult is the CGOA exam?

Rated beginner. Plan 1–6 weeks depending on your background.

How much does the CGOA exam cost?

Pricing changes periodically — check the official CNCF CGOA page at https://www.cncf.io/training/certification/cgoa/.

Are these CGOA mock exams free?

The first CGOA mock exam is free with an account — no card required. The rest of the library is paid.

How is this mock exam different from the real CGOA exam?

Original questions written against the official CNCF curriculum — not scraped dumps. Format mirrors the real exam; the real one is proctored, these are self-paced.

What is the best way to study for CGOA?

Work through the official curriculum in order of domain weight (heaviest first), then run full timed mocks until you hit 85%+ consistently.