← CGOA hub

CGOA — GitOps Principles

30% of the CGOA exam. Sample questions below; the full library has 26 questions tagged to this domain.

Sample questions on GitOps Principles

GitOps Principles

Q1. Why is the 'Versioned and Immutable' principle particularly important for compliance and audit requirements?

Reveal answer and explanations
  1. A Version control guarantees compliance with all security standards

    Incorrect. Version control is a tool; compliance requires governance, testing, and controls on top of it.

  2. B Every change is recorded in Git history, providing a complete, tamper-evident audit trail of who made what changes and when

    Correct. Git's immutable history creates an audit trail; changes cannot be secretly modified, and all modifications are attributed to users.

  3. C Immutable manifests prevent data breaches

    Incorrect. While versioning helps, it's not the immutability that prevents breaches.

  4. D Immutability prevents any changes from being made, simplifying compliance

    Incorrect. Preventing all changes would freeze systems and prevent legitimate evolution.

GitOps Principles

Q2. What is the primary advantage of 'declarative' over 'imperative' for regulatory compliance in GitOps?

Reveal answer and explanations
  1. A Declarative prevents mistakes from being made

    Incorrect. Mistakes can happen in declarative too; the advantage is auditability.

  2. B Declarative runs faster during deployments

    Incorrect. Performance doesn't address compliance.

  3. C Every change is tracked in Git history with who, what, and when; imperative scripts lack this auditability

    Correct. Git's immutable history provides the audit trail required for compliance; imperative scripts lack this traceability.

  4. D Imperative requires more testing before deployment

    Incorrect. Testing applies to both approaches.

  5. E Declarative is easier for humans to read

    Incorrect. Readability helps but doesn't improve compliance.

GitOps Principles

Q3. A company experiences a Kubernetes cluster anomaly where a pod is manually deleted by a developer for testing. How does the 'Continuously Reconciled' principle address this state drift?

Reveal answer and explanations
  1. A The pod remains deleted until the next scheduled deployment window

    Incorrect. Continuous reconciliation reacts immediately, not on a schedule.

  2. B The GitOps controller detects the drift and recreates the pod to match the desired state defined in Git

    Correct. The continuously reconciling controller sees the missing pod (drift) and immediately recreates it from the desired state in Git.

  3. C An admission controller prevents the manual deletion from occurring

    Incorrect. Admission controllers prevent actions going forward, but don't handle existing drift.

  4. D The system alerts the developer that they cannot manually delete pods

    Incorrect. While alerts are useful, they're not how continuous reconciliation handles drift.

GitOps Principles

Q4. How do GitOps principles address the problem of configuration drift?

Reveal answer and explanations
  1. A By continuous reconciliation that detects divergence and automatically corrects it based on Git

    Correct. Continuous reconciliation is the core mechanism: detect divergence and correct it automatically.

  2. B By freezing configuration after initial deployment

    Incorrect. Configuration must evolve; reconciliation handles convergence.

  3. C By using immutable infrastructure that cannot change after provisioning

    Incorrect. While immutability helps, reconciliation is the active mechanism.

  4. D By preventing manual changes through access control

    Incorrect. Access control prevents changes but doesn't address accidental drift.

  5. E By requiring monthly audits of cluster state

    Incorrect. Audits are reactive; GitOps is proactive.

GitOps Principles

Q5. Which of the following best exemplifies the 'Declarative' principle of OpenGitOps?

Reveal answer and explanations
  1. A An operator running kubectl apply commands directly on the cluster

    Incorrect. Manual kubectl commands are imperative and not version-controlled, violating the declarative principle.

  2. B A CI pipeline that triggers custom shell scripts to provision infrastructure

    Incorrect. Shell scripts are imperative, not declarative, and bypass version control as the source of truth.

  3. C A README file documenting how to manually deploy changes to production

    Incorrect. While documentation helps, it doesn't embody the declarative principle; the system itself must be declaratively defined.

  4. D A Git repository contains YAML manifests describing the complete desired state of the system, without imperative deployment scripts

    Correct. Declarative means the entire system state is expressed as data (YAML), not procedures, making it reproducible and auditable.

Drill GitOps Principles with the full bankDomain Drill mode targets your weak areas — paid feature

How this domain is tested

GitOps Principles accounts for 30% of the CGOA exam. Expect questions that test recall of terminology and the ability to read short scenarios — not deep configuration. Use the sample questions above as difficulty calibration; if any feel hard, the rest of our 26-question domain bank will close those gaps.