How to Pass the KCA Exam
KCA-specific tips and the most common pitfalls.
KCA exam tips
- Policy structure questions often ask you to identify what a given YAML policy does — practice reading policies and tracing their match conditions.
- Preconditions vs match/exclude logic: understand when to use each. A common question type.
- For generate rules, understand when resources are generated: on a trigger resource creation, not on the generated resource itself.
- Policy reports (PolicyReport, ClusterPolicyReport) are Kubernetes CRDs — know their structure and how to query them.
Common KCA pitfalls
- Confusing Audit and Enforce policy modes — Audit logs but allows; Enforce blocks. A critical distinction.
- Skipping the verify-images rule type as "advanced" — image verification questions appear in the exam and the rule structure is distinct from validate/mutate.