← KCNA hub

KCNA — Container Orchestration

28% of the KCNA exam. Sample questions below; the full library has 33 questions tagged to this domain.

Sample questions on Container Orchestration

Container Orchestration

Q1. What is the OCI (Open Container Initiative) specification?

Reveal answer and explanations
  1. A A Kubernetes API extension

    Incorrect. OCI is separate from Kubernetes API.

  2. B A tool for managing container registries

    Incorrect. OCI doesn't manage registries.

  3. C A specific container runtime implementation

    Incorrect. OCI is a specification, not an implementation.

  4. D An industry standard for container image format and runtime behavior

    Correct. OCI defines standards for container images (Image Spec) and runtime behavior (Runtime Spec).

Container Orchestration

Q2. What is container image signing used to verify?

Reveal answer and explanations
  1. A Encrypting the image layers so nobody can pull them

    Incorrect. Signing proves authenticity/integrity; it does not encrypt image contents.

  2. B Automatically updating the image tag in Deployments

    Incorrect. Automated updates are handled by separate deployment tooling.

  3. C Reducing the image size by deleting unused packages

    Incorrect. Signing does not optimize image size.

  4. D Image authenticity and integrity verification

    Correct. Image signatures let policy or deployment systems verify publisher identity and detect tampering.

Container Orchestration

Q3. What does the CRI (Container Runtime Interface) do in Kubernetes?

Reveal answer and explanations
  1. A Encrypts container traffic

    Incorrect. Encryption is a separate security concern.

  2. B Defines an interface between kubelet and container runtimes

    Correct. CRI is a plugin interface that allows kubelet to work with different container runtimes like containerd, CRI-O, etc.

  3. C Manages container images on registry servers

    Incorrect. The CRI doesn't manage registries.

  4. D Schedules containers on nodes

    Incorrect. The scheduler assigns Pods; kubelet uses CRI to start containers.

Container Orchestration

Q4. Why use multi-stage builds for container images?

Reveal answer and explanations
  1. A To support multiple container runtimes

    Incorrect. Multi-stage builds are not primarily about supporting multiple container runtimes.

  2. B To enable parallel image builds

    Incorrect. They may improve caching, but the key pattern is separating build and runtime contents.

  3. C To run multiple containers simultaneously

    Incorrect. Container count at runtime is controlled by Pod or workload specs; multi-stage builds are about Dockerfile build stages and final image contents.

  4. D To reduce final image size by separating build dependencies from runtime dependencies

    Correct. Multi-stage builds keep build dependencies out of the final image, reducing size and attack surface.

Container Orchestration

Q5. What is containerd?

Reveal answer and explanations
  1. A A container image repository

    Incorrect. Registries store images; containerd runs them.

  2. B A networking plugin for containers

    Incorrect. containerd doesn't handle networking.

  3. C An OCI-compliant container runtime that manages containers

    Correct. containerd is an industry-standard OCI-compliant container runtime that manages container lifecycle.

  4. D A Kubernetes distribution

    Incorrect. containerd is a runtime, not a Kubernetes distribution.

Drill Container Orchestration with the full bankDomain Drill mode targets your weak areas — paid feature

How this domain is tested

Container Orchestration accounts for 28% of the KCNA exam. Expect questions that test recall of terminology and the ability to read short scenarios — not deep configuration. Use the sample questions above as difficulty calibration; if any feel hard, the rest of our 33-question domain bank will close those gaps.