Linux Foundation CNPA Exam Questions Instant Access

Question 1

In the context of platform engineering and the effective delivery of platform software, which of the following statements describes the role of CI/CD pipelines in relation to Software Bill of Materials (SBOM) and security scanning?

ASBOM generation and security scanning are particularly valuable for application software. While platform software may have different security considerations, these practices are highly beneficial within CI/CD pipelines for applications.

BCI/CD pipelines should integrate SBOM generation and security scanning as automated steps within the build and test phases to ensure early detection of vulnerabilities and maintain a clear inventory of components.

CCI/CD pipelines are designed to accelerate the delivery of platform software, and adding SBOM generation and security scanning would slow down the process, so these activities are better suited for periodic audits conducted outside of the pipeline.

DCI/CD pipelines are primarily for automating deployments; SBOM generation and security scanning are separate, manual processes performed after deployment.

Answer : B

Modern platform engineering requires security and compliance to be integral parts of the delivery process, not afterthoughts. CI/CD pipelines are the foundation for delivering platform software rapidly and reliably, and integrating SBOM generation and automated vulnerability scanning directly within pipelines ensures that risks are identified early in the lifecycle.

Option B is correct because it reflects recommended practices from cloud native platform engineering standards: SBOMs provide a transparent inventory of all software components, including dependencies, which is crucial for vulnerability management, license compliance, and supply chain security. By automating these steps in CI/CD, teams can maintain both velocity and security without manual overhead.

Option A downplays the relevance of SBOMs for platform software, which is inaccurate because platform components (like Kubernetes operators, ingress controllers, or logging agents) are equally susceptible to vulnerabilities. Option C dismisses automation in favor of periodic audits, which contradicts the shift-left security principle. Option D misunderstands CI/CD's purpose: security must be integrated, not separated.

--- CNCF Supply Chain Security Whitepaper

--- CNCF Platforms Whitepaper

--- Cloud Native Platform Engineering Study Guide

Question 2

In a Continuous Integration (CI) pipeline, what is a key benefit of using automated builds?

AMinimizes server costs.

BEliminates coding errors.

CEnsures consistent builds.

DReduces code redundancy.

Answer : C

The key benefit of automated builds in a CI pipeline is ensuring consistent and reproducible builds. Option C is correct because automation eliminates the variability introduced by manual processes, guaranteeing that each build follows the same steps, uses the same dependencies, and produces artifacts that are predictable and testable.

Option A (minimizing server costs) may be a side effect but is not the primary advantage. Option B (eliminates coding errors) is inaccurate---automated builds do not prevent developers from writing faulty code; instead, they surface errors earlier. Option D (reduces code redundancy) relates more to code design than CI pipelines.

Automated builds are fundamental to DevOps and platform engineering because they establish reliability in the software supply chain, integrate seamlessly with automated testing, and enable continuous delivery. This practice ensures that code changes are validated quickly, improving developer productivity and reducing integration risks.

--- CNCF Platforms Whitepaper

--- Continuous Delivery Foundation Best Practices

--- Cloud Native Platform Engineering Study Guide

Question 3

In the context of observability, which telemetry signal is primarily used to record events that occur within a system and are timestamped?

ALogs

BAlerts

CTraces

DMetrics

Answer : A

Logs are detailed, timestamped records of discrete events that occur within a system. They provide granular insight into what has happened, making them crucial for debugging, auditing, and incident investigations. Option A is correct because logs capture both normal and error events, often containing contextual information such as error codes, user IDs, or request payloads.

Option B (alerts) are secondary outputs generated from telemetry signals like logs or metrics and are not raw data themselves. Option C (traces) represent the flow of requests across distributed systems, showing relationships and latency between services but not arbitrary events. Option D (metrics) are numeric aggregates sampled over intervals (e.g., CPU usage, latency), not discrete, timestamped events.

Observability guidance in cloud native systems emphasizes the 'three pillars' of telemetry: logs, metrics, and traces. Logs are indispensable for root cause analysis and compliance because they preserve historical event context.

--- CNCF Observability Whitepaper

--- OpenTelemetry Documentation (aligned with CNCF)

--- Cloud Native Platform Engineering Study Guide

Question 4

What is the primary goal of platform engineering?

ATo focus exclusively on infrastructure automation without considering developer needs

BTo limit developer access to infrastructure to enhance security and compliance.

CTo replace all DevOps practices with automated tools and well-defined processes.

DTo create reusable, scalable platforms that improve developer productivity and experience.

Answer : D

The primary goal of platform engineering is to create reusable, scalable platforms that improve both developer productivity and developer experience. Option D is correct because platform engineering treats the platform as a product, providing self-service capabilities, abstractions, and golden paths that reduce cognitive load for developers while embedding organizational guardrails.

Option A is too narrow---platform engineering is not limited to infrastructure automation but extends to developer usability, observability, and governance. Option B is incorrect because limiting access contradicts the principle of empowering developers through self-service. Option C is misleading; platform engineering complements DevOps practices but does not replace them.

By enabling developers to consume infrastructure and platform services through self-service APIs and portals, platform teams accelerate delivery cycles while maintaining compliance and security. This approach results in improved efficiency, reduced toil, and better alignment between business and engineering outcomes.

--- CNCF Platforms Whitepaper

--- CNCF Platform Engineering Maturity Model

--- Cloud Native Platform Engineering Study Guide

Question 5

A Cloud Native Platform Engineer is tasked with improving the integration between teams through effective API management. Which aspect of API-driven initiatives is most crucial for fostering collaboration in platform engineering?

AAPIs must be documented properly to ensure all teams understand how to use them.

BAPIs should be released without versioning to simplify maintenance.

CAPIs should be tightly coupled to specific teams to enforce accountability.

DAPIs should be designed to be as complex as possible to accommodate all potential use cases.

Answer : A

Proper documentation is critical for fostering collaboration through APIs. Option A is correct because well-documented APIs ensure that all teams---platform engineers, developers, and operations---understand how to consume and integrate services effectively. Clear documentation reduces friction, accelerates adoption, and minimizes support overhead.

Option B (no versioning) is poor practice, as versioning ensures backward compatibility and safe upgrades. Option C (tight coupling) restricts collaboration and creates silos, which goes against platform engineering principles. Option D (complex design) reduces usability and increases cognitive load, the opposite of platform goals.

APIs serve as the contracts between teams and systems. In platform engineering, well-documented, versioned, and abstracted APIs provide a consistent and predictable way to interact with platform services, improving collaboration and developer experience.

--- CNCF Platforms Whitepaper

--- Team Topologies Guidance

--- Cloud Native Platform Engineering Study Guide

Question 6

Which of the following would be considered an advantage of using abstract APIs when offering cloud service provisioning and management as platform services?

AAbstractions enforce explicit platform team approval before any cloud resource is deployed.

BAbstractions curate cloud services with built-in guardrails for development teams.

CAbstractions allow customization of cloud services and resources without guardrails.

DDevelopment teams can arbitrarily deploy cloud services via abstractions.

Answer : B

Abstract APIs are an essential component of platform engineering, providing a simplified interface for developers to consume infrastructure and cloud services without deep knowledge of provider-specific details. Option B is correct because abstractions allow platform teams to curate services with built-in guardrails, ensuring compliance, security, and operational standards are enforced automatically. Developers get the benefit of self-service and flexibility while the platform team ensures governance.

Option A would slow down the process, defeating the purpose of abstraction. Option C removes guardrails, which risks security and compliance violations. Option D allows uncontrolled deployments, which can create chaos and undermine platform governance.

Abstract APIs strike the balance between developer experience and organizational control. They provide golden paths and opinionated defaults while maintaining the flexibility needed for developer productivity. This approach ensures efficient service provisioning at scale with reduced cognitive load on developers.

--- CNCF Platforms Whitepaper

--- CNCF Platform Engineering Maturity Model

--- Cloud Native Platform Engineering Study Guide

Question 7

Which provisioning strategy ensures efficient resource scaling for an application on Kubernetes?

AImplementing a fixed resource allocation that does not change regardless of demand.

BUsing a declarative approach with Infrastructure as Code (IaC) tools to define resource requirements.

CManual provisioning of resources based on predicted traffic.

DUsing an imperative approach to script resource changes in response to traffic spikes.

Answer : B

The most efficient and scalable strategy is to use a declarative approach with Infrastructure as Code (IaC). Option B is correct because declarative definitions specify the desired state (e.g., resource requests, limits, autoscaling policies) in code, allowing Kubernetes controllers and autoscalers to reconcile and enforce them dynamically. This ensures that applications can scale efficiently based on actual demand.

Option A (fixed allocation) is inefficient, leading to wasted resources during low usage or insufficient capacity during high demand. Option C (manual provisioning) introduces delays, risk of error, and operational overhead. Option D (imperative scripting) is not sustainable for large-scale or dynamic workloads, as it requires constant manual intervention.

Declarative IaC aligns with GitOps workflows, enabling automated, version-controlled scaling decisions. Combined with Kubernetes' Horizontal Pod Autoscaler (HPA) and Cluster Autoscaler, this approach allows platforms to balance cost efficiency with application reliability.

--- CNCF GitOps Principles

--- Kubernetes Autoscaling Documentation

--- Cloud Native Platform Engineering Study Guide

Linux Foundation Certified Cloud Native Platform Engineering Associate CNPA Exam Questions