Architecture Questions
Practice questions for Architecture topic in Cilium Certified Associate. 40 questions covering this domain.
A production cluster needs a different IPAM mode. What does the IPAM documentation recommend as the safest path?
In the quick default installation, where does Cilium store and propagate state by default?
A platform team wants a CNI that transparently secures connectivity between services in Kubernetes using eBPF. Which project matches that role?
Which IPAM mode is identified in the Cilium documentation as the default mode?
An on-prem cluster spans multiple routed domains, and the network team does not want to distribute PodCIDR routes in the underlay. Which Cilium datapa...
Which Cilium component runs on every node and manages the eBPF programs that control network access for workloads?
A cluster briefly loses the Cilium operator, but the node agents are still healthy. What outcome best matches the Cilium architecture docs?
Kubernetes schedules a new Pod onto a node. Which Cilium component is invoked to set up that Pod networking?
A team wants the fewest underlay networking requirements and only has basic node-to-node IP connectivity. Which datapath model fits best?
A cloud team wants Pod traffic forwarded by the existing network without overlay headers, and the network can already route PodCIDRs between nodes. Wh...
A Cilium architect needs to understand the role of the cilium-operator in a cluster. Which statement best describes what the cilium-operator is respon...
A cloud team migrates to Cilium on EKS and notices that after enabling AWS ENI IPAM, changing the IPAM mode without creating a new cluster causes pers...
When Cilium assigns a security identity to a new pod, which attributes does it use to derive that identity?
Which numeric reserved identity does Cilium assign to network traffic that originates from outside the cluster — for example, from the internet or an ...
An engineer reviews a CiliumNetworkPolicy that selects pods with label `app=frontend`. After deploying a second policy that also selects the same pods...
Which Cilium resource type represents an individual network endpoint — such as a running container or pod — that has been assigned an IP address and h...
A team wants the Cilium datapath to bypass kube-proxy entirely for ClusterIP service load balancing. Which Cilium feature enables this and what Helm v...
A platform engineer is evaluating IPAM modes for a new Cilium deployment on bare metal. They need pod IP addresses to be routable on the underlying ne...
In a Cilium cluster using VXLAN encapsulation, a network team asks why VXLAN was chosen as the default tunnel protocol. Which property makes VXLAN pre...
An operations team notices the cilium-operator pod has been unavailable for 30 minutes. New deployments are being scheduled, but pods on existing node...
Sign in to see all 40 questions
Create a free account to browse all questions — completely free during our launch phase.