Kyverno Certified Associate Questions and Answers

200 questions organized by topic with detailed explanations

Linux Foundation
KCA
200 questions
6 topics
Updated May 2026

Fundamentals of Kyverno

36 questions8 easy18 medium10 hard~18% of exam
View All
A team wants to block Namespaces that are missing a required label at admission time. Which Kyverno rule type is designe...A policy author writes one validate rule that matches only `Pod` and wants equivalent coverage for Deployments, DaemonSe...A platform team wants a Kubernetes-native policy engine that lets it author policies with YAML and CEL instead of learni...

Installation, Configuration, and Upgrades

36 questions8 easy19 medium9 hard~18% of exam
View All
An operator sets `--autoUpdateWebhooks=false` to stop dynamic webhook management. What is the main consequence?A cluster was installed from a tagged YAML release. The platform team wants to do a direct in-place upgrade by applying ...A generate rule must create Deployments, but policy installation fails because Kyverno lacks permission to create them. ...

Kyverno CLI

24 questions8 easy12 medium4 hard~12% of exam
View All
A repository contains policy tests for `kyverno test`. Which file name does the CLI look for by default?Which Kyverno CLI command applies policies on resources?A policy repository contains dozens of test cases, but an engineer only wants to run one specific case while debugging. ...

Applying Policies

20 questions4 easy8 medium8 hard~10% of exam
View All
A ClusterPolicy sets `applyRules: One`. How does Kyverno process matching rules in that policy?A GitOps pipeline wants to evaluate Kubernetes manifests against Kyverno policies before they are committed and applied ...A rule's `match` block specifies resource kinds but no `operations`. What admission operations are matched by default?

Writing Policies

64 questions17 easy32 medium15 hard~32% of exam
View All
A platform team wants Kyverno to remove temporary resources automatically after a set time without writing a full cleanu...A validate policy matches only `Pod` and uses a pattern on `metadata.namespace`. The author wants controller coverage th...A mutate rule uses `foreach` with `patchesJson6902` to add `securityContext` to every container. Which variable lets the...

Policy Management

20 questions7 easy11 medium2 hard~10% of exam
View All
Which Kyverno controller handles background scanning that records validation and `verifyImages` results for existing res...A platform team wants to use `PolicyException` resources in a cluster where they are currently unavailable. What must it...When Kyverno is installed with Helm and metrics services are created, which port is exposed for metrics by default?

All Questions

#QuestionTopicDifficulty
1A repository contains policy tests for `kyverno test`. Which file name does the CLI look for by defa...Kyverno CLI
medium
2An operator sets `--autoUpdateWebhooks=false` to stop dynamic webhook management. What is the main c...Installation, Configuration, and Upgrades
hard
3A cluster was installed from a tagged YAML release. The platform team wants to do a direct in-place ...Installation, Configuration, and Upgrades
hard
4Which Kyverno controller handles background scanning that records validation and `verifyImages` resu...Policy Management
medium
5A platform team wants Kyverno to remove temporary resources automatically after a set time without w...Writing Policies
medium

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up FreeSign In

Ready to test your knowledge?

Take a full Kyverno Certified Associate practice test with timed exam simulation.

Start Practice Test