Google Kubernetes Engine Gke MCQ Questions and Answers

Mastering Google Kubernetes Engine Gke is crucial for cloud certification success. This dedicated practice set features 12 Google Kubernetes Engine Gke MCQ questions and answers designed to mirror real exam scenarios across various GCP certifications.

📝 12 Questions⏱️ 24 min🎯 Pass: 70%

About Google Kubernetes Engine Gke Practice Questions

This detailed quiz focuses on Google Kubernetes Engine Gke, covering key concepts and scenarios often found in GCP exams.

  • Comprehensive coverage of Google Kubernetes Engine Gke features.
  • Scenario-based questions testing design and troubleshooting skills.
  • Detailed explanations to reinforce learning.

All 12 Google Kubernetes Engine Gke Questions

Browse through the complete list of questions and answers below. Use this resource to review specific concepts or check your understanding of Google Kubernetes Engine Gke.

1

Your company is running a stateful application on GKE. You need to ensure that when a pod is rescheduled to a different node, it can still access its persistent data. What must you use?

PersistentVolume (PV) with a PersistentVolumeClaim (PVC)
Local SSD with node affinity
HostPath volumes
Cloud Storage FUSE
View Explanation
✓ Correct Answer: PersistentVolume (PV) with a PersistentVolumeClaim (PVC)Explanation:PVs and PVCs decouple storage from the pod lifecycle, ensuring that data persists and can be re-attached to the pod regardless of which node it runs on.
2

A global enterprise needs to implement a Disaster Recovery (DR) solution for their multi-region GKE deployment. They want to ensure that in the event of a regional failure, user traffic is automatically rerouted to the secondary region with minimal latency. What is the key component?

Multi-cluster Ingress (MCI) with a Global HTTP(S) Load Balancer
VPC Network Peering between regional VPCs
Regional Load Balancers in each region with DNS Failover
Anthos Service Mesh with cross-regional traffic splitting
View Explanation
✓ Correct Answer: Multi-cluster Ingress (MCI) with a Global HTTP(S) Load BalancerExplanation:Multi-cluster Ingress (MCI) uses the Global Google Cloud Load Balancer to provide a single VIP that cross-regionally distributes traffic to GKE clusters, automatically handling regional failover and latency-based routing.
3

To prevent unauthorized lateral movement in a GKE cluster if a pod is compromised, what security feature should you implement?

Kubernetes Network Policies
VPC Firewall Rules
GKE Binary Authorization
Workload Identity
View Explanation
✓ Correct Answer: Kubernetes Network PoliciesExplanation:Network Policies allow you to control traffic flow between pods at the Kubernetes level, minimizing the blast radius of a potential breach by enforcing isolation.
4

Scenario: To secure a GKE cluster for a HIPAA-compliant workload, an architect wants to ensure that all administrative actions (e.g., creating a deployment) are logged. Which tool is essential?

Kubernetes Audit Logs (integrated with Cloud Logging)
Cloud Monitoring
Workload Identity
VPC Firewall rules
View Explanation
✓ Correct Answer: Kubernetes Audit Logs (integrated with Cloud Logging)Explanation:GKE integrates Kubernetes audit logs directly into Cloud Logging, providing a detailed record of every action taken against the K8s API for compliance and security auditing.
5

How can you securely store and retrieve secrets in GKE without hardcoding them in your application code or Dockerfile?

Use the Secret Manager CSI driver to mount secrets as volumes in K8s
Use environment variables in the YAML
Store them in a public GCS bucket
Hardcode them as base64 in the configMap
View Explanation
✓ Correct Answer: Use the Secret Manager CSI driver to mount secrets as volumes in K8sExplanation:The CSI driver (Secret Manager) allows GKE pods to access secrets safely using IAM-based identity instead of static K8s secrets.
6

To improve the security of a GKE cluster, an architect wants to ensure that all pods are forbidden from running as the 'root' user and that they cannot access the host's filesystem. Which Kubernetes resource handles these security constraints?

Pod Security Admission (PSA) / Pod Security Standards
Network Policy
Role-Based Access Control (RBAC)
ConfigMap
View Explanation
✓ Correct Answer: Pod Security Admission (PSA) / Pod Security StandardsExplanation:Pod Security Admission (replacing the deprecated Pod Security Policies) is the native Kubernetes mechanism for enforcing security standards (Privileged, Baseline, Restricted) on workloads.
7

You are building a high-performance transactional system on GKE. You want to ensure that your database pods always run on VMs with the fastest possible local storage for low-latency scratch space. Which GKE feature helps with this?

Node Taints and Tolerations (targeted at a Local-SSD-enabled node pool)
Persistent Volumes
Horizontal Pod Autoscaler
VPC Flow Logs
View Explanation
✓ Correct Answer: Node Taints and Tolerations (targeted at a Local-SSD-enabled node pool)Explanation:Taints and tolerations (combined with node affinity) ensure that specialized workloads are scheduled only on nodes with specific hardware features, like Local SSDs.
8

In a GKE Autopilot cluster, what is the primary billing metric for your workloads?

Actual resource usage (CPU, RAM, Disk) by your pods
The price of the underlying GCE VMs
The number of nodes in the cluster
A flat fee per month
View Explanation
✓ Correct Answer: Actual resource usage (CPU, RAM, Disk) by your podsExplanation:Autopilot manages the infrastructure for you and bills you per-second for the resources your running pods actually request, rather than the raw capacity of VMs.
9

An organization wants to implement 'Workload Identity' for their GKE clusters. What is the core security problem this feature solves?

It eliminates the need to store and manage static JSON keys for service accounts inside Kubernetes secrets
It makes the pods run faster
It encrypts the communication between pods
It provides a public IP for every pod
View Explanation
✓ Correct Answer: It eliminates the need to store and manage static JSON keys for service accounts inside Kubernetes secretsExplanation:Workload Identity allows Kubernetes service accounts to impersonate GCP service accounts, providing a secure, identity-based way for pods to access Google APIs.
10

Which GKE feature allows you to run your pods on 'Spot' VMs to save up to 90% on compute costs, while automatically handling the potential for instance reclamation?

Node auto-provisioning with Spot VM support
Horizontal Pod Autoscaler
Vertical Pod Autoscaler
Cluster Autoscaler
View Explanation
✓ Correct Answer: Node auto-provisioning with Spot VM supportExplanation:GKE can manage 'Spot' node pools, and the cluster autoscaler is aware of spot termination notices, helping to gracefully reschedule pods.
11

What is the primary benefit of 'Workload Identity' for GKE compared to using node-level service accounts?

It provides per-pod identity, following the principle of least privilege better than a shared node-level identity
It is easier to set up
It is free
It increases network bandwidth
View Explanation
✓ Correct Answer: It provides per-pod identity, following the principle of least privilege better than a shared node-level identityExplanation:Workload Identity allows you to grant specific permissions to individual pods rather than having every pod on a node inherit the node's permissions.
12

To improve the security of a multi-tenant GKE cluster, an architect wants to ensure that pods from one tenant cannot reach pods from another tenant unless explicitly allowed. Which native Kubernetes resource is used to enforce this isolation?

NetworkPolicy
Namespace
RBAC Role
ResourceQuota
View Explanation
✓ Correct Answer: NetworkPolicyExplanation:NetworkPolicies control traffic flow between pods even within the same cluster, providing L3/L4 isolation at the Kubernetes layer.