Free Practice Questions for Linux Foundation CNPA Exam

Answer : A

In most container registries, the latest tag is simply an alias pointing to whichever image was most recently built and pushed, unless explicitly overridden. Option A is correct because the latest tag does not carry any semantic guarantee beyond being the most recently tagged version.

Option B is incorrect---latest does not imply security validation or attestation. Option C is false because production systems should not rely on latest; instead, immutable, versioned tags or digests should be used for reproducibility. Option D is misleading, as latest is not tied to Git history but rather to tag assignment during the build/push process.

While convenient for testing or local development, relying on latest in production pipelines is discouraged. Platform engineering best practices emphasize explicit versioning and image immutability to ensure consistency, reproducibility, and traceability. Using signed images with SBOM attestation is recommended for security and compliance, while latest should only be used in controlled, non-production workflows.

--- CNCF Supply Chain Security Whitepaper

--- CNCF Platforms Whitepaper

--- Cloud Native Platform Engineering Study Guide

Answer : D

Automation in DevOps practices is central to platform engineering because it enables faster, reliable, and repeatable deployments. Option D is correct: automation accelerates deployments, reduces bottlenecks, and enables continuous delivery and rapid iterations. By automating build, test, and deployment pipelines, teams can deliver new features quickly while maintaining high quality and compliance.

Option A is incorrect because automation does not reduce the need for communication---it complements collaboration by removing friction. Option B is unrealistic: some manual oversight may remain (e.g., in production approvals for sensitive workloads). Option C is not a primary benefit---while tools may be involved, the focus is on outcomes, not tool dependency.

By embedding automation, teams reduce toil, enforce consistency, and free developers to focus on value creation rather than repetitive tasks. This results in shorter lead times, higher deployment frequency, and overall improved developer experience, which aligns with DORA metrics.

--- CNCF Platforms Whitepaper

--- Continuous Delivery Foundation Guidance

--- Cloud Native Platform Engineering Study Guide

Answer : A

A CI/CD pipeline is the platform component that enables automated provisioning of sandbox environments with both infrastructure and application code. Option A is correct because modern pipelines integrate Infrastructure as Code (IaC) with application deployment, enabling ''one-click'' or self-service provisioning of complete environments. This capability is central to platform engineering because it empowers developers to spin up temporary or permanent sandbox environments quickly for testing, experimentation, or demos.

Option B (service mesh) focuses on secure, observable service-to-service communication but does not provision environments. Option C (service bus) is used for asynchronous communication between services, not environment provisioning. Option D (observability pipeline) deals with collecting telemetry data, not provisioning.

By leveraging CI/CD pipelines integrated with GitOps and IaC tools (such as Terraform, Crossplane, or Kubernetes manifests), platform teams ensure consistency, compliance, and automation. Developers benefit from reduced friction, faster feedback cycles, and a better overall developer experience.

--- CNCF Platforms Whitepaper

--- CNCF GitOps Principles

--- Cloud Native Platform Engineering Study Guide

Answer : B

The use of minimal base container images and Software Bill of Materials (SBOM) attestation is a best practice for strengthening software supply chain security. Option B is correct because smaller base images contain fewer components, which inherently reduces the attack surface and the number of potential vulnerabilities. SBOMs, meanwhile, provide a detailed inventory of included libraries and dependencies, enabling vulnerability scanning, license compliance, and traceability.

Option A is only a partial benefit, not the primary goal. Option C (maximum flexibility) contradicts the principle of minimal images, which deliberately restrict included software. Option D (reducing storage costs) may be a side effect but is not the core benefit in a security-focused context.

By combining minimal images with SBOM practices, platform teams ensure stronger compliance with supply chain security frameworks, enable early detection of vulnerabilities in CI/CD pipelines, and support fast remediation. This is emphasized in CNCF security and platform engineering guidance as a way to align with zero-trust principles.

--- CNCF Supply Chain Security Whitepaper

--- CNCF Platforms Whitepaper

--- Cloud Native Platform Engineering Study Guide

Answer : D

Resource allocation varies between environments to balance cost, performance, and reliability. Option D is correct because development environments usually require fewer resources and are optimized for speed and cost efficiency, while production environments require stricter limits to ensure stability, scalability, and resilience under real user traffic.

Option A (identical settings) may simplify management but wastes resources and fails to account for different needs. Option B (maximizing usage in all environments) increases costs unnecessarily. Option C (strict parity) may be used in testing scenarios but is impractical as a universal rule.

By tailoring resource limits per environment, platforms ensure cost efficiency in dev/staging and robust performance in production. This practice is central to cloud native engineering, as it allows teams to innovate quickly while maintaining governance and operational excellence in production.

--- CNCF Platforms Whitepaper

--- Kubernetes Resource Management Guidance

--- Cloud Native Platform Engineering Study Guide