In a cloud native environment, what is one of the security benefits of implementing a service mesh?
Correct Answer: A
A key advantage of using a service mesh is its ability to secure service-to-service communication transparently, without requiring application code changes. Option A is correct because service meshes (e.g., Istio, Linkerd) provide mutual TLS (mTLS) by default, ensuring both encryption in transit and authentication between services. This establishes a zero-trust networking model inside the cluster. Option B (scaling) is managed by Kubernetes (Horizontal Pod Autoscaler), not service mesh. Option C (logging) may be supported as an observability feature, but it is not the primary security benefit. Option D (IP allowlisting) is an outdated, less flexible mechanism compared to identity-based policies that meshes provide. Service meshes enforce security consistently across all services, support fine-grained policies, and ensure compliance without burdening developers with complex configurations. This makes mTLS a foundational benefit in cloud native platform security. References:- CNCF Service Mesh Whitepaper- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
Question 2
Which of the following best describes the primary function of an incident management system during a platform outage?
Correct Answer: B
An incident management system's primary function is to coordinate response during outages, ensuring that alerts are centralized, on-call personnel are notified, communication is managed, and visibility is maintained. Option B is correct because it emphasizes the core responsibilities of incident management systems like PagerDuty, Opsgenie, or ServiceNow. These systems streamline response efforts, reducing mean time to recovery (MTTR). Option A (incident documentation) is valuable but usually a secondary outcome of incident management. Option C (root cause analysis) is part of post-incident reviews, not the primary function during active response. Option D (automated remediation) may be supported by runbooks but is not the core role of incident management systems. By centralizing and standardizing incident response, these systems enhance collaboration, reduce confusion, and provide stakeholders with up-to-date information on incident status, which is critical for maintaining trust and operational resilience. References:- CNCF Platforms Whitepaper- SRE Incident Management Practices- Cloud Native Platform Engineering Study Guide
Question 3
What is the most effective approach to architecting a platform for extensibility in cloud native environments?
Correct Answer: A
Extensibility in cloud native platform engineering depends on modular design with well-defined APIs and interfaces. Option A is correct because modular, API-driven architecture allows new capabilities (e.g., observability, self-service provisioning, policy engines) to be added, updated, or replaced independently, without disrupting the entire system. This enables innovation, adaptability, and continuous improvement. Option B emphasizes governance, but relying solely on specialist approvals slows agility and reduces scalability. Option C (monolithic architecture) restricts flexibility and increases cognitive load for developers. Option D (centralized configuration) provides consistency but risks bottlenecks and does not inherently enable extensibility. Modularity and APIs are fundamental to platform engineering because they support composability, golden paths, and integration of open-source/cloud-native tools. This ensures that platforms evolve continuously while preserving developer experience and governance. References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
Question 4
How can an internal platform team effectively support data scientists in leveraging complex AI/ML tools and infrastructure?
Correct Answer: C
The best way for platform teams to support data scientists is by enabling easy access to specialized AI/ML workflows, tools, and compute resources. Option C is correct because it empowers data scientists to experiment, train, and deploy models without worrying about the complexities of infrastructure setup. This aligns with platform engineering's principle of self-service with guardrails. Option A (integrating into standard CI/CD) may help, but AI/ML workflows often require specialized tools like MLflow, Kubeflow, or TensorFlow pipelines. Option B (strict quotas) ensures stability but does not improve usability or productivity. Option D (UI-driven execution only) restricts flexibility and reduces the ability of data scientists to adapt workflows to evolving needs. By offering AI/ML-specific workflows as golden paths within an Internal Developer Platform (IDP), platform teams improve developer experience for data scientists, accelerate innovation, and ensure compliance and governance. References:- CNCF Platforms Whitepaper- CNCF Platform Engineering Maturity Model- Cloud Native Platform Engineering Study Guide
Question 5
In a CI/CD pipeline, why is a build artifact (e.g., a Docker image) pushed to an OCI-compliant registry?
Correct Answer: A
In cloud native CI/CD workflows, build artifacts such as Docker/OCI images are pushed to a central container registry to ensure consistent, reproducible deployments. Option A is correct because registries serve as a single source of truth where immutable artifacts are stored, versioned, and distributed across environments. Deployment systems like Kubernetes pull images from these registries, ensuring that the same tested artifact is deployed in staging and production. Option B is incorrect because images cannot be directly transformed back into source code. Option C partially describes benefits (version tracking) but misses the primary function of deployment consistency. Option D is misleading-registries typically don't run automated tests; CI/CD pipelines do that before pushing the image. By using OCI-compliant registries, organizations gain portability, interoperability, and compliance with supply chain security practices such as image signing and SBOM attestation. This ensures traceability, reliability, and secure distribution of artifacts across the platform. References:- CNCF Supply Chain Security Whitepaper- CNCF Platforms Whitepaper- Cloud Native Platform Engineering Study Guide
