CNPA Exam Dumps - Certified Cloud Native Platform Engineering Associate

Role-Based Access Control (RBAC) in Kubernetes is a cornerstone of cluster security, enabling fine-grained access control based on the principle of least privilege. Option D is correct because RBAC leverages Roles (or ClusterRoles) that define sets of permissions, and RoleBindings (or ClusterRoleBindings) that assign those roles to users, groups, or service accounts. This mechanism ensures that users have only the minimum required access to perform their tasks, enhancing both security and governance.

Option A is incorrect because RBAC fully supports namespace-scoped roles, allowing isolation of permissions at the namespace level in addition to cluster-wide roles. Option B is wrong because RBAC is specifically designed to restrict, not grant, unrestricted access. Option C is misleading because RBAC applies broadly across Kubernetes API resources, not just Pods—it includes ConfigMaps, Secrets, Deployments, Services, and more.

By applying RBAC correctly, platform teams can align with security best practices, ensuring that sensitive operations (e.g., managing secrets or modifying cluster configurations) are tightly controlled. RBAC is also central to compliance frameworks, as it provides auditability of who has access to what resources.

Automation in platform engineering is primarily about reducing repetitive manual work, or toil, which consumes engineering capacity and increases the risk of human error. Option A is correct because cluster autoscaling—adjusting resources to meet workload demand—is a repetitive, ongoing task that is better handled through automation. Automating this process ensures scalability, efficiency, and reliability while freeing platform teams to focus on higher-value work.

Option B may provide learning opportunities but is not a sustainable justification. Option C is subjective and inefficient, while Option D is overly broad—automation should be applied thoughtfully to tasks that bring measurable benefits.

Automating autoscaling aligns with cloud native best practices, ensuring workloads can respond elastically to demand changes while maintaining cost efficiency. This reduces manual overhead, improves resiliency, and supports the developer experience by ensuring resource availability.

Developer portals like Backstage act as the single entry point for platform services, APIs, golden paths, and documentation. Option A is correct because centralizing access greatly reduces the friction developers face when trying to adopt a new platform. Instead of searching across fragmented systems or learning low-level Kubernetes details, developers can find everything in one place, including templates, service catalogs, automated workflows, and governance policies.

Option B is irrelevant to platform adoption. Option C may foster community sharing but does not directly address adoption challenges. Option D contradicts platform engineering principles, which emphasize democratizing access and self-service rather than restricting tools to senior developers.

By providing a unified experience, portals improve discoverability, consistency, and self-service. They reduce cognitive load and support the platform engineering principle of improving developer experience, making adoption of new platforms smoother and more efficient.

Modern platform engineering requires security and compliance to be integral parts of the delivery process, not afterthoughts. CI/CD pipelines are the foundation for delivering platform software rapidly and reliably, and integrating SBOM generation and automated vulnerability scanning directly within pipelines ensures that risks are identified early in the lifecycle.

Option B is correct because it reflects recommended practices from cloud native platform engineering standards: SBOMs provide a transparent inventory of all software components, including dependencies, which is crucial for vulnerability management, license compliance, and supply chain security. By automating these steps in CI/CD, teams can maintain both velocity and security without manual overhead.

Option A downplays the relevance of SBOMs for platform software, which is inaccurate because platform components (like Kubernetes operators, ingress controllers, or logging agents) are equally susceptible to vulnerabilities. Option C dismisses automation in favor of periodic audits, which contradicts the shift-left security principle. Option D misunderstands CI/CD’s purpose: security must be integrated, not separated.

The Lead Time for Changes metric, one of the DORA (DevOps Research and Assessment) metrics, directly measures the impact of a platform on developer productivity and deployment speed. Option B is correct because it reflects the average time taken from when code is committed until it is successfully deployed into production. A shorter lead time indicates that the platform enables faster feedback loops, quicker delivery of features, and overall improved developer experience.

Option A (infrastructure cost) and Option D (resource utilization) are important for operations but do not measure productivity or speed. Option C (security vulnerabilities) relates to platform security posture, not productivity.

By tracking lead time, organizations can evaluate how effective their platform is in enabling self-service, automation, and streamlined CI/CD workflows. Improvements in this metric demonstrate that the platform is successfully reducing friction for developers and accelerating value delivery to end users.