A financial services company is adopting cloud native practices and needs to ensure that all container images deployed to their production Kubernetes cluster are from a trusted, internal registry and have been scanned for critical vulnerabilities. Which combination of CNCF projects is best suited to enforce this policy at the time of deployment?
A DevOps team is managing a microservices application where different services are updated independently. They observe that a new version of the 'user-profile' service is causing intermittent failures in the 'order-processing' service. To improve debugging, they need to trace a single user request as it flows through multiple services. Which CNCF-graduated project is specifically designed to address this cross-service tracing requirement?
A platform team is implementing GitOps using Flux. They have structured their Git repository with a `clusters/` directory containing configurations for `dev` and `prod` clusters, and an `apps/` directory with base manifests for each application. What is the primary GitOps mechanism Flux uses to apply these manifests to the correct clusters and keep them synchronized?
Which of the following are key principles of a cloud native architecture according to the CNCF? (Select TWO)
True or False: In Kubernetes, a Service of type `ClusterIP` is accessible from outside the cluster by default.
An e-commerce platform experiences high traffic during flash sales. The application backend, running as a Deployment, needs to scale automatically based on CPU utilization. Which Kubernetes resource is used to achieve this horizontal scaling?
A developer needs to provide an application running in a pod with a database password. To follow security best practices, this sensitive information should not be stored in the container image or in a ConfigMap. What is the appropriate Kubernetes resource for securely managing and injecting this password into the pod?
A site reliability engineer (SRE) is using Prometheus to monitor a Kubernetes cluster. They want to create an alert that fires when a pod has been in a `CrashLoopBackOff` state for more than 15 minutes. To achieve this, the SRE needs to query a specific metric that tracks the state of containers. Which component is primarily responsible for exposing these container-level metrics to Prometheus?
What is the primary role of a Container Network Interface (CNI) plugin in a Kubernetes cluster?
A company wants to deploy a new feature to a small subset of users before rolling it out to everyone. This strategy allows them to test the feature's stability and gather feedback with minimal risk. Which application delivery strategy does this describe?