PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free Cloudera CDP Administrator - Public Cloud Practice Questions

Pass your Cloudera CDP Certified Administrator - Public Cloud (Exam CDP-5001 / CDP-500) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

On AWS, which storage option is used as the primary, durable data lake storage layer for CDP workloads?

A
B
C
D
to track
Same family resources

Explore More Cloudera Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Cloudera CDP Generalist (CDP-0011)

Practice Questions

Cloudera Data Analyst (CDP-4001)

Practice Questions

Cloudera Data Operator (CDP-3003)

Practice Questions

Cloudera Machine Learning Engineer (CDP-6001)

Practice Questions
2026 Statistics

Key Facts: Cloudera CDP Administrator - Public Cloud Exam

$330

Exam Fee (USD)

Cloudera

60%

Passing Score

Cloudera

60

Number of Questions

Cloudera

90 min

Exam Duration

Cloudera

31%

Largest Domain (Environments and Data Lakes)

Cloudera Exam Guide (CDP-500)

AWS / Azure / GCP

Supported Cloud Providers

Cloudera

Cloudera lists Exam CDP-5001 (CDP Certified Administrator - Public Cloud, also referenced as CDP-500) as an online proctored, multiple-choice exam with a 60% passing score and a $330 USD fee. It presents 60 questions in 90 minutes. The four domains are Environments and Data Lakes (31%), Data Hubs and Data Services (27%), Onboarding - Prerequisites and Info Sec (22%), and Cloudera Identity Management (20%). The exam targets administrators managing CDP across AWS, Azure, and GCP.

Sample Cloudera CDP Administrator - Public Cloud Practice Questions

Try these sample questions to test your Cloudera CDP Administrator - Public Cloud exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1In CDP Public Cloud, what is the primary purpose of a CDP environment?
A.It is a single Data Hub cluster running Cloudera Runtime services
B.It is the SDX metadata catalog that stores Hive table definitions only
C.It is a logical subset of your cloud provider account that encompasses the region, networking, security, and the Data Lake that workloads share
D.It is the billing account used to pay Cloudera for consumed credits
Explanation: A CDP environment is a logical container tied to a specific cloud provider account, region, virtual network, and credential. Registering an environment provisions the FreeIPA instance and the Data Lake, which together provide the shared security and governance context (SDX) for all Data Hubs and data services created within it.
2Which CDP component provides the shared security and governance services (Ranger, Atlas, Hive Metastore) that workload clusters in an environment rely on?
A.The Data Hub
B.The Data Lake
C.Cloudera Manager
D.The Management Console control plane
Explanation: The Data Lake is a special cluster, tied one-to-one to an environment, that runs the SDX services: Apache Ranger for authorization, Apache Atlas for governance and lineage, and the Hive Metastore for shared table metadata. Every Data Hub and data service in the environment inherits this single, consistent security and governance context.
3An administrator must register a new CDP environment on AWS using the CDP CLI. Which sequence of high-level steps is correct?
A.Create the Data Lake first, then create the environment, then set IDBroker mappings
B.Create a Data Hub, then promote it to an environment, then attach a Data Lake
C.Create the Data Lake and Data Hub together, then register the environment around them
D.Create the environment, set the IDBroker mappings, then create the Data Lake
Explanation: When registering an AWS environment from the CDP CLI, environment creation is a three-step process: first create the environment with create-aws-environment, then set the IDBroker mappings, and finally create the Data Lake with create-aws-datalake. In the web UI these steps are combined into a single guided wizard.
4Which Data Lake scale is the minimum recommended choice for a production environment that requires failure resilience for the SDX and IDBroker services?
A.Light Duty
B.Enterprise (or Medium Duty)
C.Trial
D.Single Node
Explanation: Light Duty Data Lakes run a single master and single IDBroker node, so any node failure disrupts services. Medium Duty and Enterprise Data Lakes provide resilience through multiple IDBroker and master nodes plus dedicated core/gateway nodes, which is why they are required for production scenarios that need scale and high availability.
5What is the role of IDBroker within a CDP Public Cloud Data Lake?
A.It stores Hive table metadata for all workload clusters
B.It exchanges CDP user/group identities for short-lived cloud credentials so workloads can access cloud object storage
C.It is the proxy that exposes cluster web UIs through a single secured endpoint
D.It replicates data between environments in different cloud regions
Explanation: IDBroker is the authentication service in the Data Lake that maps a CDP user or group to a cloud IAM role (such as an AWS IAM role or Azure managed identity) and vends short-lived, scoped cloud credentials. This lets compute engines access cloud storage as the right cloud identity without long-lived keys embedded in the cluster.
6Across which three public cloud providers can a CDP Public Cloud environment be registered?
A.AWS, Azure, and Oracle Cloud
B.AWS, Google Cloud Platform, and IBM Cloud
C.AWS, Azure, and Google Cloud Platform
D.Azure, Google Cloud Platform, and Alibaba Cloud
Explanation: CDP Public Cloud runs on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). This multi-cloud support, combined with SDX, enables a consistent hybrid-cloud architecture where the same security and governance model applies regardless of provider.
7Which Data Lake SDX service is responsible for fine-grained authorization policies on tables, columns, rows, and files?
A.Apache Atlas
B.Apache Ranger
C.Apache Knox
D.Hive Metastore
Explanation: Apache Ranger provides centralized, fine-grained access control across CDP, defining authorization policies down to the file, table, column, and row level, along with audit logging. It is the policy enforcement point for the shared data lake security model.
8What does enabling Fine-Grained Access Control (RAZ) on an environment's cloud storage change about how access to object storage is governed?
A.It disables IDBroker entirely and uses static cloud keys instead
B.It moves all data into HDFS so cloud storage is no longer used
C.It lets you author Ranger policies directly on cloud storage paths instead of relying solely on IDBroker role mappings
D.It forces every user to share a single cloud IAM role
Explanation: The Ranger Authorization Service (RAZ) enables fine-grained, path-level authorization on cloud object storage (S3 or ADLS Gen2) through Ranger policies. With RAZ enabled, you onboard users and groups via Ranger policies rather than relying only on coarse IDBroker-to-IAM-role mappings, allowing per-prefix access control.
9On AWS, which IDBroker-related IAM construct must be selected during environment registration as the 'Assumer Instance Profile'?
A.The DATALAKE_ADMIN_ROLE used for data access
B.The RANGER_AUDIT_ROLE used to write audit logs
C.The cross-account role used to provision infrastructure
D.The IDBROKER_ROLE instance profile that IDBroker uses to assume downstream data access roles
Explanation: During AWS environment registration, the IDBROKER_ROLE instance profile is supplied as the Assumer Instance Profile. IDBroker runs under this instance profile and is trusted to assume the downstream data access roles (such as DATALAKE_ADMIN_ROLE and RANGER_AUDIT_ROLE) on behalf of mapped users and groups.
10Which service provides the single secured perimeter gateway that proxies access to cluster web UIs and APIs in a CDP Data Lake?
A.Apache Ranger
B.Apache Atlas
C.Apache Knox
D.IDBroker
Explanation: Apache Knox is the perimeter security gateway in CDP. It provides a single, secured entry point that proxies and authenticates access to the web UIs and REST APIs of services in the Data Lake and Data Hub clusters, simplifying network exposure and SSO.

About the Cloudera CDP Administrator - Public Cloud Exam

Exam CDP-5001 leads to the Cloudera CDP Certified Administrator - Public Cloud credential, validating the skills system administrators need to deploy, manage, and secure Cloudera Data Platform (CDP) on AWS, Azure, and GCP. The blueprint centers on registering and operating CDP environments and the SDX Data Lake (Ranger, Atlas, Hive Metastore, Knox, and IDBroker); provisioning Data Hub clusters and data services such as Cloudera Data Warehouse, Data Engineering, Machine Learning, Operational Database, and DataFlow with autoscaling; onboarding cloud prerequisites including VPC/VNet networking, IAM, storage, and encryption; and managing identity through FreeIPA, account and resource roles, user sync, and IDBroker mappings. The exam is delivered online and proctored, with no reference materials allowed.

Questions

60 scored questions

Time Limit

90 minutes

Passing Score

60%

Exam Fee

$330 (Cloudera)

Cloudera CDP Administrator - Public Cloud Exam Content Outline

31%

Environments and Data Lakes

Understand Cloudera architecture and the control plane; register and manage CDP environments via UI and CDP CLI; configure the Data Lake, its scale (Light Duty, Medium Duty, Enterprise), and SDX services (Ranger, Atlas, Hive Metastore, Knox); and operate Data Lake IDBroker for short-lived cloud credentials.

27%

Data Hubs and Data Services

Provision Data Hub clusters from default cluster definitions (Data Engineering, Data Mart, Operational Database, Streams Messaging, Flow Management); deploy and secure data services (CDW, CDE, CML/Cloudera AI, Operational Database, CDF); configure YARN-based and schedule-based autoscaling; and integrate services over shared SDX-governed data.

22%

Onboarding - Prerequisites and Info Sec

Plan cloud provider networking and compute (VPC/VNet, subnets, security groups, EC2/EKS), IAM roles and instance profiles, storage options (S3/ADLS Gen2), CloudFormation templates, and security key management and encryption (KMS/Key Vault) required before registering an environment.

20%

Cloudera Identity Management

Operate FreeIPA centralized identity, Kerberos, and DNS; assign account roles (PowerUser, IamViewer) and resource roles (EnvironmentCreator, EnvironmentAdmin, EnvironmentUser, DataSteward, Owner); perform and troubleshoot user sync to environments; and configure IDBroker mappings for least-privilege cloud storage access.

How to Pass the Cloudera CDP Administrator - Public Cloud Exam

What You Need to Know

  • Passing score: 60%
  • Exam length: 60 questions
  • Time limit: 90 minutes
  • Exam fee: $330

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Cloudera CDP Administrator - Public Cloud Study Tips from Top Performers

1Register a real CDP environment on a trial account and practice the three-step CLI flow: create the environment, set IDBroker mappings, then create the Data Lake.
2Memorize what each SDX service does: Ranger (authorization and audit), Atlas (classification and lineage), Hive Metastore (shared schema), Knox (perimeter gateway), and IDBroker (short-lived cloud credentials).
3Know the Data Lake scales (Light Duty, Medium Duty, Enterprise) and why production needs two IDBroker and master nodes for failure resilience.
4Understand that autoscaling depends on YARN NodeManager, so it is available by default only in the Data Engineering and Data Engineering HA definitions or custom templates that include it.
5Practice identity management end to end: account roles versus resource roles, group-based assignment, user sync statuses (SYNCED, SYNC_PENDING, SYNC_HALTED), and the 30-minute sync timeout.
6Drill the cloud prerequisites: VPC/VNet and subnet sizing, security groups, IAM roles and instance profiles, S3/ADLS Gen2 storage, and KMS/Key Vault encryption.

Frequently Asked Questions

What are the current exam facts for CDP-5001?

Cloudera lists Exam CDP-5001 (CDP Certified Administrator - Public Cloud) as an online proctored, multiple-choice exam with a 60% passing score and a $330 USD fee. It presents 60 questions in 90 minutes, with no reference materials allowed.

What does the CDP-5001 exam measure?

CDP-5001 validates administering Cloudera Data Platform in public cloud. The four domains are Environments and Data Lakes (31%), Data Hubs and Data Services (27%), Onboarding - Prerequisites and Info Sec (22%), and Cloudera Identity Management (20%).

Which domain carries the most weight on CDP-5001?

Environments and Data Lakes is the largest domain at 31%, covering Cloudera architecture, registering CDP environments, Data Lake storage and scale, SDX services such as Ranger and Atlas, and Data Lake IDBroker.

Is CDP-5001 the same as CDP-500?

Yes. The Cloudera Administrator Public Cloud certification is referenced both as exam CDP-5001 and by the exam guide code CDP-500. Both refer to the CDP Certified Administrator - Public Cloud credential.

Which cloud providers does the exam cover?

CDP Public Cloud runs on AWS, Azure, and Google Cloud Platform, and the exam assumes familiarity with all three. Candidates should understand provider networking, compute, IAM, and storage as they relate to CDP.

What is the best way to prepare for CDP-5001?

Get hands-on registering an environment, building a Data Lake, mapping IDBroker users to cloud roles, and deploying Data Hubs and data services. Then drill SDX, FreeIPA user sync, autoscaling, and Ranger/RAZ until each workflow feels routine.