100+ Free CNPE Practice Questions

Pass your Certified Cloud Native Platform Engineer (CNPE) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

100+ Questions

100% Free

1 / 10

Question 1

Score: 0/0

Which of the following is the primary goal of an internal developer platform (IDP) as described by the CNCF Platforms White Paper?

Replace Kubernetes with a proprietary orchestrator

Reduce cognitive load on application developers while preserving self-service

Force every team to adopt the same CI tool

Enforce manual ticketing for all infrastructure requests

to track

2026 Statistics

Key Facts: CNPE Exam

Performance Tasks

Exam simulator (approx.)

120 min

Time Limit

Linux Foundation

$445

Exam Fee

Linux Foundation

2 years

Validity

Linux Foundation

1 retake

Included

CNPE product page

12 months

Eligibility Window

Candidate handbook

CNCF launched CNPE on November 11, 2025 as a performance-based certification aimed at Principal Platform Engineers, Platform Architects, and Senior Platform Engineers. The exam runs 120 minutes on a Linux remote desktop, costs $445 exam-only, and includes one free retake within a 12-month eligibility window. Official domain weights are Platform Architecture and Infrastructure (15%), GitOps and Continuous Delivery (25%), Platform APIs and Self-Service (25%), Observability and Operations (20%), and Security and Policy Enforcement (15%). The certification is valid for two years.

Sample CNPE Practice Questions

Try these sample questions to test your CNPE exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which of the following is the primary goal of an internal developer platform (IDP) as described by the CNCF Platforms White Paper?

A.Replace Kubernetes with a proprietary orchestrator

B.Reduce cognitive load on application developers while preserving self-service

C.Force every team to adopt the same CI tool

D.Enforce manual ticketing for all infrastructure requests

Explanation: The CNCF Platforms White Paper defines an internal developer platform as a product that reduces cognitive load for application teams while still giving them self-service access to golden paths. Platform engineers build the platform; developers consume it.

2A platform team needs to isolate workloads across many business units on one Kubernetes cluster. Which approach is the most common cloud native multi-tenancy boundary?

A.Separate Linux processes only

B.Dedicated namespaces with NetworkPolicies, ResourceQuotas, and RBAC

C.Putting every team on a single shared namespace

D.One PodSecurityPolicy for the entire cluster

Explanation: Soft multi-tenancy on shared clusters typically uses a namespace per tenant combined with ResourceQuotas, LimitRanges, NetworkPolicies, and namespace-scoped RBAC. This provides isolation without running many clusters.

3Which storage abstraction lets platform engineers expose different backend storage types to developers while still letting PVCs be portable?

A.StorageClass objects backed by CSI drivers

B.Hand-configured hostPath volumes

C.Node local tmpfs only

D.NFS mounted directly into containers without a provisioner

Explanation: StorageClasses define named storage tiers backed by CSI drivers. Developers request storage via PVCs against a StorageClass, and the platform handles dynamic provisioning of the underlying volume.

4A platform team wants application pods to reach the internet only through a central egress gateway for compliance reasons. Which technology is best suited?

A.Service of type LoadBalancer on each pod

B.A service mesh egress gateway plus NetworkPolicies

C.Host networking on every application pod

D.Turning off CNI

Explanation: A service mesh such as Istio or Linkerd can expose an egress gateway that centralizes outbound traffic, applies mTLS, and lets the platform audit or block destinations. NetworkPolicies ensure pods cannot bypass the gateway.

5Which of these is the most cost-effective way to handle bursty batch workloads on a managed Kubernetes platform?

A.Keep a large pool of on-demand nodes always running

B.Use a cluster autoscaler with spot/preemptible node pools for the batch workload

C.Run all batch jobs in a single pod

D.Disable the scheduler

Explanation: Cluster Autoscaler, Karpenter, or equivalents can scale dedicated spot/preemptible node pools on demand. Batch jobs tolerate interruptions, so spot capacity dramatically reduces cost.

6What does FinOps add to a cloud native platform?

A.A way to delete production clusters automatically

B.A cultural and tooling framework to give teams visibility and accountability for cloud spend

C.A new scheduling algorithm

D.An alternative to Kubernetes

Explanation: FinOps combines engineering, finance, and business ownership so teams can see their cloud costs, optimize them, and make informed tradeoffs. On Kubernetes, tools like OpenCost and Kubecost surface namespace-level costs.

7A platform exposes shared ingress for many tenants. Which component should the platform team manage centrally to avoid tenant conflicts?

A.The IngressClass and a shared ingress controller with TLS termination

B.Per-pod load balancers on every tenant app

C.One hostPath Ingress per tenant

D.Disabling Ingress entirely in favor of NodePort

Explanation: A platform-owned IngressClass (for example managed by NGINX, Contour, or Istio) provides a single entry point, shared TLS, and consistent routing. Tenants create Ingress or HTTPRoute objects against that class.

8Which Kubernetes Gateway API resource replaces many use cases of Ingress for advanced routing?

A.HTTPRoute with Gateway and GatewayClass

B.Pod with a new routing annotation

C.DaemonSet with hostPort

D.ReplicaSet

Explanation: The Gateway API uses GatewayClass, Gateway, and HTTPRoute (plus TCPRoute, TLSRoute, etc.) as role-oriented resources. It separates platform concerns from app concerns and supports advanced routing natively.

9Which pattern best separates workload clusters from a management cluster that applies policies and deployments?

A.Hub-and-spoke (management cluster + workload clusters) with a fleet controller

B.One giant cluster for all purposes

C.Running only a single node

D.Placing the control plane inside a user pod

Explanation: A hub-and-spoke topology uses a management (hub) cluster running Argo CD, Flux, Cluster API, or Open Cluster Management to provision and govern workload (spoke) clusters. It scales better than a single mega-cluster.

10Which strategy is most aligned with platform engineering principles for tenant onboarding?

A.Ask each tenant to open tickets to request infrastructure

B.Offer a self-service portal backed by golden-path templates

C.Allow tenants to run as cluster-admin

D.Require the platform team to hand-create every namespace

Explanation: Self-service portals powered by templates and policy (for example Backstage software templates, Crossplane Compositions, or Kratix promises) let tenants onboard quickly while staying inside golden paths.

About the CNPE Exam

The Certified Cloud Native Platform Engineer (CNPE) is an intermediate, performance-based certification for senior platform engineers who design and operate enterprise cloud native platforms. It validates hands-on skills across platform architecture, GitOps and continuous delivery, platform APIs and self-service, observability, and security and policy enforcement on Kubernetes-based platforms.

Assessment

Performance-based tasks solved on a Linux remote desktop with terminal and web-based interfaces

Time Limit

120 minutes

Passing Score

Not publicly disclosed by Linux Foundation

Exam Fee

$445 (Cloud Native Computing Foundation (CNCF) / Linux Foundation)

CNPE Exam Content Outline

15%

Platform Architecture and Infrastructure

Networking, storage, and compute best practices; cost management; multi-tenancy and resource optimization across cloud native platforms.

25%

GitOps and Continuous Delivery

GitOps workflows, CI/CD pipeline configuration, and progressive delivery strategies such as canary, blue-green, and feature flags.

25%

Platform APIs and Self-Service

Custom Resource Definitions (CRDs), self-service provisioning workflows, Kubernetes Operators, and automation frameworks for golden paths.

20%

Observability and Operations

Monitoring, alerting, logging, and tracing; performance metrics; incident diagnosis and remediation on production platforms.

15%

Security and Policy Enforcement

Secure service-to-service communication, RBAC, audit trails, policy engines like OPA and Kyverno, and compliance integration.

How to Pass the CNPE Exam

What You Need to Know

Passing score: Not publicly disclosed by Linux Foundation
Assessment: Performance-based tasks solved on a Linux remote desktop with terminal and web-based interfaces
Time limit: 120 minutes
Exam fee: $445

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CNPE Study Tips from Top Performers

1Practice GitOps and CI/CD first because those domains together account for 50% of the exam.

2Build muscle memory with Argo CD or Flux, including app-of-apps patterns and progressive delivery tools like Argo Rollouts.

3Write and apply Custom Resource Definitions, then back them with a simple Kubernetes Operator using Kubebuilder or Operator SDK.

4Set up end-to-end observability stacks with Prometheus, Grafana, Loki, and OpenTelemetry, and practice diagnosing failing deployments from dashboards.

5Learn policy enforcement with OPA/Gatekeeper and Kyverno, including writing ConstraintTemplates and ClusterPolicies.

6Rehearse under time pressure: 120 minutes is tight for 17 hands-on tasks, so fast context switching and kubectl fluency matter.

Frequently Asked Questions

How is the CNPE exam delivered?

CNPE is a 120-minute performance-based exam delivered through Linux Foundation's remote proctoring with a Linux-based remote desktop. Candidates complete hands-on tasks using the terminal and web-based interfaces to configure real cloud native platform components. Unlike multiple-choice exams such as KCNA or KCSA, CNPE judges whether your solutions actually work.

What score do you need to pass CNPE?

Linux Foundation has not publicly disclosed the exact CNPE passing score. Most CNCF performance-based exams in the Kubernetes family have historically sat in the 66-75% range, so plan to aim comfortably above 75% in practice before scheduling. Official results are emailed within 24-36 hours with a pass/fail outcome and score.

What are the official CNPE domain weights?

The current CNPE curriculum weights Platform Architecture and Infrastructure at 15%, GitOps and Continuous Delivery at 25%, Platform APIs and Self-Service at 25%, Observability and Operations at 20%, and Security and Policy Enforcement at 15%. That means GitOps and platform APIs together drive half of the exam, so strong CI/CD, CRD, and Operator skills are decisive.

Does CNPE have prerequisites?

There are no formal prerequisites, but CNPE is clearly positioned as a step up from the Certified Cloud Native Platform Associate (CNPA). CNCF recommends intermediate-to-advanced Kubernetes experience, strong Linux fundamentals, and existing familiarity with GitOps tools like Argo CD or Flux and policy engines like OPA or Kyverno.

How much does the CNPE exam cost?

CNPE costs $445 for the exam only. Linux Foundation offers training bundles that combine instructor-led or self-paced courses with the exam voucher at a discount. The exam-only price includes one free retake and a 12-month eligibility window from purchase.

How long should I study for CNPE?

Most candidates plan 6-10 weeks of focused preparation with 60-100 study hours, especially if they already hold CKA or CKAD. Spend the most time on GitOps pipelines, CRD and Operator patterns, policy enforcement with OPA/Kyverno, and incident diagnosis. Timed practice on a Kubernetes cluster with Argo CD matters because the exam is hands-on within a strict 120 minutes.