CNPA Sample Practice Questions¶
Practice Resources¶
Platform Engineering Fundamentals (20%)¶
Question 1¶
What is an Internal Developer Platform (IDP)?
Show Solution
An **Internal Developer Platform (IDP)** is a self-service layer that enables developers to: - Deploy applications without deep infrastructure knowledge - Access standardized tooling and workflows - Follow organizational best practices automatically - Reduce cognitive load on development teams Key components: - Service catalog - Self-service portal - Automated workflows - Golden paths/templatesQuestion 2¶
What are "Golden Paths" in platform engineering?
Show Solution
**Golden Paths** are opinionated, supported ways to build and deploy applications that: - Represent best practices - Are fully supported by the platform team - Reduce decision fatigue for developers - Include security and compliance by default Example: A golden path for deploying a microservice might include: - Pre-configured CI/CD pipeline - Standard observability setup - Security scanning - Deployment to KubernetesQuestion 3¶
What is "Platform as a Product"?
Show Solution
**Platform as a Product** means treating the internal platform like a product: - Developers are customers - Focus on user experience - Gather feedback and iterate - Measure adoption and satisfaction - Have a product roadmap Key practices: - User research with developers - Documentation and onboarding - Support channels - Regular releases and improvementsDeveloper Experience (20%)¶
Question 4¶
What components make up a good developer portal?
Show Solution
A developer portal typically includes: - **Service Catalog** - List of available services and APIs - **Documentation** - Technical docs, guides, tutorials - **Templates** - Scaffolding for new projects - **Self-Service** - Provisioning resources without tickets - **Search** - Find services, docs, and owners - **Ownership** - Who owns what service Tools: Backstage, Port, CortexQuestion 5¶
How do you measure developer experience?
Show Solution
Key metrics: - **DORA Metrics** - Deployment frequency, lead time, MTTR, change failure rate - **Developer Satisfaction** - Surveys, NPS scores - **Time to First Deploy** - How long for new developers to deploy - **Self-Service Adoption** - % of requests handled without tickets - **Cognitive Load** - Number of tools/systems developers must knowQuestion 6¶
What is a Service Catalog?
Show Solution
A **Service Catalog** is a centralized inventory of: - All services in the organization - APIs and their documentation - Service ownership and contacts - Dependencies between services - Health and status information Benefits: - Discoverability - Reduced duplication - Clear ownership - Dependency managementInfrastructure and Operations (25%)¶
Question 7¶
How does GitOps relate to platform engineering?
Show Solution
GitOps enables platform engineering by: - **Declarative Infrastructure** - Git as source of truth - **Self-Service** - Developers submit PRs for changes - **Audit Trail** - All changes tracked in Git history - **Automation** - Changes automatically applied - **Rollback** - Easy revert to previous state Tools: Argo CD, Flux CDQuestion 8¶
What is multi-tenancy in platform context?
Show Solution
**Multi-tenancy** allows multiple teams to share platform resources: Isolation levels: - **Namespace-based** - Separate namespaces per team - **Cluster-based** - Separate clusters per team - **Virtual clusters** - vCluster for isolation Considerations: - Resource quotas - Network policies - RBAC - Cost allocationQuestion 9¶
What Infrastructure as Code tools are commonly used?
Show Solution
Common IaC tools: - **Terraform** - Multi-cloud infrastructure - **Pulumi** - IaC with programming languages - **Crossplane** - Kubernetes-native IaC - **AWS CDK** - AWS infrastructure - **Ansible** - Configuration management Platform teams often provide: - Terraform modules - Crossplane compositions - Pre-approved configurationsSecurity and Compliance (20%)¶
Question 10¶
How do platforms enforce security policies?
Show Solution
Security enforcement methods: - **Policy as Code** - OPA/Gatekeeper, Kyverno - **Admission Controllers** - Validate/mutate resources - **Supply Chain Security** - Image signing, SBOM - **Network Policies** - Default deny, microsegmentation - **RBAC** - Least privilege access Platforms embed security in golden paths so developers get security by default.Question 11¶
What is shift-left security?
Show Solution
**Shift-left security** moves security earlier in the development lifecycle: - **Design** - Threat modeling - **Code** - SAST, secrets scanning - **Build** - Image scanning, SBOM - **Deploy** - Policy enforcement - **Runtime** - Monitoring, detection Platform teams enable shift-left by: - Integrating security tools in CI/CD - Providing secure templates - Automating compliance checksObservability and Monitoring (15%)¶
Question 12¶
What observability capabilities should a platform provide?
Show Solution
Platform observability includes: - **Metrics** - Prometheus, Grafana dashboards - **Logs** - Centralized logging (Loki, ELK) - **Traces** - Distributed tracing (Jaeger, Tempo) - **Alerts** - Alertmanager, PagerDuty integration - **Dashboards** - Pre-built for common patterns Platforms should provide: - Auto-instrumentation - Standard dashboards - Alert templates - SLO trackingQuestion 13¶
How do you implement SLOs in a platform?
Show Solution
SLO implementation: 1. **Define SLIs** - Latency, availability, error rate 2. **Set SLO targets** - 99.9% availability 3. **Calculate error budgets** - Allowed downtime 4. **Monitor and alert** - Track against targets 5. **Report** - Dashboards and reviews Tools: - Prometheus + recording rules - Sloth for SLO generation - OpenSLO specificationExam Tips¶
- Understand IDP concepts - Self-service, golden paths, platform as product
- Know developer experience metrics - DORA, satisfaction, adoption
- Understand GitOps - How it enables platform capabilities
- Know policy enforcement - OPA, Kyverno, admission controllers
- Understand observability - Three pillars, SLOs, error budgets