Page 1 of 58
Cilium Certified Associate (CCA) Exam
Questions And Correct Answers (Verified
Answers) Plus Rationales 2026 Q&A |
Instant Download Pdf.
Question 1
What is the primary role of Cilium in a Kubernetes environment?
A) Container runtime management
B) Networking, security, and observability using eBPF
C) Storage orchestration
D) Secret management
Answer: B
Rationale: Cilium is a CNI (Container Network Interface) plugin
that provides high-performance networking, security policy
,Page 2 of 58
enforcement, and observability for Kubernetes clusters, all built
on eBPF technology .
Question 2
Which component runs as a DaemonSet on each node in a
Kubernetes cluster and is responsible for managing eBPF
programs?
A) Cilium Operator
B) Cilium Agent (cilium-agent)
C) Hubble Relay
D) etcd
Answer: B
Rationale: The Cilium Agent runs on every node in the cluster. It is
responsible for compiling and loading eBPF programs into the
kernel, managing network policies, and handling network
connectivity for pods on its node .
,Page 3 of 58
Question 3
What is the purpose of the Cilium Operator?
A) To handle cluster-wide operations like managing IP address
allocations
B) To replace kube-proxy on each node
C) To serve as the primary API server for Cilium
D) To encrypt pod-to-pod traffic
Answer: A
Rationale: The Cilium Operator is a cluster-wide component
responsible for managing tasks that should be handled once per
cluster, such as IP address management (IPAM) garbage
collection, managing etcd operations, and handling Kubernetes
events .
, Page 4 of 58
Question 4 (Scenario)
A platform engineer is troubleshooting a Cilium deployment
where pods on one node cannot communicate with pods on
another node. The cilium status command shows all agents are
running, but connectivity tests are failing. Which component
should the engineer check FIRST?
A) Cilium Operator logs
B) Hubble Relay status
C) eBPF maps on each node
D) Underlying network connectivity and firewall rules between
nodes
Answer: D
Rationale: While Cilium manages overlay networking, the
underlying node-to-node network must be functional. Overlay
traffic (e.g., VXLAN) or direct routing depends on the physical
Cilium Certified Associate (CCA) Exam
Questions And Correct Answers (Verified
Answers) Plus Rationales 2026 Q&A |
Instant Download Pdf.
Question 1
What is the primary role of Cilium in a Kubernetes environment?
A) Container runtime management
B) Networking, security, and observability using eBPF
C) Storage orchestration
D) Secret management
Answer: B
Rationale: Cilium is a CNI (Container Network Interface) plugin
that provides high-performance networking, security policy
,Page 2 of 58
enforcement, and observability for Kubernetes clusters, all built
on eBPF technology .
Question 2
Which component runs as a DaemonSet on each node in a
Kubernetes cluster and is responsible for managing eBPF
programs?
A) Cilium Operator
B) Cilium Agent (cilium-agent)
C) Hubble Relay
D) etcd
Answer: B
Rationale: The Cilium Agent runs on every node in the cluster. It is
responsible for compiling and loading eBPF programs into the
kernel, managing network policies, and handling network
connectivity for pods on its node .
,Page 3 of 58
Question 3
What is the purpose of the Cilium Operator?
A) To handle cluster-wide operations like managing IP address
allocations
B) To replace kube-proxy on each node
C) To serve as the primary API server for Cilium
D) To encrypt pod-to-pod traffic
Answer: A
Rationale: The Cilium Operator is a cluster-wide component
responsible for managing tasks that should be handled once per
cluster, such as IP address management (IPAM) garbage
collection, managing etcd operations, and handling Kubernetes
events .
, Page 4 of 58
Question 4 (Scenario)
A platform engineer is troubleshooting a Cilium deployment
where pods on one node cannot communicate with pods on
another node. The cilium status command shows all agents are
running, but connectivity tests are failing. Which component
should the engineer check FIRST?
A) Cilium Operator logs
B) Hubble Relay status
C) eBPF maps on each node
D) Underlying network connectivity and firewall rules between
nodes
Answer: D
Rationale: While Cilium manages overlay networking, the
underlying node-to-node network must be functional. Overlay
traffic (e.g., VXLAN) or direct routing depends on the physical
