Test yourself
Crossplane
Final exam · 12 questions · answers explained as you pick
Beginner
4 questions
01Crossplane provisions cloud infrastructure by…
Incorrect — that is Terraform/CFN; Crossplane is an always-on controller.
Correct — you kubectl apply cloud resources and a controller keeps them converged.
Incorrect — no — it uses the cloud APIs via a control loop.
Incorrect — it is its own control plane, not a Terraform generator.
02A managed resource (MR) is…
Incorrect — no — it represents external cloud infra.
Incorrect — unrelated.
Correct — one MR maps to one real cloud resource, reconciled by the provider.
Incorrect — no.
03Crossplane keeps desired-vs-actual state…
Correct — the cluster is the record; there is no tfstate to store or lock.
Incorrect — that is Terraform; Crossplane has no state file.
Incorrect — no external state backend.
Incorrect — it tracks state — in etcd, via the API.
04By default, deleting a Crossplane MR for a database…
Incorrect — default is Delete; you must set Orphan to keep it.
Correct — set Orphan on stateful resources so a kubectl delete does not destroy data.
Incorrect — you can delete it — that is the risk.
Incorrect — no automatic snapshot; use deletionPolicy/provider options.
4 questions · explanations appear as you answer
Intermediate
4 questions
01A Composition is used to…
Incorrect — that is ProviderConfig/Secrets.
Correct — e.g. a DB + subnet group + security group behind one composite.
Incorrect — providers are packages, separate from compositions.
Incorrect — unrelated.
02An XRD with claimNames gives developers…
Correct — devs file a small validated claim; the platform builds the full stack behind it.
Incorrect — the opposite — it constrains what they can request.
Incorrect — no console access is implied.
Incorrect — unrelated.
03The safest way for a ProviderConfig to authenticate to a cloud is…
Incorrect — ConfigMaps are not even secret — and root is over-privileged.
Incorrect — committing credentials is a breach waiting to happen.
Correct — the provider assumes a scoped role via its service account — nothing durable to steal.
Incorrect — it needs some identity; the point is to use a keyless one.
04A connection secret written by Crossplane contains…
Incorrect — no — it holds runtime connection details.
Correct — protect it like any Secret — RBAC, encryption at rest, or route to an external store.
Incorrect — unrelated.
Incorrect — it holds working credentials — very sensitive.
4 questions · explanations appear as you answer
Advanced
4 questions
01Composition functions add what to compositions?
Correct — e.g. N replicas from a count, or a prod-only WAF, instead of static patches.
Incorrect — Crossplane still has no state file.
Incorrect — unrelated.
Incorrect — credentials come from ProviderConfig, not functions.
02How does Crossplane enable multi-cloud behind one API?
Incorrect — no translation layer like that.
Incorrect — the point is they do not — the composition does.
Correct — the claim/API stays stable while the implementation is swappable.
Incorrect — it is multi-provider.
03Which action is effectively control-plane admin over your cloud?
Incorrect — that is the intended, low-privilege developer action.
Correct — these decide what your cloud credentials do — restrict to a small platform team.
Incorrect — read-only, harmless.
Incorrect — read-only.
04In a Crossplane + GitOps setup, merge access to the infra repo means…
Correct — a merge flows through Argo/Flux and Crossplane into real cloud changes; require reviews, signed commits, scanning.
Incorrect — it is one of the most sensitive permissions you have.
Incorrect — no — it drives real infrastructure.
Incorrect — merge is write access that provisions infra.
4 questions · explanations appear as you answer