Back to the course
Test yourself

Flux

Final exam · 14 questions · answers explained as you pick
Beginner
4 questions
01Flux is architected as…
Incorrect — that is closer to Argo CD; Flux is a toolkit.
Correct — the GitOps Toolkit — CRD-driven, assemble what you need.
Incorrect — the CLI drives CRDs; controllers do the work.
Incorrect — no.
02flux bootstrap does what?
Correct — upgrades/config become commits — Flux is GitOps-managed.
Incorrect — the opposite — it wires Flux to Git.
Incorrect — no.
Incorrect — no.
03A GitRepository source can improve supply-chain security by…
Incorrect — unrelated.
Incorrect — no.
Correct — verification happens at ingestion, before anything applies.
Incorrect — no.
04A Flux Kustomization with prune: true…
Incorrect — that is prune off.
Correct — correct for GitOps; dangerous for stateful objects — review changes.
Incorrect — no.
Incorrect — no.
4 questions · explanations appear as you answer
Intermediate
5 questions
01A HelmRelease with upgrade remediation…
Correct — a bad chart version does not leave you broken.
Incorrect — no.
Incorrect — no.
Incorrect — no.
02For a production HelmRelease chart version you should…
Incorrect — that auto-upgrades prod unattended.
Correct — reserve semver ranges for watched, continuous-update environments.
Incorrect — unpinned is worse.
Incorrect — a moving target.
03dependsOn + wait: true lets Flux…
Incorrect — the opposite — it orders.
Incorrect — wait is exactly about health.
Correct — infra Ready → config → apps.
Incorrect — no.
04Flux image automation works by…
Correct — image bumps stay GitOps changes — auditable, revertible.
Incorrect — that is a scanner.
Incorrect — that is Cosign.
Incorrect — no.
05A Flux Receiver (inbound webhook) needs a strong secret token because…
Incorrect — it authenticates a trigger, not storage.
Correct — secure the token, restrict exposure, rotate on leak.
Incorrect — no.
Incorrect — no.
5 questions · explanations appear as you answer
Advanced
5 questions
01Flux multi-tenancy is enforced primarily by…
Incorrect — no — it uses Kubernetes RBAC.
Incorrect — helpful, but not the isolation boundary.
Correct — a tenant can only do what its SA permits.
Incorrect — namespaces without impersonation still reconcile with broad rights.
02A Kustomization WITHOUT serviceAccountName on a multi-tenant cluster…
Correct — always set serviceAccountName; impersonation is the boundary.
Incorrect — it can — with too much power.
Incorrect — not unless you add a policy to require it.
Incorrect — no.
03With Flux SOPS decryption, the crown jewel is…
Incorrect — not the secret boundary.
Correct — lock it down or keep it in KMS; rotate on exposure.
Incorrect — unrelated to secrets at rest.
Incorrect — no.
04Flux’s strong supply-chain feature is that it can…
Correct — unsigned/wrong-signed content is refused at the source — but you must enable it.
Incorrect — no.
Incorrect — no.
Incorrect — no.
05On Flux vs Argo CD security, the correct takeaway is…
Incorrect — neither is.
Incorrect — both do.
Correct — verification, RBAC, protected repo, admission policy apply to both.
Incorrect — both benefit; both need hardening.
5 questions · explanations appear as you answer