Practice Free EX432 Exam Online Questions
Question #1
SIMULATION
Task 14
Install RHACS Operator (Web Console)
Correct Answer: In OpenShift Web Console, go to Operators → OperatorHub.
Search for Advanced Cluster Security.
Select Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Click Install and follow the wizard (namespace/channel per lab).
After operator installation, create RHACS components (as the hint indicates):
Install/Deploy Central (the management plane)
Install/Deploy SecuredCluster (sensor/collector on clusters)
Confirm operator and pods are running:
Operators → Installed Operators
oc get pods -n <rhacs-namespace>
Why this matters:
RHACS adds container security posture management, vulnerability management, and runtime policy enforcement.
Search for Advanced Cluster Security.
Select Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Click Install and follow the wizard (namespace/channel per lab).
After operator installation, create RHACS components (as the hint indicates):
Install/Deploy Central (the management plane)
Install/Deploy SecuredCluster (sensor/collector on clusters)
Confirm operator and pods are running:
Operators → Installed Operators
oc get pods -n <rhacs-namespace>
Why this matters:
RHACS adds container security posture management, vulnerability management, and runtime policy enforcement.
Question #2
SIMULATION
Task 10
Deploy GitOps Application (Subscription YAML)
Correct Answer: Apply the subscription/application manifest:
oc apply -f application-subscription.yaml
Confirm resources were created:
oc get applications.app.k8s.io -A
oc get subscriptions.apps.open-cluster-management.io -A oc describe application.app.k8s.io my-app -n <namespace>
Watch placement/propagation (varies by model used in the lab):
oc get placement -A
oc get placementrule -A
Why this matters:
ACM “application” deployment commonly uses Subscription/Placement (legacy model) or newer Placement resources, enabling multi-cluster rollout from Git sources.
oc apply -f application-subscription.yaml
Confirm resources were created:
oc get applications.app.k8s.io -A
oc get subscriptions.apps.open-cluster-management.io -A oc describe application.app.k8s.io my-app -n <namespace>
Watch placement/propagation (varies by model used in the lab):
oc get placement -A
oc get placementrule -A
Why this matters:
ACM “application” deployment commonly uses Subscription/Placement (legacy model) or newer Placement resources, enabling multi-cluster rollout from Git sources.
Question #3
SIMULATION
Task 38
Rotate/renew managed cluster access (agent cert / CSR workflow) and restore connectivity
Correct Answer: On hub: inspect managed cluster conditions for certificate issues.
Check pending CSRs (if applicable in your lab):
oc get csr
Approve relevant CSRs and verify managed cluster returns Ready.
Why this matters:
Certificate-driven trust is core to “secure clusters” operations in ACM.
Check pending CSRs (if applicable in your lab):
oc get csr
Approve relevant CSRs and verify managed cluster returns Ready.
Why this matters:
Certificate-driven trust is core to “secure clusters” operations in ACM.
Question #4
SIMULATION
Task 43
Apply a kustomize overlay for production and deploy resources to production clusters
Correct Answer: Create overlays/production/kustomization.yaml referencing base resources.
Build overlay:
kustomize build overlays/production | oc apply -f –
(If kustomize isn’t present, use oc kustomize if available.)
Verify resources created and placed only on production clusters via placement rules.
Build overlay:
kustomize build overlays/production | oc apply -f –
(If kustomize isn’t present, use oc kustomize if available.)
Verify resources created and placed only on production clusters via placement rules.
Question #5
SIMULATION
Task 37
Validate ClusterSet RBAC: confirm User A can only administer production ClusterSet
Correct Answer: Grant the ClusterSet role (admin on production).
Log in as user-a and attempt:
list clusters in production vs development
create policies in a namespace bound to production
Confirm authorization errors when accessing development resources. (ClusterSet RBAC is explicitly part of cluster set management and access scope.)
Log in as user-a and attempt:
list clusters in production vs development
create policies in a namespace bound to production
Confirm authorization errors when accessing development resources. (ClusterSet RBAC is explicitly part of cluster set management and access scope.)
Question #6
SIMULATION
Task 12
Create Overlay Directory (Kustomize)
Correct Answer: Create overlay structure:
mkdir -p overlays/production
Confirm:
ls -R overlays
Why this matters:
Kustomize overlays let you maintain base manifests and environment-specific patches (production vs dev, etc.).
mkdir -p overlays/production
Confirm:
ls -R overlays
Why this matters:
Kustomize overlays let you maintain base manifests and environment-specific patches (production vs dev, etc.).
Question #7
SIMULATION
Task 5
Import Cluster (Web Console)
Correct Answer: In the hub cluster Web Console, go to Infrastructure → Clusters (ACM console navigation).
Click Import cluster.
Provide a name (the UI may request details like distribution/credentials depending on flow).
The wizard will provide a command to run on the managed cluster you want to import.
Copy that import command.
Log into the managed cluster (spoke) using oc and run the copied command. Back on the hub, wait until the cluster status becomes Ready / Managed.
Why these steps matter:
Import registers the managed cluster, installs the klusterlet/agent components, and enables policy/app placement management.
Click Import cluster.
Provide a name (the UI may request details like distribution/credentials depending on flow).
The wizard will provide a command to run on the managed cluster you want to import.
Copy that import command.
Log into the managed cluster (spoke) using oc and run the copied command. Back on the hub, wait until the cluster status becomes Ready / Managed.
Why these steps matter:
Import registers the managed cluster, installs the klusterlet/agent components, and enables policy/app placement management.
Question #8
SIMULATION
Task 28
Enable and verify ACM “Search” and query for a resource across clusters
Correct Answer: Ensure ACM hub components are installed and healthy.
In ACM console, open Search and query for:
a namespace name
a specific deployment
Validate results show cluster origin and resource details.
Why this matters:
Search is a core ACM operational workflow for multi-cluster visibility.
In ACM console, open Search and query for:
a namespace name
a specific deployment
Validate results show cluster origin and resource details.
Why this matters:
Search is a core ACM operational workflow for multi-cluster visibility.
Question #9
SIMULATION
Task 19
Label managed clusters for placement (environment=dev, region=us-east)
Correct Answer: List clusters:
oc get managedcluster
Label the target cluster(s):
oc label managedcluster cluster-dev environment=dev region=us-east –overwrite
Verify labels:
oc get managedcluster cluster-dev –show-labels
Why this matters:
Labels drive Placement decisions used by policies and applications.
oc get managedcluster
Label the target cluster(s):
oc label managedcluster cluster-dev environment=dev region=us-east –overwrite
Verify labels:
oc get managedcluster cluster-dev –show-labels
Why this matters:
Labels drive Placement decisions used by policies and applications.
Question #10
SIMULATION
Task 41
Troubleshoot a policy that shows “Pending” (no placement decisions)
Correct Answer: Confirm the policy exists in the namespace:
oc get policy -n team-dev
Confirm Placement exists and selects clusters:
oc get placement -n team-dev
oc get placementdecision -n team-dev
Confirm PlacementBinding points to correct placement + policy:
oc get placementbinding -n team-dev -o yaml
Fix common mistakes:
wrong namespace
placement name mismatch
missing ClusterSetBinding in the namespace
Why this matters:
Policy framework requires placement + binding; missing/incorrect targeting is the #1 real-world issue.
oc get policy -n team-dev
Confirm Placement exists and selects clusters:
oc get placement -n team-dev
oc get placementdecision -n team-dev
Confirm PlacementBinding points to correct placement + policy:
oc get placementbinding -n team-dev -o yaml
Fix common mistakes:
wrong namespace
placement name mismatch
missing ClusterSetBinding in the namespace
Why this matters:
Policy framework requires placement + binding; missing/incorrect targeting is the #1 real-world issue.
1 2