Pass the Nutanix Nutanix Certified Professional (NCP) NCP-CN Questions and answers with CertsForce

The NKPA 6.10 documentation confirms that Velero is the built-in backup and recovery solution provided as part of the NKP platform. It provides cluster-level and namespace-level backup, restore, and migration capabilities.

Exact extract from the documentation:

“Velero is the integrated, out-of-the-box backup and restore solution in NKP. It supports scheduled backups, disaster recovery, and application migration workflows.”

The exhibit shows the NKP UI with the "Create Cluster" option grayed out in a new workspace, indicating that a prerequisite for cluster creation is missing. The NKPA course explains that to create a new Kubernetes cluster in a workspace, an Infrastructure Provider must be configured for that workspace. An Infrastructure Provider defines the underlying infrastructure (e.g., Nutanix AHV, AWS, vSphere) where the cluster will be provisioned, and without it, the Create Cluster option remains disabled in the UI.

The NKP Ultimate license supports creating clusters across various infrastructures, but the workspace must be associated with an Infrastructure Provider to enable cluster creation. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “Before creating a cluster in a new workspace, ensure an Infrastructure Provider is configured for the workspace in the NKP UI; otherwise, the Create Cluster option will be grayed out.” The engineer should navigate to the Infrastructure Providers section in the NKP UI (typically under the Global or Administration view), create a provider (e.g., for Nutanix AHV, AWS, or vSphere), and associate it with the workspace. Once this is done, the Create Cluster option will become available.

Incorrect Options:

A. Create the cluster only using YAML and not the GUI: The issue is not with the GUI itself but with the missing Infrastructure Provider, which affects both GUI and CLI cluster creation. YAML alone does not resolve this.

B. Attach existing clusters instead of creating a new cluster: Attaching existing clusters is an alternative but does not address the requirement to create a new cluster.

D. Ensure NKP is upgraded to a minimum version of 2.12: The NKP Ultimate license implies a recent version, and the course does not indicate that version 2.12 is specifically required for this functionality. The issue is configuration-related, not version-related.

The NKPA 6.10 documentation clarifies that when creating a workload cluster using the nkp create cluster command, specifying the target workspace (namespace) is critical for properly associating the workload cluster with that workspace in the NKP UI. If the --namespace parameter is omitted, the cluster is provisioned in the default workspace, not in the intended workspace (in this case, code-green).

Key documentation excerpt:

“If you do not specify the workspace (namespace) using the --namespace parameter when creating a cluster, the cluster will be created in the default workspace. It will not appear in custom workspaces until manually assigned.”

The NKPA course details the process of creating an NKP cluster on vSphere using the NKP CLI, including the configuration of multiple node pools with specific worker node counts and CPU settings. The correct approach involves creating the cluster with the initial node pool and then adding additional node pools separately.

The steps in Option A align with this process:

nkp create cluster vsphere --worker-replicas 6 --worker-cpus 10: This command creates the NKP cluster on vSphere with the first node pool, consisting of 6 worker nodes, each with 10 CPUs.

nkp create nodepool vsphere --worker-replicas 3 --worker-cpus 8: This adds the second node pool to the cluster with 3 worker nodes, each with 8 CPUs.

nkp create nodepool vsphere --worker-replicas 3 --worker-cpus 6: This adds the third node pool with 3 worker nodes, each with 6 CPUs.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “To create an NKP cluster with multiple node pools on vSphere, use nkp create cluster vsphere to define the first node pool, then add additional node pools with nkp create nodepool vsphere, specifying --worker-replicas and --worker-cpus for each pool.” This method ensures precise control over each node pool’s configuration.

Incorrect Options:

B: The second nkp create nodepool command uses --replicas and --cpus, which are not the correct flags. The NKPA course specifies --worker-replicas and --worker-cpus.

C: The --node-pools, --worker-replicas 6,3,3, and --worker-cpus 10,8,6 flags are not supported in a single nkp create cluster command. Node pools must be created separately.

D: There is no nkp create nodepools command; the correct command is nkp create nodepool. Additionally, --replicas and --cpus are incorrect flags.

A bastion host in a dark site environment serves as a secure entry point for managing the NKP deployment, providing access to the cluster infrastructure without direct Internet connectivity. The NKPA course outlines the prerequisites for preparing a Linux VM as a bastion host, focusing on secure access and time synchronization, which are critical for air-gapped Kubernetes deployments.

Get or create SSH Keys (Option B):The bastion host requires SSH keys to enable secure, passwordless access to the NKP cluster nodes and other infrastructure components (e.g., Nutanix AHV hosts). The NKPA course specifies that SSH keys must be generated or obtained and configured on the bastion host to facilitate secure communication during deployment and management tasks. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “For a bastion host in an NKP dark site deployment, ensure SSH keys are created or obtained to enable secure access to cluster nodes and infrastructure.” The engineer can generate SSH keys using ssh-keygen and distribute the public key to the target systems.

Enable NTP Service (Option D):Time synchronization is essential in Kubernetes clusters to ensure consistent logging, certificate management, and scheduling. In a dark site with no Internet access, the bastion host must be configured to synchronize time with an internal NTP (Network Time Protocol) server or act as an NTP server itself. The NKPA course emphasizes enabling the NTP service on the bastion host to maintain accurate time across the air-gapped environment. The NCP-CN 6.10 Study Guide notes: “Enable the NTP service on the bastion host to ensure time synchronization in a dark site NKP deployment, as Kubernetes requires accurate time for proper operation.” The engineer can enable NTP using commands like systemctl enable ntpd and configure it to use an internal time source.

Incorrect Options:

A. Install LDAP Server: LDAP is used for centralized authentication, but it is not a requirement for a bastion host in an NKP dark site deployment. The course focuses on SSH access instead.

C. Install Docker: While Docker is needed on Kubernetes nodes for container runtimes, the bastion host’s role is to provide secure access and management, not to run containers.

The NKP documentation recommends using a combination of RBAC assignments and exported manifests to manage access across multiple clusters. By exporting the role assignments to YAML, the engineer can consistently apply these settings across the different environments, ensuring the new team has the necessary resources and limits. This approach is especially useful for environments with multiple clusters and standardized configurations.

When an Amazon EKS cluster is attached to NKP for fleet management, NKP uses GitOps principles, leveraging Flux (a GitOps operator) to synchronize application deployments and configurations from a management Git repository to the attached cluster. The NKPA course explains that detaching a cluster from NKP removes it from the NKP management plane, but the Flux installation on the cluster may continue to reconcile with the Git repository, causing application changes to persist post-detachment.

To resolve this, the engineer must manually disconnect the Flux installation by suspending the Git repository reconciliation. The correct command, as per the NKPA course, is: kubectl -n kommmander-flux patch gitrepo management -p '{"spec":{"suspend":true}}' --type merge. This command suspends Flux’s synchronization with the management Git repository, stopping further application updates. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “After detaching an external cluster from NKP, the Flux GitOps operator may continue to apply changes unless its GitRepo resource is suspended using kubectl patch in the kommmander-flux namespace.”

Incorrect Options:

A. Forcefully detach EKS cluster: The --force flag is not a standard option for the nkp detach cluster command, and forceful detachment does not address the Flux reconciliation issue.

B. Detached cluster must also be deleted from NKP: The cluster is already detached, and deletion is not necessary to stop GitOps updates. The issue lies with Flux, not NKP’s state.

C. Developers must have some bad configuration: The issue is not with developer configurations but with Flux’s ongoing synchronization, as explained in the NKPA course.

When mirroring the NKP bundle to a private registry, the recommended method is to use the nkp bundle push or similar commands with the --to-registry option, specifying the target registry along with the credentials (--to-registry-username and --to-registry-password).

Key reference from documentation:

“Use the --to-registry flag along with --to-registry-username and --to-registry-password to push the NKP bundle to a private registry.”

The NKPA course recommends using a S3-compatible API for backup and restore operations in production NKP environments, as it integrates with Velero, NKP’s backup and restore tool. Velero supports S3-compatible storage (e.g., AWS S3, Nutanix Objects, or MinIO) as a backup storage location, allowing persistent data, including volumes and cluster resources, to be backed up and restored during disaster recovery scenarios. This approach ensures compatibility with cloud-native backup workflows and provides scalability and reliability for production use cases.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “For production backup and restore in NKP, use Velero with an S3-compatible API to store backups, ensuring persistent data availability during disaster recovery.” Nutanix Objects, which provides an S3-compatible API, is often used in Nutanix environments for this purpose, but any S3-compatible storage (e.g., an off-site S3 bucket) can be configured.

Incorrect Options:

A. Protection Domain: Protection Domains are a Nutanix AOS feature for VM-level replication, not for Kubernetes backup/restore.

B. Rook Ceph: Rook Ceph provides persistent storage for NKP clusters but is not a backup solution; it can be backed up using Velero with S3 storage.

C. External Storage Class: Storage Classes define how volumes are provisioned, not how they are backed up or restored.

The NKPA course explains that NKP uses Grafana Loki as part of its logging stack to implement a multi-tenant logging system, allowing teams to access their logs securely within their respective namespaces. The exhibit indicates two namespaces, tenant-innovation and tenant-analytics, each with a ConfigMap for logging configuration. The requirement is to set a retention period of 30 days for tenant-innovation and 7 days for tenant-analytics.

The correct YAML output (Option A) configures Loki’s retention period using ConfigMaps in the appropriate namespaces:

For tenant-innovation, the ConfigMap logging-innovation-config in the tenant-innovation namespace sets retention_period: 30d.

For tenant-analytics, the ConfigMap logging-analytics-config in the tenant-analytics namespace sets retention_period: 7d.

The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: “In NKP, configure multi-tenant logging with Grafana Loki by creating a ConfigMap per namespace, specifying retention periods under loki.structuredConfig.limits_config.retention_period (e.g., 30d for 30 days, 7d for 7 days).” The d suffix denotes days, aligning with the requirement for 30 days and 7 days retention periods.

Incorrect Options:

B: The second ConfigMap incorrectly uses the tenant-innovation namespace instead of tenant-analytics, breaking the multi-tenant isolation.

C: The retention periods are set to 30h and 7h (hours), not 30d and 7d (days), which does not meet the requirement.

D: Both ConfigMaps use a generic tenant namespace, which does not match the specific namespaces (tenant-innovation, tenant-analytics) shown in the exhibit.