A Platform Engineer is a member of an IT team that provides Kubernetes clusters for three groups within a company named Fin Group, Inc.: * Fin VD * Fin Insurance * Fin TravelThe engineer created workspaces for each group. Fin Group Inc. has its own Active Directory implementation, while each group uses their own Identity Provider. Now, the engineer needs to assign the Tenant Administrators role for each workspace. How will the engineer complete this task?
Correct Answer: A
The NKPA course emphasizes that NKP supports multi-tenancy through workspaces, each of which can be configured with its own Identity Provider (IdP) for authentication. In this scenario, each group (Fin VD, Fin Insurance, Fin Travel) has its own IdP, and the engineer has created separate workspaces for them. To assign the Tenant Administrators role, the engineer must configure a dedicated IdP for each group's workspace, enabling users to authenticate via their group-specific IdP and assume the Tenant Administrator role. The course details that NKP uses Dex as the OIDC provider to integrate with external IdPs. For each workspace, the engineer configures a Dex connector to the group's IdP, maps the IdP groups to NKP roles (e. g., Tenant Administrator), and assigns permissions via role bindings. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: "To assign Tenant Administrator roles in NKP, configure a dedicated IdP for each workspace using Dex connectors, mapping IdP groups to the appropriate roles for workspace management." This ensures that each group's administrators can access only their designated workspace. Incorrect Options: * B. Create a role named admin-tenant-X: NKP uses predefined roles like Tenant Administrator, not custom roles with specific naming conventions. * C. Create a role binding and assign it: Role bindings are part of the process, but the primary step is configuring the IdP for authentication, as per the NKPA course. * D. Configure the global Active Directory: The scenario specifies separate IdPs per group, not a global Active Directory for all groups. : Nutanix Kubernetes Platform Administration (NKPA) Course, Section on Workspace and Role Management. Nutanix Cloud Native (NCP-CN) 6.10 Study Guide, Chapter on Authentication and Authorization. Nutanix Cloud Bible, NutanixKubernetesPlatform Section: https://www.nutanixbible.com
NCP-CN Exam Question 37
In which unit are NKP licenses able to be obtained?
Correct Answer: D
The NKPA course clarifies that NKP licenses are based on the number of CPU cores in the infrastructure hosting the Kubernetes clusters. This licensing model applies to both on-premises (e.g., Nutanix AHV) and cloud-based deployments. The Nutanix Cloud Native (NCP-CN) 6.10 Study Guide states: "NKP licenses are obtained based on the total number of CPU cores allocated to the clusters managed by the platform." This core-based licensing ensures flexibility across different infrastructure types while aligning with the resource consumption of Kubernetes workloads. Incorrect Options: * A. Flash: Flash storage is not a licensing unit for NKP. * B. CPU Sockets: Nutanix licenses for other products may use sockets, but NKP uses cores. * C. TiBs: Terabytes are used for storage licensing, not NKP. : Nutanix Kubernetes Platform Administration (NKPA) Course, Section on Licensing. Nutanix Cloud Native (NCP-CN) 6.10 Study Guide, Chapter on NKP Licensing. Nutanix Cloud Bible, NutanixKubernetesPlatform Section: https://www.nutanixbible.com
NCP-CN Exam Question 38
A Platform Engineer is deploying an NKP workload cluster using the nkp create cluster vsphere command. The cluster will be utilized by the company's code-green team and the engineer has already created a code- green NKP workspace on the NKP management cluster. After issuing the deploy command, the engineer monitored the build using the nkp describe cluster command and confirmed it completed successfully. However, a few hours later, after logging into the NKP UI, the engineer checked the code-green NKP workspace and saw that the NKP workload cluster was not there. What is the likely reason the NKP workload cluster is not in the code-green NKP workspace?
Correct Answer: C
The NKPA 6.10 documentation clarifies that when creating a workload cluster using the nkp create cluster command, specifying the target workspace (namespace) is critical for properly associating the workload cluster with that workspace in the NKP UI. If the --namespace <workspace> parameter is omitted, the cluster is provisioned in the default workspace, not in the intended workspace (in this case, code-green). Key documentation excerpt: "If you do not specify the workspace (namespace) using the --namespace parameter when creating a cluster, the cluster will be created in the default workspace. It will not appear in custom workspaces until manually assigned." Reference: Nutanix Kubernetes Platform Administration (NKPA) 6.10 - "Creating Workload Clusters" NCP-CN 6.10 Study Guide - "Namespace and Workspace Mapping for Workload Clusters" =======
NCP-CN Exam Question 39
A Platform Engineer is deploying an NKP cluster within an air-gapped AWS environment. However, after an infrastructure planning session with the network team, it's been determined that the default CIDR block range that is used by pods on NKP clusters is already in use in their environment. How can the engineer ensure there are no collisions between NKP pod traffic and the existing network using that subnet range?
Correct Answer: C
The NKPA 6.10 documentation outlines that in air-gapped environments where default pod network CIDR conflicts exist, the cluster manifest (created via the nkp create cluster command) should be updated to specify an alternate, non-conflicting pod CIDR block range before deployment. Reference: Nutanix Kubernetes Platform Administration (NKPA) 6.10 - "Customizing Pod Network CIDR Blocks in Air- gapped Clusters" NCP-CN 6.10 Study Guide - "Networking Configuration for Air-gapped Environments" =======
NCP-CN Exam Question 40
A Platform Engineer would like to install some NKP applications, but with a few modifications to the default configuration specs of some of the components. Additionally, Velero itself can be disabled, as the company already utilizes a different backup utility for Kubernetes. Which procedure would the engineer utilize to accomplish these goals when deploying the applications?
Correct Answer: B
The NKPA 6.10 documentation confirms that the proper method to customize application deployment (including disabling Velero) is by generating a configuration file using the nkp install kommander --init command. The file can then be modified to set custom specs and disable Velero, and finally deployed using the nkp install kommander command. Exact extract: "Generate a custom configuration file using --init, modify it for your specific environment (including disabling Velero), and deploy with the same nkp install kommander command." Reference: Nutanix Kubernetes Platform Administration (NKPA) 6.10 - "Customizing Kommander Installation" NCP-CN 6.10 Study Guide - "Deploying and Customizing NKP Applications" =======
