Questions for the CGOA were updated on : Nov 21 ,2025
Which of the following best describes the role of Git as the "single source of truth" in GitOps?
B
Explanation:
The core foundation of GitOps is that Git serves as the single source of truth for the desired state of
both applications and infrastructure. This means all configuration is declared in Git in a version-
controlled, auditable, and verifiable manner. Operators and reconciliation agents continuously pull
these definitions to ensure the live system matches what Git declares.
“Declarative descriptions of the desired state of the system must be versioned in Git, making Git the
single source of truth. This provides auditability, reliability, and enables rollbacks by reverting
changes in Git.”
This principle ensures that any change in system state is traceable through Git commits, making
environments predictable, reproducible, and transparent.
Reference: GitOps Principles (CNCF GitOps Working Group), Principle 1: The desired system state is
declarative and versioned in Git repositories.
Which of the following statements accurately describes the role of GitOps in progressive delivery?
B
Explanation:
Progressive delivery is a GitOps pattern that incrementally rolls out application updates, using
methods like canary releases, feature flags, and blue-green deployments. GitOps enhances this by
ensuring the rollout is automated and declaratively managed through Git, removing the need for
manual traffic switching.
“GitOps enables progressive delivery by declaratively managing rollout strategies such as canary or
blue-green deployments. These strategies are applied automatically by controllers, without requiring
manual traffic switching.”
Thus, the correct answer is B.
Reference: GitOps Patterns (CNCF GitOps Working Group), Progressive Delivery practices.
In the context of GitOps, what does Desired State refer to?
A
Explanation:
The Desired State is the declarative specification stored in Git that defines how the system should
look and behave. It is the reference point against which the actual state is continuously reconciled.
“Desired state is the complete declarative specification of a system stored in Git. It defines how the
system should be configured and serves as the source of truth for reconciliation.”
Thus, the correct answer is A.
Reference: GitOps Terminology (CNCF GitOps Working Group).
You are working on a GitOps deployment and want to manage the configuration of your Kubernetes
resources across multiple environments. How does Kustomize help?
D
Explanation:
Kustomize is a Kubernetes-native configuration management tool that allows manifest customization
without modifying the original YAML files. It uses overlays and patches to adapt configurations for
different environments.
“Kustomize provides a declarative way to customize Kubernetes manifests by applying patches and
overlays. This allows managing multiple environments without duplicating manifest files.”
Thus, the correct answer is D.
Reference: GitOps Tooling (CNCF GitOps Working Group), Kustomize.
===========
Which of these is an advantage of using a declarative configuration for your Desired State?
B
Explanation:
Declarative configuration describes what the system should look like, not how to achieve it. This
enables the use of standard reconciliation tools (like ArgoCD or Flux) to manage the system
automatically, removing the burden of writing and maintaining imperative scripts.
“Declarative configuration enables systems to be managed by generic reconciliation tools rather than
bespoke scripts, reducing operational overhead and increasing reliability.”
Thus, the correct answer is B.
Reference: GitOps Principles (CNCF GitOps Working Group), Declarative Systems.
===========
What is an example of how GitOps helps DevSecOps?
B
Explanation:
GitOps enhances DevSecOps by ensuring security-related configurations and changes are stored in
version control, where a complete audit history is available. This provides traceability, accountability,
and compliance enforcement.
“With GitOps, the entire version history of desired state changes is stored immutably in Git. This
audit trail supports security and compliance goals in DevSecOps practices.”
Thus, the correct answer is B.
Reference: GitOps Related Practices (CNCF GitOps Working Group), DevSecOps Integration.
===========
Which of the following statements best describes the relationship between DevOps and GitOps?
B
Explanation:
GitOps is not a replacement for DevOps. Instead, it is an evolution and practical implementation of
DevOps principles, using Git as the single source of truth and continuous reconciliation as the
operational model.
“GitOps builds on the foundation of DevOps by providing a framework to put its principles into
practice. It leverages Git and declarative reconciliation to realize DevOps goals.”
Thus, the best description of the relationship is B.
Reference: GitOps Related Practices (CNCF GitOps Working Group).
In GitOps, how is the Desired State stored?
D
Explanation:
The GitOps principle of Versioned and Immutable requires Desired State to be stored in a way that
enforces immutability and versioning. This ensures every change is recorded, auditable, and
reversible.
“Desired state must be kept in an immutable, version-controlled system. This guarantees a full
history of changes and enables safe rollbacks.”
Thus, the correct answer is D.
Reference: GitOps Principles (CNCF GitOps Working Group).
===========
Which method(s) of accessing the Desired State store does GitOps support?
D
Explanation:
GitOps requires a pull-based approach as the default model, where agents in the cluster
automatically pull desired state from Git. However, push-based triggers (e.g., webhooks) can
optionally be used to complement pull-based reconciliation.
“Pull-based reconciliation is required in GitOps to ensure automation and security. Push-based
triggers may optionally complement this, but the pull model is fundamental.”
Thus, the correct answer is D.
Reference: GitOps Principles (CNCF GitOps Working Group), Reconciliation Models.
===========
Which deployment and release pattern involves gradually shifting traffic from an old version of an
application to a new one?
B
Explanation:
A Canary Deployment gradually introduces a new application version to a small subset of users
before expanding to the full user base. This pattern allows testing and validation in production while
reducing risk.
“Canary deployments progressively roll out changes to a small group of users, monitoring for issues
before routing all traffic to the new version. This gradual shift minimizes risk and ensures safer
releases.”
Thus, the correct answer is B.
Reference: GitOps Patterns (CNCF GitOps Working Group), Progressive Delivery.
===========
How does GitOps handle drift during reconciliation?
B
Explanation:
When drift occurs (actual state diverges from desired state), GitOps controllers attempt to reapply
the Desired State stored in Git. The system is always converged toward what Git declares, never the
other way around.
“In case of drift, the reconciler re-applies the desired state from Git to the runtime environment,
ensuring the actual system matches the declared configuration.”
Thus, the correct answer is B.
Reference: GitOps Principles (CNCF GitOps Working Group), Drift Management.
In GitOps, what is the process of ensuring the actual state of a system matches its Desired State
called?
A
Explanation:
The process of keeping the actual state in sync with the desired state is called Reconciliation. GitOps
controllers (e.g., ArgoCD, Flux) continuously reconcile system resources to match what is declared in
Git.
“Reconciliation is the process by which agents compare the actual system state to the desired state
and automatically make changes to converge them.”
Thus, the correct answer is A: Reconciliation.
Reference: GitOps Terminology (CNCF GitOps Working Group).
===========
In the context of GitOps, what is one example of how DevSecOps principles manifested, enhancing
the traditional DevOps lifecycle?
A
Explanation:
In GitOps, DevSecOps integrates security into the GitOps workflow by treating security policies as
code and storing them in Git. This enables automatic detection of security policy drift and ensures
that any misconfiguration or violation is reconciled, just like application and infrastructure code.
“GitOps applies DevSecOps by managing security policies as code. This enables detection of drift in
security configurations, ensuring environments remain compliant and secure.”
Thus, the correct answer is A.
Reference: GitOps Related Practices (CNCF GitOps Working Group), DevSecOps integration.
===========
In the context of GitOps, what does Continuous mean?
C
Explanation:
One of the four core GitOps principles is that the system must be Continuously Reconciled. This
means reconciliation is not a one-time or on-demand process but happens constantly in the
background, ensuring the actual system state remains aligned with the declared desired state.
“GitOps requires that reconciliation is continuous. Software agents continuously compare actual
state against desired state and automatically reconcile differences.”
Thus, the correct answer is C.
Reference: GitOps Principles (CNCF GitOps Working Group), Principle 4: Continuously reconciled.
===========
In the context of GitOps, why would you do a rollback?
A
Explanation:
In GitOps, rollback is the process of reverting to a previous known-good configuration stored in Git.
This is typically done when a deployment introduces a bug, error, or failure that impacts system
stability.
“Rollback in GitOps is used to revert to a previous commit representing a stable configuration when
the current deployment causes errors or failures.”
Thus, the correct answer is A.
Reference: GitOps Principles (CNCF GitOps Working Group), Rollback and Recovery.