1In the Jenkins Master/Agent architecture, what is the primary role of the Jenkins Master?
Jenkins architecture (Master/Agent model)
Easy
A.To execute all the build jobs natively
B.To host the Git repositories
C.To schedule build jobs, dispatch them to agents, and monitor the results
D.To replace Docker containers
Correct Answer: To schedule build jobs, dispatch them to agents, and monitor the results
Explanation:
The Jenkins Master acts as the control plane. It handles scheduling jobs, dispatching builds to the agents for actual execution, recording results, and presenting the UI.
Incorrect! Try again.
2What is the primary purpose of plugins in Jenkins?
Plugins management
Easy
A.To increase the core software's disk size
B.To extend Jenkins functionality and integrate with other tools
C.To write the actual source code of the application
D.To act as a secondary database
Correct Answer: To extend Jenkins functionality and integrate with other tools
Explanation:
Plugins are modular extensions that provide Jenkins with capabilities to integrate with external tools (like Git, Docker, Maven) and add new features.
Incorrect! Try again.
3What is a Jenkinsfile?
Jenkinsfile structure
Easy
A.A configuration file for a Jenkins agent's operating system
B.A script used to uninstall Jenkins
C.A log file generated after a build fails
D.A text file that contains the definition of a Jenkins Pipeline and is checked into source control
Correct Answer: A text file that contains the definition of a Jenkins Pipeline and is checked into source control
Explanation:
A Jenkinsfile is a text file containing the definition of a Jenkins Pipeline, allowing the pipeline to be version-controlled alongside the application code.
Incorrect! Try again.
4What is a major advantage of Jenkins Pipeline jobs over Freestyle jobs?
Freestyle vs Pipeline jobs
Easy
A.Pipeline jobs do not require a Jenkins Master
B.Pipeline jobs cannot use plugins
C.Pipeline jobs allow the build process to be defined as code (Pipeline-as-Code)
D.Pipeline jobs run only on Windows machines
Correct Answer: Pipeline jobs allow the build process to be defined as code (Pipeline-as-Code)
Explanation:
Unlike Freestyle jobs which are configured via the UI, Pipeline jobs use a Jenkinsfile to define the entire build process as code, enabling version control and reusability.
Incorrect! Try again.
5Which keyword is used to start a Declarative Jenkins Pipeline block?
Declarative pipeline syntax
Easy
A.build {
B.pipeline {
C.stage {
D.node {
Correct Answer: pipeline {
Explanation:
Declarative pipelines must be enclosed within a pipeline { ... } block at the top level.
Incorrect! Try again.
6What happens during the 'Checkout' stage of a Jenkins CI/CD pipeline?
Pipeline Stages: Checkout code from Git
Easy
A.Unit tests are generated automatically
B.Source code is fetched from a version control system like Git
C.Docker containers are stopped
D.The application is deployed to production
Correct Answer: Source code is fetched from a version control system like Git
Explanation:
The 'Checkout' stage is typically the first step in a pipeline, where Jenkins retrieves the latest source code from a repository (e.g., Git) to build and test it.
Incorrect! Try again.
7In Jenkins, what is an 'artifact'?
Managing artifacts
Easy
A.A plugin that has been deprecated
B.A Jenkins user with administrative privileges
C.A deployable file or package (like a .jar or .zip) produced during a build
D.A failed test case
Correct Answer: A deployable file or package (like a .jar or .zip) produced during a build
Explanation:
Artifacts are the output files generated by a successful build process, such as compiled binaries, JAR files, or Docker images, which are saved for later deployment.
Incorrect! Try again.
8What is the main feature of a Jenkins Multi-branch Pipeline?
Jenkins multi-branch pipelines
Easy
A.It prevents developers from creating branches in Git
B.It merges all branches into the main branch before building
C.It deletes old branches from the repository automatically
D.It automatically discovers branches in a repository and creates a pipeline for each branch containing a Jenkinsfile
Correct Answer: It automatically discovers branches in a repository and creates a pipeline for each branch containing a Jenkinsfile
Explanation:
Multi-branch pipelines automatically detect branches and pull requests in a repository and run a pipeline for any branch that contains a Jenkinsfile.
Incorrect! Try again.
9Why is running Docker inside Jenkins agents beneficial?
Docker inside Jenkins agents
Easy
A.It automatically writes the Jenkinsfile
B.It forces all applications to be written in Go
C.It guarantees zero build failures
D.It allows builds to run in isolated, clean, and consistent containerized environments
Correct Answer: It allows builds to run in isolated, clean, and consistent containerized environments
Explanation:
Using Docker in agents ensures that the build environment is consistent, isolated, and doesn't require pre-installing specific build tools directly on the host agent machine.
Incorrect! Try again.
10Which of the following describes the process of sending a newly built Docker image to Docker Hub?
Publishing images to Docker Hub/GHCR
Easy
A.Docker run
B.Docker push
C.Docker build
D.Docker pull
Correct Answer: Docker push
Explanation:
The docker push command is used in pipelines to publish or upload a built local Docker image to a remote registry like Docker Hub or GHCR.
Incorrect! Try again.
11Which build trigger mechanism is more efficient and immediate: PollSCM or Webhooks?
B.Webhooks, because Git actively notifies Jenkins only when a change occurs
C.PollSCM, because it uses less CPU on the Git server
D.PollSCM, because it constantly asks Git for updates
Correct Answer: Webhooks, because Git actively notifies Jenkins only when a change occurs
Explanation:
Webhooks are more efficient because the source code repository pushes a notification to Jenkins immediately when code is committed, unlike PollSCM where Jenkins has to periodically check for changes.
Incorrect! Try again.
12Where in Jenkins do you configure the paths for tools like JDK, Maven, and Git so that they can be used globally across jobs?
Global tool configuration
Easy
A.Inside the individual Jenkinsfile only
B.Manage Jenkins -> Security
C.Manage Jenkins -> Global Tool Configuration
D.Manage Jenkins -> Manage Users
Correct Answer: Manage Jenkins -> Global Tool Configuration
Explanation:
The 'Global Tool Configuration' menu under 'Manage Jenkins' is used to define the installation paths and versions of essential tools like Maven, Git, and Java.
Incorrect! Try again.
13What is a Jenkins Agent?
Jenkins architecture (Master/Agent model)
Easy
A.A machine or container that connects to the Master and executes the actual build tasks
B.A type of pipeline syntax
C.A plugin for GitHub
D.A monitoring dashboard
Correct Answer: A machine or container that connects to the Master and executes the actual build tasks
Explanation:
A Jenkins Agent is a worker node (machine or container) assigned by the Jenkins Master to execute the steps of a build job.
Incorrect! Try again.
14In a Declarative Pipeline, what is the purpose of the post block?
Post actions
Easy
A.To write data to a database before the build starts
B.To define actions to take after the pipeline or a specific stage completes, such as sending emails or cleaning up
C.To define the source code repository
D.To trigger the pipeline periodically
Correct Answer: To define actions to take after the pipeline or a specific stage completes, such as sending emails or cleaning up
Explanation:
The post section defines steps that run at the end of the pipeline or a stage, often used for notifications, archiving artifacts, or cleaning up workspaces.
Incorrect! Try again.
15Which of the following commands is typically used in a Jenkins pipeline to compile, test, and package a Java application using Maven?
Running Maven builds in pipelines
Easy
A.make install
B.npm run build
C.docker build
D.mvn clean install
Correct Answer: mvn clean install
Explanation:
The mvn clean install command tells Maven to clean previous build outputs and then compile, test, and package the application into an artifact (like a JAR).
Incorrect! Try again.
16Which directory contains all Jenkins configurations, job definitions, and logs, and is the primary target for a Jenkins backup?
Backup & restore
Easy
A./usr/bin/jenkins
B./etc/jenkins
C.JENKINS_HOME
D./var/log/jenkins
Correct Answer: JENKINS_HOME
Explanation:
The JENKINS_HOME directory stores all Jenkins data, including configurations, plugin data, and job workspaces, making it critical to backup.
Incorrect! Try again.
17What is the primary benefit of using Jenkins Shared Libraries?
Pipeline libraries
Easy
A.It allows developers to share reusable pipeline code across multiple Jenkinsfiles
B.It automatically patches vulnerabilities in Jenkins
C.It provides free cloud storage for artifacts
D.It converts Scripted pipelines to Declarative pipelines
Correct Answer: It allows developers to share reusable pipeline code across multiple Jenkinsfiles
Explanation:
Shared Libraries allow teams to extract common pipeline logic (like deployment scripts or notifications) into a centralized repository, promoting code reuse across many Jenkins jobs.
Incorrect! Try again.
18Why would you use parameters in a Jenkins pipeline?
Parameters
Easy
A.To bypass Jenkins security protocols
B.To prevent developers from seeing the build logs
C.To allow users to pass dynamic inputs (like branch names or environment tags) when triggering a build
D.To permanently delete the Jenkins master
Correct Answer: To allow users to pass dynamic inputs (like branch names or environment tags) when triggering a build
Explanation:
Parameters make pipelines interactive and flexible by prompting users to supply inputs (such as choosing between 'dev' or 'prod' environments) before the job runs.
Incorrect! Try again.
19In a Jenkins pipeline, what is the purpose of test report plugins (like JUnit)?
Code coverage & test reports
Easy
A.To skip failing tests so the build succeeds
B.To block code commits to Git
C.To write the tests automatically for developers
D.To visualize test results and track the number of passed/failed tests over time
Correct Answer: To visualize test results and track the number of passed/failed tests over time
Explanation:
Test report plugins parse test output files (like JUnit XMLs) and generate readable graphs and dashboards in Jenkins to show test success/failure trends.
Incorrect! Try again.
20How does the Jenkins Master typically communicate with an SSH-based agent?
Jenkins agents (SSH/SFTP/Container-based)
Easy
A.Through a shared Google Drive folder
B.By sending emails to the agent
C.By establishing a secure SSH connection to the agent machine using credentials
D.By physically connecting a USB drive
Correct Answer: By establishing a secure SSH connection to the agent machine using credentials
Explanation:
Jenkins connects to remote Unix/Linux agents via SSH by authenticating with a username and SSH key/password to execute commands and scripts.
Incorrect! Try again.
21In a Jenkins Master/Agent architecture, what happens to currently executing builds on an agent if the Jenkins Master node suddenly crashes?
Jenkins Foundations: Jenkins architecture (Master/Agent model)
Medium
A.The agent takes over the Master's role temporarily to save the build logs.
B.The agent immediately aborts the build and waits for the Master to come back online.
C.The agent continues executing the build but the results and logs cannot be reported back until the Master recovers.
D.The build execution is transferred to another available agent automatically.
Correct Answer: The agent continues executing the build but the results and logs cannot be reported back until the Master recovers.
Explanation:
Jenkins agents process jobs independently once dispatched. If the Master goes offline, the agent continues the execution, but the logs and final status cannot be synchronized until the Master reconnects.
Incorrect! Try again.
22Which of the following is a primary advantage of using a Jenkins Pipeline job over a Freestyle job for a CI/CD workflow?
Jenkins Pipelines: Freestyle vs Pipeline jobs
Medium
A.Freestyle jobs cannot integrate with Docker or third-party plugins.
B.Pipelines allow the build configuration to be version-controlled in the source code repository as a Jenkinsfile.
C.Pipelines do not require Jenkins agents and run directly on the Jenkins UI.
D.Pipelines execute faster because they bypass the Jenkins Master node.
Correct Answer: Pipelines allow the build configuration to be version-controlled in the source code repository as a Jenkinsfile.
Explanation:
The defining feature of Jenkins Pipelines (Pipeline as Code) is the ability to write the build process in a Jenkinsfile which is stored and versioned alongside the application code, unlike Freestyle jobs which are configured via the UI.
Incorrect! Try again.
23In a Declarative Pipeline, which directive is used to control the execution of a stage based on specific conditions, such as the branch name?
Jenkins Pipelines: Declarative pipeline syntax
Medium
A.trigger { ... }
B.condition { ... }
C.when { ... }
D.if (branch == 'main') { ... }
Correct Answer: when { ... }
Explanation:
The when directive in a Declarative Pipeline allows the pipeline to determine whether a given stage should be executed depending on the defined condition, such as when { branch 'main' }.
Incorrect! Try again.
24Which pipeline step is used to preserve a generated binary file (e.g., a .jar file) so that it can be downloaded directly from the Jenkins build results page?
The archiveArtifacts step tells Jenkins to save specified files from the workspace to the Jenkins master, making them available as artifacts on the build page. stash is only used to pass files between nodes during a single pipeline run.
Incorrect! Try again.
25Why is it generally recommended to use Webhooks over pollSCM for triggering Jenkins builds from a Git repository?
Jenkins CI/CD Deployment Flows: Triggering builds (pollSCM, webhook)
Medium
A.pollSCM creates unnecessary overhead and API calls by constantly checking for changes, whereas Webhooks push an event to Jenkins only when a change occurs.
B.pollSCM requires an SSH connection, while Webhooks use secure FTP.
C.Webhooks automatically configure Jenkins agents for the build, whereas pollSCM requires manual configuration.
D.pollSCM cannot trigger Multi-branch pipelines.
Correct Answer: pollSCM creates unnecessary overhead and API calls by constantly checking for changes, whereas Webhooks push an event to Jenkins only when a change occurs.
Explanation:
Polling the SCM means Jenkins repeatedly queries the repository on a schedule, wasting resources. Webhooks are event-driven, instantly notifying Jenkins when a push or merge occurs, which is much more efficient.
Incorrect! Try again.
26When configuring a Jenkins agent to build Docker images, what is the 'Docker outside of Docker' (DooD) approach?
Docker and Jenkins Integration: Docker inside Jenkins agents
Medium
A.Running a Docker daemon inside a Docker container without mapping any host directories.
B.Installing Jenkins on a bare-metal server and avoiding Docker completely.
C.Using a remote API to build images on Docker Hub directly.
D.Mounting the host machine's /var/run/docker.sock into the Jenkins agent container so it uses the host's Docker daemon.
Correct Answer: Mounting the host machine's /var/run/docker.sock into the Jenkins agent container so it uses the host's Docker daemon.
Explanation:
DooD involves mapping the host's Docker socket into the container. This allows the Jenkins agent container to spawn sibling containers on the host machine, avoiding the complexities and security risks of running a nested Docker daemon (DinD).
Incorrect! Try again.
27How do you correctly reference a Jenkins environment variable named BUILD_NUMBER within a sh step in a Declarative Pipeline?
Jenkins Pipelines: Parameters, environment variables
Medium
A.sh 'echo The build number is $jenkins.BUILD_NUMBER'
B.sh 'echo The build number is ${env.BUILD_NUMBER}'
C.sh "echo The build number is ${env.BUILD_NUMBER}"
D.sh "echo The build number is %BUILD_NUMBER%"
Correct Answer: sh "echo The build number is ${env.BUILD_NUMBER}"
Explanation:
To inject Groovy variables (like ${env.BUILD_NUMBER}) into a shell step, you must use double quotes. Single quotes in Groovy represent a literal string, which will not interpolate the variable.
Incorrect! Try again.
28If an underlying Jenkins agent does not have Maven installed on its OS, how can a pipeline still execute mvn clean install successfully?
Jenkins and Maven: Global tool configuration
Medium
A.By passing the --install-maven flag in the pipeline's sh step.
B.Jenkins automatically detects Java code and downloads Maven in the background.
C.By configuring Maven in the 'Global Tool Configuration' and referencing it using the tools directive in the pipeline.
D.It is impossible; the agent OS must have Maven pre-installed.
Correct Answer: By configuring Maven in the 'Global Tool Configuration' and referencing it using the tools directive in the pipeline.
Explanation:
Jenkins allows administrators to define tools (like Maven, JDK, Node) in 'Global Tool Configuration'. Using the tools { maven 'maven-version' } directive tells the agent to automatically download and configure the specified tool before running steps.
Incorrect! Try again.
29What is the most secure way to authenticate and push a Docker image to Docker Hub within a Jenkins pipeline?
Docker and Jenkins Integration: Publishing images to Docker Hub/GHCR
Medium
A.Store the credentials in an environment variable on the Jenkins Master OS.
B.Hardcode the username and password in the Jenkinsfile using a sh 'docker login' command.
C.Change the Docker Hub repository to public before pushing so authentication is not required.
D.Use the Jenkins Credentials Binding plugin (e.g., withCredentials block) to securely pass the username and password to docker login.
Correct Answer: Use the Jenkins Credentials Binding plugin (e.g., withCredentials block) to securely pass the username and password to docker login.
Explanation:
The Credentials Binding plugin allows you to securely inject secrets stored in Jenkins into the pipeline context without hardcoding them or exposing them in the build logs.
Incorrect! Try again.
30To add a new Linux-based Jenkins agent via SSH, which of the following is an absolute requirement on the target agent machine?
Jenkins CI/CD Deployment Flows: Jenkins agents (SSH/SFTP/Container-based)
Medium
A.A running SSH daemon and a compatible Java Runtime Environment (JRE).
B.Jenkins Master software installed on it.
C.Docker installed and configured to run as root.
D.The Jenkins CLI .jar downloaded into the root directory.
Correct Answer: A running SSH daemon and a compatible Java Runtime Environment (JRE).
Explanation:
For Jenkins to connect and control an agent via SSH, the agent must be accessible over SSH and have Java installed, as the Jenkins master copies and runs the remoting.jar (agent process) using Java.
Incorrect! Try again.
31How does a Jenkins Multi-branch Pipeline decide which branches to automatically build?
Jenkins Pipelines: Jenkins multi-branch pipelines
Medium
A.It only builds the default branch (e.g., main or master).
B.It builds every branch in the repository regardless of the content.
C.It scans the repository and creates a pipeline only for branches that contain a recognized Jenkinsfile.
D.Branches must be manually added to a text file in the Jenkins master directory.
Correct Answer: It scans the repository and creates a pipeline only for branches that contain a recognized Jenkinsfile.
Explanation:
Multi-branch pipelines automatically discover and manage jobs for multiple branches in a repository by checking if the branch contains a Jenkinsfile. If it does, Jenkins creates and triggers a job for that branch.
Incorrect! Try again.
32In a Declarative Pipeline, how can you ensure an email notification is sent ONLY when the build status changes from successful to failing?
Pipeline Stages: Post actions
Medium
A.Use the post { changed { ... } } block and check if the current status is failure.
B.Use the post { regression { ... } } block.
C.Write a shell script in the always block to parse the Jenkins logs.
D.Use the post { failure { ... } } block.
Correct Answer: Use the post { regression { ... } } block.
Explanation:
The regression condition in the post block is specifically designed to execute steps when the current build's status is worse than the previous build's status (e.g., going from Success to Failure).
Incorrect! Try again.
33What is the primary purpose of Jenkins Shared Libraries?
Jenkins CI/CD Deployment Flows: Pipeline libraries
Medium
A.To store third-party Jenkins plugins locally.
B.To encapsulate and reuse common Groovy pipeline code across multiple Jenkinsfiles.
C.To provide a backup mechanism for Jenkins configuration.
D.To share compiled .jar files across different Jenkins masters.
Correct Answer: To encapsulate and reuse common Groovy pipeline code across multiple Jenkinsfiles.
Explanation:
Shared libraries allow DevOps teams to extract common pipeline logic (written in Groovy) into a centralized Git repository, which can then be imported and reused in various Jenkinsfiles across different projects.
Incorrect! Try again.
34Which of the following represents a significant difference between Scripted Pipeline syntax and Declarative Pipeline syntax?
Jenkins Pipelines: Scripted pipeline syntax
Medium
A.Scripted pipelines use strict predefined blocks like pipeline, stages, and steps, while Declarative pipelines do not.
C.Scripted pipelines are executed sequentially using native Groovy control structures (like if/else), while Declarative pipelines rely on predefined structure directives (like when).
D.Only Scripted pipelines can interact with Git repositories.
Correct Answer: Scripted pipelines are executed sequentially using native Groovy control structures (like if/else), while Declarative pipelines rely on predefined structure directives (like when).
Explanation:
Scripted pipeline is an imperative, Groovy-based syntax that utilizes standard programming control flow (try/catch, if/else). Declarative pipeline provides a strict, structured configuration model using specific blocks.
Incorrect! Try again.
35To perform a complete backup of Jenkins, including job configurations, plugin configurations, and build histories, which directory is the most critical to back up?
Backup & restore
Medium
A./usr/bin/jenkins/
B./etc/jenkins/
C./var/log/jenkins/
D.$JENKINS_HOME
Correct Answer: $JENKINS_HOME
Explanation:
The $JENKINS_HOME directory contains all the configuration files, job definitions, build logs, and plugin configurations required to restore Jenkins to its exact state.
Incorrect! Try again.
36After running mvn clean test jacoco:report in a Jenkins pipeline, how is the coverage report typically visualized on the Jenkins UI?
Jenkins and Maven: Code coverage & test reports
Medium
A.By using a post-build step provided by a plugin like JaCoCo or Cobertura to parse the generated XML/HTML reports.
B.By uploading the report to Docker Hub.
C.Jenkins automatically detects and visualizes .xml files without any plugins.
D.By enabling the Maven Global Coverage checkbox in Jenkins settings.
Correct Answer: By using a post-build step provided by a plugin like JaCoCo or Cobertura to parse the generated XML/HTML reports.
Explanation:
To visualize code coverage in Jenkins, you must generate the report using a build tool (like Maven with JaCoCo) and then use a Jenkins plugin (e.g., JaCoCo plugin) in the post-actions to parse the output and display it.
Incorrect! Try again.
37According to Jenkins best practices, why should complex logic and heavy processing be avoided directly inside the Jenkins Master node (e.g., inside the Jenkinsfile Groovy context without an agent)?
B.Because the Jenkinsfile becomes unreadable when complex logic is added.
C.Because Jenkins Master cannot connect to the internet.
D.Because executing heavy builds on the master can consume CPU/Memory resources needed to manage the UI and agent coordination, causing Jenkins to crash.
Correct Answer: Because executing heavy builds on the master can consume CPU/Memory resources needed to manage the UI and agent coordination, causing Jenkins to crash.
Explanation:
The Jenkins master is responsible for orchestrating builds, handling the UI, and managing plugins. Running heavy workloads on the built-in node (master) can exhaust its resources, leading to instability.
Incorrect! Try again.
38When implementing Role-Based Access Control (RBAC) in Jenkins using the Role Strategy Plugin, how are permissions applied to specific jobs?
Jenkins Foundations: Security, users, roles
Medium
A.By modifying the Jenkinsfile to include an authorized_users list.
B.By assigning an IP address to the job.
C.By creating a separate Jenkins master for each user.
D.By creating a 'Project Role' with a regular expression pattern that matches the job names, and assigning users to that role.
Correct Answer: By creating a 'Project Role' with a regular expression pattern that matches the job names, and assigning users to that role.
Explanation:
In Jenkins RBAC (Role Strategy Plugin), Project Roles use regular expressions (Regex) to map permissions to specific jobs that match the regex pattern, restricting users to only view or build those specific jobs.
Incorrect! Try again.
39In a Declarative Pipeline, which block is used to specify that the entire pipeline should execute inside a specific Docker container rather than directly on the agent's host OS?
Docker and Jenkins Integration: Building Docker images using Jenkins
Medium
Using agent { docker { image '...' } } at the top level of a Declarative Pipeline instructs Jenkins to dynamically pull the specified image, start a container, and execute the pipeline steps inside that container.
Incorrect! Try again.
40When configuring a deployment step in a pipeline to push code to a remote Linux server via SSH, which approach ensures the pipeline handles host key verification securely without hanging the build?
Jenkins CI/CD Deployment Flows: Deployments to servers/clouds
Medium
A.Hardcode the server's private key inside the Jenkinsfile.
B.Pre-configure the Jenkins agent's ~/.ssh/known_hosts file with the target server's key, or use SSH plugins that handle host key verification dynamically.
C.Run ssh -o StrictHostKeyChecking=yes and wait for the interactive prompt in the pipeline console.
D.Disable SSH entirely and use HTTP.
Correct Answer: Pre-configure the Jenkins agent's ~/.ssh/known_hosts file with the target server's key, or use SSH plugins that handle host key verification dynamically.
Explanation:
Pipelines run non-interactively. If a host key is unverified, the SSH command will hang waiting for user confirmation. You must either pre-populate the known_hosts file or use a plugin/ssh flag to handle it automatically.
Incorrect! Try again.
41In a distributed Jenkins architecture operating across multiple isolated network zones, you need to connect an agent residing in a private subnet (no inbound internet access) to a Jenkins Master in a public cloud. Which connection strategy and configuration is most secure and architecturally appropriate?
Jenkins Foundations: Jenkins architecture (Master/Agent model)
Hard
A.Use the REST API on the Master to push build payloads to a local proxy running on the agent's host.
B.Configure the agent as an Inbound Agent (JNLP/WebSocket) so the agent initiates an outbound connection to the Master's TCP port.
C.Install a Jenkins Master in the private subnet and configure a Master-to-Master plugin for build synchronization.
D.Configure the agent to use SSH (outbound from Master to Agent) by opening port 22 on the agent's firewall.
Correct Answer: Configure the agent as an Inbound Agent (JNLP/WebSocket) so the agent initiates an outbound connection to the Master's TCP port.
Explanation:
In environments where the agent is in a private subnet and cannot accept inbound connections, the Master cannot initiate SSH connections to it. Using an Inbound Agent (formerly JNLP) allows the agent to initiate an outbound TCP/WebSocket connection to the Master, bypassing NAT and inbound firewall restrictions.
Incorrect! Try again.
42When utilizing the Role-Based Strategy plugin for Jenkins security, a user is assigned a Global role with 'Overall/Read' access and an Item role matching the regex ^PROD-.* with 'Job/Build' access. However, the user cannot see any jobs starting with PROD-. What is the most likely cause of this issue?
Jenkins Foundations: Security, users, roles
Hard
A.The Global role needs 'Job/Workspace' permissions for the user to view the jobs.
B.The user must be added to the Jenkins internal directory as an administrator before regex-based roles can take effect.
C.The Item role also requires 'Job/Read' permissions to make the jobs visible, as 'Job/Build' does not implicitly grant read access.
D.The regex ^PROD-.* is invalid in Jenkins Role-Based Strategy and should be PROD-*.
Correct Answer: The Item role also requires 'Job/Read' permissions to make the jobs visible, as 'Job/Build' does not implicitly grant read access.
Explanation:
In Jenkins Role-Based Access Control, permissions are explicitly granted. Having 'Job/Build' allows triggering a build, but without 'Job/Read' (or 'Item/Read' depending on the exact version terminology), the user cannot see the job in the UI to interact with it.
Incorrect! Try again.
43In a Declarative Pipeline, you have a stage that requires a heavy Docker agent to run. You want to execute a when condition based on a branch name before Jenkins provisions the Docker agent, to save compute resources. How can this be achieved?
Jenkins Pipelines: Declarative pipeline syntax
Hard
A.Declare agent none globally and use dockerNode inside the when block.
B.Place the when block outside of the stage block.
C.Include beforeAgent true inside the when directive of that stage.
D.Use a script block with an if statement wrapped around the agent directive.
Correct Answer: Include beforeAgent true inside the when directive of that stage.
Explanation:
By default, the when condition is evaluated after entering the agent for that stage. Adding beforeAgent true tells Jenkins to evaluate the condition first, and if it evaluates to false, the agent is never provisioned, saving resources.
Incorrect! Try again.
44When defining a matrix block in a Declarative Pipeline to test multiple combinations of OS and browsers, you want to skip the combination of OS 'macOS' and browser 'Internet Explorer'. Which syntax correctly prevents this specific cell from executing?
Jenkins Pipelines: Declarative pipeline syntax
Hard
A.Add a when directive at the matrix level with expression { return !(os == 'macOS' && browser == 'IE') }.
B.Use an exclude directive containing an axis block defining the specific name and values to omit.
C.Define an ignoreFailures block for the specific matrix combination.
D.Use the skip directive inside the stages block of the matrix definition.
Correct Answer: Use an exclude directive containing an axis block defining the specific name and values to omit.
Explanation:
Declarative matrix syntax uses an exclude block containing axis definitions to filter out specific combinations from being generated and executed.
Incorrect! Try again.
45You are writing a Scripted Pipeline that dynamically generates parallel execution branches based on an array of environments. You want all parallel branches to finish execution even if one fails, so you can gather complete test results. Which approach guarantees this behavior?
Jenkins Pipelines: Scripted pipeline syntax
Hard
A.Add ignoreErrors: true to the global pipeline options.
B.Use try/catch blocks inside the closure of each dynamically generated branch.
C.Set failFast: false inside the parallel step when passing the map of branches.
D.Wrap the parallel step in a catchError block with buildResult: 'SUCCESS'.
Correct Answer: Use try/catch blocks inside the closure of each dynamically generated branch.
Explanation:
In Scripted Pipeline, failFast: true aborts other branches if one fails, but setting it to false (the default) does not prevent the pipeline itself from failing immediately when a branch propagates an exception. Wrapping the code inside each parallel branch with try/catch (or catchError) is required to trap failures individually and allow all branches to run to completion.
Incorrect! Try again.
46You are utilizing a Jenkins Shared Library and need to load a static configuration file (e.g., config.json) stored in the library's resources folder securely within a sandbox-restricted Scripted Pipeline. Which method is correct and adheres to Jenkins security practices?
Jenkins CI/CD Deployment Flows: Pipeline libraries
Hard
A.Use the libraryResource step: def config = libraryResource 'config.json'
B.Use standard Groovy File I/O: new File('resources/config.json').text
C.Load it via the sh step: def config = sh(script: 'cat resources/config.json', returnStdout: true)
D.Use the @Resource annotation at the top of the Jenkinsfile.
Correct Answer: Use the libraryResource step: def config = libraryResource 'config.json'
Explanation:
The libraryResource step is provided specifically by the Jenkins Shared Library plugin to securely read files from the resources/ directory of the shared library without triggering sandbox security restrictions associated with standard java.io.File usage.
Incorrect! Try again.
47What is a primary functional difference between importing a shared library using the @Library('my-lib') _ annotation versus dynamically loading it using the library 'my-lib' step within a pipeline?
Jenkins CI/CD Deployment Flows: Pipeline libraries
Hard
A.The @Library annotation executes the library in the Groovy Sandbox, while the library step grants the code full script approval.
B.The @Library annotation allows dynamic version picking (e.g., based on build parameters), while the library step requires a statically defined version.
C.The library step can be used conditionally during pipeline execution, while @Library resolves and loads before the script compiles.
D.The @Library annotation cannot load global variables (vars/), whereas the library step can.
Correct Answer: The library step can be used conditionally during pipeline execution, while @Library resolves and loads before the script compiles.
Explanation:
The @Library annotation is evaluated at compile time before the pipeline starts executing, meaning it cannot be loaded conditionally or use runtime parameters for its version. The library step executes at runtime, allowing conditional loading and dynamic version resolution based on variables.
Incorrect! Try again.
48In a Declarative Pipeline, an environment variable APP_ENV is defined in three places: as a global parameter (parameters { string(name: 'APP_ENV', defaultValue: 'dev') }), in the global environment block (environment { APP_ENV = 'qa' }), and inside a specific stage environment block (environment { APP_ENV = 'prod' }). What will be the value of env.APP_ENV when accessed within a script step in that specific stage?
Jenkins Pipelines: Parameters, environment variables
Hard
A.null, as a variable cannot be redeclared at different scopes.
B.prod
C.qa
D.dev
Correct Answer: prod
Explanation:
In Declarative Pipeline, environment variable resolution follows scope precedence. Variables defined in a stage's environment block override those in the global environment block, which in turn override build parameters.
Incorrect! Try again.
49In a Jenkins Multi-branch Pipeline project mapped to a GitHub repository, the 'Orphaned Item Strategy' is configured to discard old items with 'Max # of old items to keep' set to 0. A developer deletes a feature branch on GitHub. What happens to the corresponding Jenkins job and its build history on the next branch indexing?
Jenkins Pipelines: Jenkins multi-branch pipelines
Hard
A.The branch job and all of its build history are immediately deleted from Jenkins.
B.The job is kept, but Jenkins throws an SCMSource anomaly error in the indexing log.
C.The build history is preserved in a 'Deleted Branches' folder, but the job configuration is removed.
D.The job remains active but is marked as 'disabled' because the source branch no longer exists.
Correct Answer: The branch job and all of its build history are immediately deleted from Jenkins.
Explanation:
The Orphaned Item Strategy dictates what happens to Jenkins jobs when their corresponding branches are deleted in the SCM. Setting 'Max # of old items to keep' to 0 instructs Jenkins to immediately delete the orphaned job and all its build history upon the next indexing.
Incorrect! Try again.
50You are implementing Docker-out-of-Docker (DooD) on a Jenkins agent by mounting /var/run/docker.sock into the Jenkins agent container. Which of the following is the most critical security risk associated with this configuration?
Docker and Jenkins Integration: Docker inside Jenkins agents
Hard
B.A compromised Jenkins agent can easily gain root-level access to the underlying host system.
C.Docker API rate limits will be applied to the Jenkins master rather than the agent.
D.The Jenkins agent can saturate the host's network interfaces, leading to a Denial of Service.
Correct Answer: A compromised Jenkins agent can easily gain root-level access to the underlying host system.
Explanation:
Mounting /var/run/docker.sock gives the Jenkins agent container access to the host's Docker daemon. Since the Docker daemon runs as root, a user inside the agent container can spawn a privileged container that mounts the host's root filesystem, effectively granting full root access to the host.
Incorrect! Try again.
51When using docker.image('maven:3-alpine').inside { ... } in a Jenkins Pipeline, how does the Docker Pipeline plugin handle the Jenkins workspace by default?
Docker and Jenkins Integration: Using Docker plugins
Hard
A.It copies the workspace contents via docker cp before execution and copies them back after.
B.It mounts the host's workspace directory as a bind mount into the container using the exact same path.
C.It relies on the JENKINS_HOME environment variable to locate the workspace across the network.
D.It creates an isolated temporary volume for the workspace and discards it after execution.
Correct Answer: It mounts the host's workspace directory as a bind mount into the container using the exact same path.
Explanation:
The image.inside() method automatically mounts the Jenkins agent's workspace directory into the Docker container as a bind mount using the same absolute path. This ensures that SCM checkouts and generated artifacts are directly accessible to both the container and the host agent.
Incorrect! Try again.
52A pipeline uses the docker global variable to push an image to an external registry: docker.withRegistry('https://registry.example.com', 'registry-credentials-id') { ... }. How does the Docker Pipeline plugin manage the credentials during this block?
Docker and Jenkins Integration: Publishing images to Docker Hub/GHCR
Hard
A.It executes docker login, runs the block, and forcefully runs docker logout in a finally block.
B.It injects the credentials as environment variables DOCKER_USER and DOCKER_PASS.
C.It generates a temporary config.json file containing the authentication token and mounts it into the container.
D.It intercepts HTTP requests to the registry and injects the basic authentication headers at the network layer.
Correct Answer: It generates a temporary config.json file containing the authentication token and mounts it into the container.
Explanation:
To prevent credentials from leaking in shell history or environment variables, docker.withRegistry creates a temporary, isolated Docker config.json file with the authentication payload and points the DOCKER_CONFIG environment variable to it during the block's execution.
Incorrect! Try again.
53In a Continuous Deployment pipeline, multiple commits might trigger concurrent builds. You want to ensure that an older build that took longer to test does not overwrite a deployment from a newer build that finished faster. Which Declarative Pipeline step/feature natively provides this concurrency control?
Jenkins CI/CD Deployment Flows: Deployments to servers/clouds
Hard
A.Setting disableConcurrentBuilds() in the options directive.
B.The milestone step placed at critical boundaries.
C.The lock step around the deployment stage.
D.The throttleConcurrentBuilds property in the stage block.
Correct Answer: The milestone step placed at critical boundaries.
Explanation:
The milestone step prevents older builds from overriding newer ones. If a newer build passes a milestone, any older concurrent build that later reaches that same milestone will be automatically aborted.
Incorrect! Try again.
54Jenkins is configured to trigger a build via a GitHub Webhook. If GitHub sends two push events for the exact same commit hash simultaneously, and the job is currently not running, how does the Jenkins quiet period and queue mechanism handle this?
Jenkins CI/CD Deployment Flows: Triggering builds (pollSCM, webhook)
Hard
A.Jenkins merges the two identical webhook requests in the queue and starts only one build.
B.Jenkins rejects the second webhook payload with a 409 Conflict status.
C.Jenkins immediately starts two parallel builds because webhooks bypass the quiet period.
D.Jenkins starts the first build, and the second webhook triggers a build only after the first one successfully completes.
Correct Answer: Jenkins merges the two identical webhook requests in the queue and starts only one build.
Explanation:
When multiple requests to build the exact same job with the same parameters (or exact same commit in SCM triggering) enter the queue during the quiet period, Jenkins' default queue optimization merges them into a single build to avoid redundant executions.
Incorrect! Try again.
55During a Maven build stage (sh 'mvn clean test'), some tests fail, causing the step to return a non-zero exit code. You still want the pipeline to proceed to the next stage to publish JUnit test reports but ultimately mark the build as unstable/failed. Which scripted syntax correctly handles this?
Jenkins and Maven: Code coverage & test reports
Hard
C.Append || true to the shell command: sh 'mvn clean test || true' and let Jenkins parse the results automatically.
D.Use warnError('Tests failed') { sh 'mvn clean test' } which halts execution but publishes reports.
Correct Answer: Use catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { sh 'mvn clean test' }
Explanation:
catchError allows the pipeline to catch the shell step failure (non-zero exit code), continue executing subsequent steps (like publishing test reports), and appropriately sets the build and stage results. Using || true masks the failure entirely, while try/finally requires manual manipulation of exceptions and build status.
Incorrect! Try again.
56When performing a live backup of the JENKINS_HOME directory via filesystem snapshots (e.g., LVM or ZFS) while jobs are actively running, which specific subdirectory is most prone to data corruption or inconsistent states upon restoration?
Jenkins Foundations: Backup & restore
Hard
A.userContent/
B.plugins/
C.jobs/<job_name>/builds/
D.secrets/
Correct Answer: jobs/<job_name>/builds/
Explanation:
The builds/ directory contains active build logs and states being continuously written to disk. Taking a snapshot without putting Jenkins into 'Quiet Down' mode can capture this directory in a mid-write state, leading to broken builds or corrupted logs upon restoration.
Incorrect! Try again.
57A Jenkins Declarative Pipeline specifies tools { maven 'Maven-3.8' }. The Jenkins master has this tool configured to auto-install via Apache. However, the build runs on a Windows agent where executing shell scripts is not natively supported. How does Jenkins handle the Maven installation on the Windows agent?
Jenkins and Maven: Global tool configuration
Hard
A.Jenkins uses Java to download, extract the zip/tarball, and correctly configures the PATH and M2_HOME environment variables regardless of the OS.
B.The build stalls indefinitely because Jenkins attempts to execute mvn instead of mvn.cmd.
C.Jenkins pushes an MSI installer to the Windows agent and attempts silent installation.
D.Jenkins fails the build because the auto-installer relies on bash scripts to unpack tarballs.
Correct Answer: Jenkins uses Java to download, extract the zip/tarball, and correctly configures the PATH and M2_HOME environment variables regardless of the OS.
Explanation:
Jenkins' Global Tool Configuration auto-installers are implemented in Java. When Jenkins provisions a tool on an agent, it downloads and extracts the binaries natively using the JVM, making it OS-agnostic, and correctly maps the environment variables for the agent's OS.
Incorrect! Try again.
58You have an upstream job 'Build-Core' that archives a .jar artifact and a downstream job 'Deploy-Core' that retrieves it using the Copy Artifact plugin. To ensure end-to-end traceability of where a specific .jar version was deployed, what must be configured?
Jenkins Pipelines: Pipeline Stages: Managing artifacts
Hard
A.Store the .jar in an external Nexus repository and poll the repository from the downstream job.
B.Enable 'Fingerprint all archived artifacts' in the upstream job and use the fingerprint step in the downstream job after copying.
C.Use the archiveArtifacts step in the downstream job to overwrite the original artifact metadata.
D.Configure 'Keep this build forever' on both the upstream and downstream jobs.
Correct Answer: Enable 'Fingerprint all archived artifacts' in the upstream job and use the fingerprint step in the downstream job after copying.
Explanation:
Fingerprinting creates a MD5 checksum of an artifact. By recording this fingerprint in both the upstream job (when it is created) and the downstream job (when it is used/copied), Jenkins maintains a database of exactly which build produced the artifact and which builds utilized it, providing end-to-end traceability.
Incorrect! Try again.
59When provisioning dynamic container-based Jenkins agents using the Kubernetes plugin, you notice the pod starts, but Jenkins immediately terminates the pod after 100 seconds with an 'Agent offline' error. The pod logs show that your custom build container completed its initial command. What is the fundamental misconfiguration?
Jenkins CI/CD Deployment Flows: Jenkins agents (SSH/SFTP/Container-based)
Hard
A.The Jenkins master URL configured in the Kubernetes plugin uses HTTP instead of HTTPS.
B.The pod lacks a jnlp container or the custom container did not override the entrypoint to run the Jenkins remoting agent.
C.The custom container must expose port 22 and start an SSH daemon to allow the Jenkins master to connect.
D.The Kubernetes Service Account used by Jenkins lacks pods/exec permissions.
Correct Answer: The pod lacks a jnlp container or the custom container did not override the entrypoint to run the Jenkins remoting agent.
Explanation:
Jenkins requires a remoting agent (usually named jnlp) running inside the Kubernetes pod to establish communication with the master. If the pod does not include this agent process, or if a custom container overrides the default behavior without initiating the remoting jar, the master cannot connect and will terminate the unresponsive pod.
Incorrect! Try again.
60To secure Jenkins from unauthorized payload spoofing via GitHub webhooks, you configure an HMAC secret in the GitHub App/Webhook settings. How does the Jenkins GitHub plugin validate this incoming payload?
Docker and Jenkins Integration: Jenkins and GitHub integration
Hard
A.It computes the SHA-256 hash of the payload body using the configured shared secret and compares it to the X-Hub-Signature-256 header.
B.It extracts the OAuth token from the payload and authenticates against the GitHub API.
C.It decrypts the payload body using its private SSL key.
D.It makes a synchronous API call back to GitHub to confirm the payload's origin before triggering the build.
Correct Answer: It computes the SHA-256 hash of the payload body using the configured shared secret and compares it to the X-Hub-Signature-256 header.
Explanation:
When a webhook secret is configured, GitHub signs the payload using an HMAC hex digest and sends it in the X-Hub-Signature-256 header. The Jenkins GitHub plugin recalculates the hash of the received payload using its stored secret and verifies that the signatures match, confirming authenticity.