- 42 Actual Exam Questions
- Compatible with all Devices
- Printable Format
- No Download Limits
- 90 Days Free Updates
Get All Red Hat Certified Specialist in OpenShift Automation and Integration Exam Questions with Validated Answers
| Vendor: | RedHat |
|---|---|
| Exam Code: | EX380 |
| Exam Name: | Red Hat Certified Specialist in OpenShift Automation and Integration |
| Exam Questions: | 42 |
| Last Updated: | July 9, 2026 |
| Related Certifications: | Red Hat Openshift Certifications |
| Exam Tags: |
Looking for a hassle-free way to pass the RedHat Red Hat Certified Specialist in OpenShift Automation and Integration exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by RedHat certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!
DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our RedHat EX380 exam questions give you the knowledge and confidence needed to succeed on the first attempt.
Train with our RedHat EX380 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.
Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the RedHat EX380 exam, we’ll refund your payment within 24 hours no questions asked.
Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s RedHat EX380 exam dumps today and achieve your certification effortlessly!
SIMULATION
Task SIMULATION 8
Create and use a service account token via kubeconfig
Task Information: Create SA ci-bot in ci namespace and generate a kubeconfig that authenticates using its token.
Create namespace and service account
oc new-project ci
oc -n ci create sa ci-bot
The SA will represent automation access.
Grant permissions (example: edit in namespace)
oc -n ci policy add-role-to-user edit system:serviceaccount:ci:ci-bot
Without permissions, token auth succeeds but API actions are denied.
Generate token (TokenRequest)
TOKEN=$(oc -n ci create token ci-bot)
OCP issues a short-lived token by default (good practice).
Create kubeconfig using the token
oc config set-cluster lab --server='$(oc whoami --show-server)' \
--insecure-skip-tls-verify=true --kubeconfig=ci-bot.kubeconfig
oc config set-credentials ci-bot --token='$TOKEN' --kubeconfig=ci-bot.kubeconfig
oc config set-context ci --cluster=lab --user=ci-bot --namespace=ci \
--kubeconfig=ci-bot.kubeconfig
oc config use-context ci --kubeconfig=ci-bot.kubeconfig
This produces a self-contained kubeconfig for CI automation.
Test access
oc --kubeconfig=ci-bot.kubeconfig get pods
==========
SIMULATION
Task SIMULATION 10
Kubeconfig Management -- Set Context in Kubeconfig
Step 1: Verify the cluster name, namespace, and user name that should be referenced.
The lab uses cluster api-ocp4-example-com:6443, namespace audit-ns, and user audit-sa.
Step 2: Run the command:
oc config set-context audit --cluster api-ocp4-example-com:6443 --namespace audit-ns --user audit-sa --kubeconfig audit.config
Step 3: Confirm context creation.
The lab output shows:
Context 'audit' created.
Detailed explanation:
A kubeconfig context ties together three things: a cluster endpoint, a user identity, and optionally a default namespace. This Task creates a context named audit in the file audit.config. Contexts are useful because they simplify repeated administration by letting the user switch between prepared working environments instead of re-entering cluster and namespace details each time. The namespace portion is especially helpful for project-scoped operations, because commands run under that context default to the chosen namespace. Accuracy matters here: if the user name in the context does not match the credentials entry or the cluster name does not exist in the kubeconfig, the context will not function as intended.
============
SIMULATION
Task SIMULATION 7
Service Accounts and RBAC -- Grant Cluster Reader Role
Step 1: Confirm the service account exists in auth-audit.
It must exist before a role can be assigned to it.
Step 2: Run the command:
oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:auth-audit:audit
Step 3: Verify the binding is added.
The lab output shows:
clusterrole.rbac.authorization.k8s.io/cluster-reader added: 'system:serviceaccount:auth-audit:audit'
Detailed explanation:
This binds the cluster-reader cluster role to the audit service account. The full subject format system:serviceaccount:namespace:name is required because OpenShift RBAC needs the exact service account identity. The cluster-reader role is broader than a project-scoped view role because it allows read-level access across cluster resources. This is appropriate for auditing or inspection use cases where the account must observe but not modify. The distinction between cluster roles and namespaced roles is important: cluster roles apply to non-namespaced resources and broad cluster visibility, while local roles are limited to individual projects. This Task is a classic RBAC operation that combines identity creation with controlled privilege assignment.
============
SIMULATION
Task SIMULATION 7
Configure RBAC roles with users and groups
Task Information: Grant edit to group dev-team in namespace payments, and grant view to user auditor1.
Create (or switch to) the project
oc new-project payments
Namespace must exist before applying rolebindings.
Grant edit to the group
oc -n payments policy add-role-to-group edit dev-team
Members of dev-team can modify most resources in payments.
Grant view to a user
oc -n payments policy add-role-to-user view auditor1
auditor1 can read resources but not change them.
Verify rolebindings
oc -n payments get rolebinding
==========
SIMULATION
Task SIMULATION 28
Deploy Event Router and capture Kubernetes events in logging
Task Information: Deploy an event router so Kubernetes events are recorded as logs, then trigger events and confirm they appear in logging queries.
Deploy event router resources
Apply a deployment/serviceaccount/rolebinding manifest for eventrouter:
oc apply -f eventrouter.yaml -n openshift-logging
Eventrouter watches event API and writes them to stdout (collected by logging).
Verify eventrouter pod is running
oc -n openshift-logging get pods | grep -i event
Trigger some events
oc -n default run evtest --image=busybox --restart=Never -- sleep 1
oc -n default delete pod evtest
Creation/deletion generates events.
Query logs for events
In the logging UI/backend, search for the namespace/pod name evtest or eventrouter messages.
Security & Privacy
Satisfied Customers
Committed Service
Money Back Guranteed