Build fluency in the vocabulary of expressing authorization and admission rules as declarative policy.
0 / 5 completed
1 / 5
A teammate explains that an authorization decision, like whether a given Kubernetes deployment manifest is allowed to run without a resource limit set, is expressed as a declarative rule written in Rego and evaluated by the Open Policy Agent engine, rather than being hard-coded as an if-statement scattered across each service that needs to enforce it. What policy-engine language is being described?
OPA, the Open Policy Agent, evaluates authorization decisions expressed as declarative rules written in Rego, its purpose-built policy language, against structured input, so a rule like 'reject any Kubernetes deployment with no resource limit set' lives in one shared, testable policy definition instead of being hard-coded as an if-statement duplicated across every service that needs to enforce it. A DNS zone transfer is an unrelated concept about replicating name server records. This declarative-rules-evaluated-by-a-shared-engine approach is exactly why OPA/Rego is favored because it centralizes authorization and admission-control logic into one testable, version-controlled policy instead of scattering it across many services' code.
2 / 5
During a design review, the team adopts OPA/Rego policy for a Kubernetes admission controller that must reject any deployment manifest missing a resource limit, specifically so that rule is enforced consistently across every team's deployments from one shared, testable policy definition. Which capability does this provide?
OPA/Rego policy here provides centralized, testable policy enforcement, since the resource-limit rule lives in one Rego policy evaluated by OPA rather than being duplicated as an if-statement inside every team's deployment tooling. Hard-coding the resource-limit check as an if-statement duplicated inside every team's own deployment script, where it can drift out of sync between teams is the alternative this avoids. This behavior is exactly why OPA/Rego policy is favored in this kind of scenario.
3 / 5
In a code review, a dev notices a resource-limit requirement is hard-coded as an if-statement duplicated inside each team's own deployment script, and the rule has drifted out of sync between teams, instead of being expressed as one shared OPA/Rego policy enforced consistently by an admission controller. What does this represent?
This is a missed OPA/Rego policy-opportunity, since an OPA/Rego policy would enforce the rule consistently from one shared definition instead of leaving it duplicated and drifting across each team's own script. A cache eviction policy is an unrelated concept about discarded cache entries. This pattern is exactly the kind of gap a reviewer flags once the tradeoffs are understood.
4 / 5
An incident report shows a production incident traced back to a deployment that had no resource limit set, escaping detection because the resource-limit check had been duplicated as an if-statement inside each team's own deployment script and one team's copy of the check had silently drifted out of sync with the rest. What practice would prevent this?
Centralizing the resource-limit rule into one OPA/Rego policy enforced consistently by a Kubernetes admission controller, instead of leaving it duplicated across each team's own script. Continuing the prior approach regardless of the risk it has already caused is exactly what led to the incident described here. This fix is the standard remedy once the root cause is confirmed.
5 / 5
During a PR review, a teammate asks why the team reaches for OPA/Rego policy instead of a hard-coded if-statement duplicated inside each team's own deployment tooling. What is the reasoning?
OPA/Rego trades the learning curve of a purpose-built policy language for centralized, consistently enforced, and independently testable policy, while a hard-coded if-statement is simpler to write inline but drifts out of sync once duplicated across multiple services or teams. This is exactly why OPA/Rego policy is favored when a policy must be enforced consistently across many services or teams, while a hard-coded if-statement duplicated inside each team's own deployment tooling remains acceptable when the rule applies to exactly one service and is unlikely to need to be shared or kept consistent elsewhere.
What does the "OPA/Rego Policy Vocabulary" vocabulary exercise cover?
This exercise tests real IT vocabulary related to opa/rego policy vocabulary through 5 multiple-choice questions, each built from realistic workplace sentences rather than abstract definitions.
Is this vocabulary exercise free to use?
Yes. Every exercise on CoderSlingo, including this one, is completely free — no account, sign-up, or payment required.
How many questions does this exercise have?
This exercise has 5 questions. Each one shows a real-world sentence or scenario with multiple-choice options and an explanation once you answer.
What happens after I answer a question?
You'll see immediate feedback showing whether your answer was correct, along with a short explanation of why — then a button to move to the next question, and a full results screen at the end.
Can I retry the exercise if I get questions wrong?
Yes. Once you reach the results screen, click "Try again" to reset your answers and go through the exercise from the start as many times as you like.
Do I need to create an account to take this exercise?
No account is needed. Your answers are scored in your browser during the session — nothing is saved to a server, so you can jump straight in.
Is my progress saved if I leave the page?
No — progress within an exercise resets if you navigate away or reload. Each exercise is short enough to complete in a few minutes in one sitting.
Are these vocabulary exercises connected to other topics?
Yes — browse the full vocabulary exercises hub to find related modules covering adjacent IT topics and roles.
How is this different from reading a glossary or blog article?
Exercises like this one are active recall drills — you have to choose the correct term or phrasing yourself, which builds retention faster than passively reading a definition.
Where can I find more vocabulary exercises?
Browse the full Vocabulary exercises hub for hundreds of modules covering Agile, DevOps, security, databases, architecture, and more — organised by IT role and skill.