ExamGecko
Home / Linux Foundation / CKS / List of questions
Ask Question

Linux Foundation CKS Practice Test - Questions Answers, Page 5

List of questions

Question 41

Report
Export
Collapse

Linux Foundation CKS image Question 41 51519 09182024213140000000

Context

A default-deny NetworkPolicy avoids to accidentally expose a Pod in a namespace that doesn't have any other NetworkPolicy defined.

Task

Create a new default-deny NetworkPolicy named defaultdeny in the namespace testing for all traffic of type Egress.

The new NetworkPolicy must deny all Egress traffic in the namespace testing.

Apply the newly created default-deny NetworkPolicy to all Pods running in namespace testing.

Linux Foundation CKS image Question 41 51519 09182024213140000000

Become a Premium Member for full access
  Unlock Premium Member

Question 42

Report
Export
Collapse

Context

Linux Foundation CKS image Question 42 51520 09182024213140000000

A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.

Task

Create a new PodSecurityPolicy named prevent-psp-policy,which prevents the creation of privileged Pods.

Create a new ClusterRole named restrict-access-role, which uses the newly created PodSecurityPolicy prevent-psp-policy.

Create a new ServiceAccount named psp-restrict-sa in the existing namespace staging.

Finally, create a new ClusterRoleBinding named restrict-access-bind, which binds the newly created ClusterRole restrict-access-role to the newly created ServiceAccount psp-restrict-sa.

Linux Foundation CKS image Question 42 51520 09182024213140000000

Become a Premium Member for full access
  Unlock Premium Member

Question 43

Report
Export
Collapse

Linux Foundation CKS image Question 43 51521 09182024213140000000

Task

Analyze and edit the given Dockerfile /home/candidate/KSSC00301/Docker file (based on the ubuntu:16.04 image), fixing two instructions present in the file that are prominent security/bestpractice issues.

Analyze and edit the given manifest file /home/candidate/KSSC00301/deployment.yaml, fixing two fields present in the file that are prominent security/best-practice issues.

Linux Foundation CKS image Question 43 51521 09182024213140000000

Linux Foundation CKS image Question 43 51521 09182024213140000000

Become a Premium Member for full access
  Unlock Premium Member

Question 44

Report
Export
Collapse

Linux Foundation CKS image Question 44 51522 09182024213140000000

Context

The kubeadm-created cluster's Kubernetes API server was, for testing purposes, temporarily configured to allow unauthenticated and unauthorized access granting the anonymous user dusteradmin access.

Task

Reconfigure the cluster's Kubernetes API server to ensure that only authenticated and authorized REST requests are allowed.

Use authorization mode Node,RBAC and admission controller NodeRestriction.

Cleaning up, remove the ClusterRoleBinding for user system:anonymous.

Linux Foundation CKS image Question 44 51522 09182024213140000000

Linux Foundation CKS image Question 44 51522 09182024213140000000

Become a Premium Member for full access
  Unlock Premium Member
Total 44 questions
Go to page: of 5

Related questions