ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
Where can a user submit an external new feature request?
What should be used to associate Prisma Cloud policies with compliance frameworks?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question 68 - PCCSE discussion

Report
Export

Review this admission control policy:

match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods'

input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged'

}

Which response to this policy will be achieved when the effect is set to ''block''?

A.
The policy will block all pods on a Privileged host.
Answers
A.
The policy will block all pods on a Privileged host.
B.
The policy will replace Defender with a privileged Defender.
Answers
B.
The policy will replace Defender with a privileged Defender.
C.
The policy will alert only the administrator when a privileged pod is created.
Answers
C.
The policy will alert only the administrator when a privileged pod is created.
D.
The policy will block the creation of a privileged pod.
Answers
D.
The policy will block the creation of a privileged pod.
Suggested answer: D

Explanation:

The given admission control policy is designed to evaluate pod creation requests in a Kubernetes environment, specifically targeting the creation of privileged pods, which can pose significant security risks.

Option D: The policy will block the creation of a privileged pod is the correct answer when the effect of the policy is set to ''block''. In this context, the policy's logic checks if a pod being created is set to run in privileged mode (a high-risk configuration that grants the pod extended system privileges). If such a configuration is detected, the policy triggers an action to block the pod's creation, thereby preventing the deployment of privileged pods that could undermine the security posture of the Kubernetes environment.

Kubernetes Admission Controllers Documentation: Provides a comprehensive overview of admission controllers in Kubernetes, including how they can be used to enforce policy decisions, such as preventing the creation of privileged pods.

Best Practices for Kubernetes Security: Discusses the importance of admission control policies in maintaining the security and integrity of Kubernetes environments, with specific emphasis on the risks associated with privileged pods.

Show Answer
asked 23/09/2024
daniel valdera carrasco
42 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms