Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

  1. Home
  2. Linux Foundation
  3. Kubernetes Security Specialist
  4. CKS
  5. Certified Kubernetes Security Specialist (CKS) Questions and Answers

CKS Certified Kubernetes Security Specialist (CKS) Questions and Answers

Questions 4

Create a network policy named allow-np, that allows pod in the namespace staging to connect to port 80 of other pods in the same namespace.

Ensure that Network Policy:-

1. Does not allow access to pod not listening on port 80.

2. Does not allow access from Pods, not in namespace staging.

Options:

Buy Now
Questions 5

Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted.

Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim.

Create a new ServiceAccount named psp-sa in the namespace restricted.

Create a new ClusterRole named psp-role, which uses the newly created Pod Security Policy prevent-volume-policy

Create a new ClusterRoleBinding named psp-role-binding, which binds the created ClusterRole psp-role to the created SA psp-sa.

Hint:

Also, Check the Configuration is working or not by trying to Mount a Secret in the pod maifest, it should get failed.

POD Manifest:

  • apiVersion: v1
  • kind: Pod
  • metadata:
  • name:
  • spec:
  • containers:
  • - name:
  • image:
  • volumeMounts:
  • - name:
  • mountPath:
  • volumes:
  • - name:
  • secret:
  • secretName:

Options:

Buy Now
Questions 6

CKS Question 6

Task

Create a NetworkPolicy named pod-access to restrict access to Pod users-service running in namespace dev-team.

Only allow the following Pods to connect to Pod users-service:

CKS Question 6Pods in the namespace qa

CKS Question 6Pods with label environment: testing, in any namespace

CKS Question 6

CKS Question 6

Options:

Buy Now
Questions 7

CKS Question 7

Context

Your organization’s security policy includes:

  • ServiceAccounts must not automount API credentials
  • ServiceAccount names must end in "-sa"

The Pod specified in the manifest file /home/candidate/KSCH00301 /pod-m

nifest.yaml fails to schedule because of an incorrectly specified ServiceAccount.

Complete the following tasks:

Task

1. Create a new ServiceAccount named frontend-sa in the existing namespace qa. Ensure the ServiceAccount does not automount API credentials.

2. Using the manifest file at /home/candidate/KSCH00301 /pod-manifest.yaml, create the Pod.

3. Finally, clean up any unused ServiceAccounts in namespace qa.

Options:

Buy Now
Exam Code: CKS
Exam Name: Certified Kubernetes Security Specialist (CKS)
Last Update: Nov 13, 2024
Questions: 48

PDF + Testing Engine

$64  $159.99
buy now CKS pdf + testing engine

Testing Engine

$48  $119.99
buy now CKS testing engine

PDF (Q&A)

$40  $99.99
buy now CKS pdf