New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CKS Certified Kubernetes Security Specialist (CKS) Questions and Answers

Questions 4

Create a network policy named allow-np, that allows pod in the namespace staging to connect to port 80 of other pods in the same namespace.

Ensure that Network Policy:-

1. Does not allow access to pod not listening on port 80.

2. Does not allow access from Pods, not in namespace staging.

Options:

Buy Now
Questions 5

Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted.

Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim.

Create a new ServiceAccount named psp-sa in the namespace restricted.

Create a new ClusterRole named psp-role, which uses the newly created Pod Security Policy prevent-volume-policy

Create a new ClusterRoleBinding named psp-role-binding, which binds the created ClusterRole psp-role to the created SA psp-sa.

Hint:

Also, Check the Configuration is working or not by trying to Mount a Secret in the pod maifest, it should get failed.

POD Manifest:

  • apiVersion: v1
  • kind: Pod
  • metadata:
  • name:
  • spec:
  • containers:
  • - name:
  • image:
  • volumeMounts:
  • - name:
  • mountPath:
  • volumes:
  • - name:
  • secret:
  • secretName:

Options:

Buy Now
Questions 6

CKS Question 6

Task

Create a NetworkPolicy named pod-access to restrict access to Pod users-service running in namespace dev-team.

Only allow the following Pods to connect to Pod users-service:

CKS Question 6Pods in the namespace qa

CKS Question 6Pods with label environment: testing, in any namespace

CKS Question 6

CKS Question 6

Options:

Buy Now
Questions 7

CKS Question 7

Context

Your organization’s security policy includes:

  • ServiceAccounts must not automount API credentials
  • ServiceAccount names must end in "-sa"

The Pod specified in the manifest file /home/candidate/KSCH00301 /pod-m

nifest.yaml fails to schedule because of an incorrectly specified ServiceAccount.

Complete the following tasks:

Task

1. Create a new ServiceAccount named frontend-sa in the existing namespace qa. Ensure the ServiceAccount does not automount API credentials.

2. Using the manifest file at /home/candidate/KSCH00301 /pod-manifest.yaml, create the Pod.

3. Finally, clean up any unused ServiceAccounts in namespace qa.

Options:

Buy Now
Exam Code: CKS
Exam Name: Certified Kubernetes Security Specialist (CKS)
Last Update: Dec 19, 2024
Questions: 48

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now CKS testing engine

PDF (Q&A)

$36.75  $104.99
buy now CKS pdf