New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 10 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 10
Topic #: 1
[All CKS Questions]

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context dev

Context:

A CIS Benchmark tool was run against the kubeadm created cluster and found multiple issues that must be addressed.

Task:

Fix all issues via configuration and restart the affected components to ensure the new settings take effect.

Fix all of the following violations that were found against the API server:

1.2.7authorization-modeargument is not set toAlwaysAllow FAIL

1.2.8authorization-modeargument includesNode FAIL

1.2.7authorization-modeargument includesRBAC FAIL

Fix all of the following violations that were found against the Kubelet:

4.2.1 Ensure that theanonymous-auth argumentis set to false FAIL

4.2.2authorization-modeargument is not set to AlwaysAllow FAIL (UseWebhookautumn/authz where possible)

Fix all of the following violations that were found against etcd:

2.2 Ensure that theclient-cert-authargument is set to true

Show Suggested Answer Hide Answer
Suggested Answer: A

by Merlyn at May 08, 2022, 03:41 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Glory
4 months ago
I thought client-cert-auth was optional, guess I was wrong!
upvoted 0 times
...
Miss
5 months ago
Just fixed the anonymous-auth setting, feels good!
upvoted 0 times
...
Anissa
5 months ago
Wait, are we really using Node in the authorization-mode? That seems risky.
upvoted 0 times
...
Mitsue
5 months ago
Totally agree, AlwaysAllow is a big no-no!
upvoted 0 times
...
Marguerita
5 months ago
The authorization-mode needs to be set correctly for security.
upvoted 0 times
...
Cristal
5 months ago
I feel like we had a similar question in our last mock exam about kubelet settings, but I can't remember if we had to restart the kubelet after making changes.
upvoted 0 times
...
Darnell
5 months ago
I definitely remember that we need to set client-cert-auth to true for etcd, but I hope I don't mix up the file paths again.
upvoted 0 times
...
Elfrieda
5 months ago
I think the authorization modes for the API server should be set correctly, but I can't recall if we need to include both Node and RBAC or just one of them.
upvoted 0 times
...
Lili
5 months ago
I remember we practiced changing the kubelet configuration, but I'm unsure about the exact syntax for disabling anonymous authentication.
upvoted 0 times
...
Tony
5 months ago
This seems like a straightforward question. I'd focus on user desirability, company viability, and deployment stability to assess the feasibility of the solution.
upvoted 0 times
...
Nidia
5 months ago
Hmm, I'm a bit unsure about this one. Matching rules can be tricky, so I'll need to review my notes to make sure I understand the different conditions.
upvoted 0 times
...
Milly
5 months ago
This question seems straightforward to me. The key is that a passive approach has been selected, so the next step should be to identify the performance measures. I'm going with A.
upvoted 0 times
...
Lisandra
5 months ago
I'm leaning towards B as well. The Ethereum protocol is the core requirement, and the JSON-RPC seems to be the standard way for clients to interact with the nodes. I feel good about this one.
upvoted 0 times
...

Save Cancel