U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 13 Discussion

Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress traffic
A) Explanation: You can create a 'default' isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any ingress traffic to those pods. --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-ingress spec: podSelector: {} policyTypes: - Ingress You can create a 'default' egress isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any egress traffic from those pods. --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-egress spec: podSelector: {} egress: - {} policyTypes: - Egress Default deny all ingress and all egress traffic You can create a 'default' policy for a namespace which prevents all ingress AND egress traffic by creating the following NetworkPolicy in that namespace. --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all spec: podSelector: {} policyTypes: - Ingress - Egress This ensures that even pods that aren't selected by any other NetworkPolicy will not be allowed ingress or egress traffic.

Linux Foundation CKS Exam - Topic 1 Question 13 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 13
Topic #: 1
[All CKS Questions]

Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress traffic

Show Suggested Answer Hide Answer
Suggested Answer: A

by Glendora at May 05, 2022, 03:33 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Theola
8 months ago
This is a solid approach for security, no doubt!
upvoted 0 times
...
Svetlana
8 months ago
Sounds good, but what if we need some pods to talk later?
upvoted 0 times
...
Felicia
8 months ago
Wait, does that mean no pods can communicate at all?
upvoted 0 times
...
Vilma
8 months ago
Totally agree, that's the way to lock it down!
upvoted 0 times
...
Georgeanna
8 months ago
Just create a NetworkPolicy with empty podSelector to deny all traffic.
upvoted 0 times
...
Cassi
8 months ago
I'm a bit confused about the naming convention. Should we call it "deny-all" or something else? I feel like I saw different names in the examples.
upvoted 0 times
...
Andree
8 months ago
I believe we just need to set the podSelector to an empty object and specify both Ingress and Egress in policyTypes, right?
upvoted 0 times
...
Carlee
8 months ago
I remember practicing a similar question where we had to allow specific traffic, but this one feels different since we're denying everything.
upvoted 0 times
...
Lamar
9 months ago
I think we need to create a NetworkPolicy that denies both ingress and egress, but I'm not entirely sure about the syntax.
upvoted 0 times
...
Lindsay
9 months ago
Okay, I've got a good handle on Logstash's functionality. I think I can identify the three tasks it can fulfill without other Elastic Stack components.
upvoted 0 times
...
Micah
9 months ago
The high court's stamp duty valuation of 4.90 lakh seems important. I'll use that figure in my calculations, not the initial 5.75 lakh.
upvoted 0 times
...
Norah
9 months ago
Okay, the key here is the "boot identity not valid" error. That tells me I need to update the credentials in the boot identity file. Option B looks like the way to go.
upvoted 0 times
...

Save Cancel