U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 20 Discussion

A container image scanner is set up on the cluster.Given an incomplete configuration in the directory
A) 1. Enable the admission plugin. 2. Validate the control configuration and change it to implicit deny. Finally, test the configuration by deploying the pod having the image tag as latest.

Linux Foundation CKS Exam - Topic 1 Question 20 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 20
Topic #: 1
[All CKS Questions]

A container image scanner is set up on the cluster.

Given an incomplete configuration in the directory

Show Suggested Answer Hide Answer
Suggested Answer: A

by Malcolm at May 10, 2022, 02:02 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mozell
8 months ago
Not sure if testing with latest is a good idea, though.
upvoted 0 times
...
India
8 months ago
I think enabling the admission plugin is a must.
upvoted 0 times
...
Robt
8 months ago
Wait, deploying with the latest tag? Isn't that risky?
upvoted 0 times
...
Genevive
8 months ago
Implicit deny is definitely the way to go!
upvoted 0 times
...
Bok
8 months ago
Sounds like a solid plan to secure the cluster.
upvoted 0 times
...
Chaya
8 months ago
I feel like I’ve seen a similar scenario before, but I can't recall if we needed to specify any additional parameters for the admission plugin to work correctly.
upvoted 0 times
...
Letha
8 months ago
I remember a practice question where we had to set up image scanning, and I think changing to implicit deny is crucial for security.
upvoted 0 times
...
Annette
8 months ago
I think enabling the admission plugin is the first step, but I'm not entirely sure how to validate the control configuration.
upvoted 0 times
...
Hermila
9 months ago
Testing with the 'latest' tag sounds familiar, but I’m a bit confused about how that interacts with the admission plugin.
upvoted 0 times
...
Timmy
9 months ago
Okay, let me see here. I remember learning about these system services, but I'm drawing a blank on which one uses the hosts.allow file. I'll have to carefully consider each option and try to eliminate the ones that don't fit.
upvoted 0 times
...
Fernanda
9 months ago
I think the key is to maintain control over the encryption keys. That way, you can be sure the data is completely removed when you need to.
upvoted 0 times
...
Anisha
9 months ago
I think one disadvantage could be the setup and maintenance costs, but I'm not entirely sure if there's more to it.
upvoted 0 times
...
Shelba
9 months ago
Okay, I think I've got this. The question is asking us to design a network that only allows the frontend application to access the backend database. So, creating separate VPC networks and connecting them with VPC peering or Cloud VPN seems like the most secure approach to me. I'm going with option C.
upvoted 0 times
...

Save Cancel