U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 27 Discussion

You must complete this task on the following cluster/nodes:Cluster:apparmorMaster node:masterWorker node:worker1You can switch the cluster/configuration context using the following command:[desk@cli] $kubectl config use-context apparmorGiven: AppArmor is enabled on the worker1 node.Task:On the worker1 node,1. Enforce the prepared AppArmor profile located at:/etc/apparmor.d/nginx2. Edit the prepared manifest file located at/home/cert_masters/nginx.yamlto apply the apparmor profile3. Create the Pod using this manifest
A) Explanation: [desk@cli] $ssh worker1 [worker1@cli] $apparmor_parser -q /etc/apparmor.d/nginx [worker1@cli] $aa-status | grep nginx nginx-profile-1 [worker1@cli] $logout [desk@cli] $vim nginx-deploy.yaml Add these lines under metadata: annotations: # Add this line container.apparmor.security.beta.kubernetes.io/<container-name>: localhost/nginx-profile-1 [desk@cli] $kubectl apply -f nginx-deploy.yaml Explanation [desk@cli] $ssh worker1 [worker1@cli] $apparmor_parser -q /etc/apparmor.d/nginx [worker1@cli] $aa-status | grep nginx nginx-profile-1 [worker1@cli] $logout [desk@cli] $vim nginx-deploy.yaml [desk@cli] $kubectl apply -f nginx-deploy.yaml pod/nginx-deploy created Reference:https://kubernetes.io/docs/tutorials/clusters/apparmor/ pod/nginx-deploy created [desk@cli] $kubectl apply -f nginx-deploy.yaml pod/nginx-deploy created Reference:https://kubernetes.io/docs/tutorials/clusters/apparmor/

Linux Foundation CKS Exam - Topic 1 Question 27 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 27
Topic #: 1
[All CKS Questions]

You must complete this task on the following cluster/nodes:

Cluster:apparmor

Master node:master

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context apparmor

Given: AppArmor is enabled on the worker1 node.

Task:

On the worker1 node,

1. Enforce the prepared AppArmor profile located at:/etc/apparmor.d/nginx

2. Edit the prepared manifest file located at/home/cert_masters/nginx.yamlto apply the apparmor profile

3. Create the Pod using this manifest

Show Suggested Answer Hide Answer
Suggested Answer: A

by Kenneth at Jul 22, 2022, 03:00 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lizbeth
7 months ago
I’m surprised it’s that straightforward to set up!
upvoted 0 times
...
Oren
8 months ago
Totally agree, annotations are key for AppArmor profiles!
upvoted 0 times
...
Gladys
8 months ago
Wait, do we really need to edit the manifest for this?
upvoted 0 times
...
Jettie
8 months ago
Yup, just enforce the profile with apparmor_parser!
upvoted 0 times
...
Felicidad
8 months ago
AppArmor is enabled on worker1, right?
upvoted 0 times
...
Latrice
8 months ago
I feel a bit confused about the order of operations. Do we need to check the status of the profile before applying the manifest?
upvoted 0 times
...
Estrella
8 months ago
I think we had a similar question in our last mock exam where we had to edit a manifest file. Just need to remember to add the annotations correctly.
upvoted 0 times
...
Lynette
8 months ago
I remember we practiced enforcing AppArmor profiles, but I'm not entirely sure about the exact command syntax for the parser.
upvoted 0 times
...
Muriel
9 months ago
I recall that the AppArmor profile needs to be enforced first, but I hope I don't mix up the commands for SSH and kubectl.
upvoted 0 times
...
Janessa
9 months ago
This question seems straightforward, but I want to make sure I understand the key concepts around operational risk management before selecting an answer.
upvoted 0 times
...
Katina
9 months ago
I'm a bit confused by the different permission levels mentioned. I'll need to review the details carefully.
upvoted 0 times
...

Save Cancel