U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 32 Discussion

Enable audit logs in the cluster, To Do so, enable the log backend, and ensure that1. logs are stored at /var/log/kubernetes-logs.txt.2. Log files are retained for 12 days.3. at maximum, a number of 8 old audit logs files are retained.4. set the maximum size before getting rotated to 200MBEdit and extend the basic policy to log:1. namespaces changes at RequestResponse2. Log the request body of secrets changes in the namespace kube-system.3. Log all other resources in core and extensions at the Request level.4. Log "pods/portforward", "services/proxy" at Metadata level.5. Omit the Stage RequestReceivedAll other requests at the Metadata level
A) Explanation: Kubernetes auditing provides a security-relevant chronological set of records about a cluster. Kube-apiserver performs auditing. Each request on each stage of its execution generates an event, which is then pre-processed according to a certain policy and written to a backend. The policy determines what's recorded and the backends persist the records. You might want to configure the audit log as part of compliance with the CIS (Center for Internet Security) Kubernetes Benchmark controls. The audit log can be enabled by default using the following configuration incluster.yml: services: kube-api: audit_log: enabled: true When the audit log is enabled, you should be able to see the default values at/etc/kubernetes/audit-policy.yaml The log backend writes audit events to a file inJSONlinesformat. You can configure the log audit backend using the followingkube-apiserverflags: --audit-log-pathspecifies the log file path that log backend uses to write audit events. Not specifying this flag disables log backend.-means standard out --audit-log-maxagedefined the maximum number of days to retain old audit log files --audit-log-maxbackupdefines the maximum number of audit log files to retain --audit-log-maxsizedefines the maximum size in megabytes of the audit log file before it gets rotated If your cluster's control plane runs the kube-apiserver as a Pod, remember to mount thehostPathto the location of the policy file and log file, so that audit records are persisted. For example: --audit-policy-file=/etc/kubernetes/audit-policy.yaml \ --audit-log-path=/var/log/audit.log

Linux Foundation CKS Exam - Topic 1 Question 32 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 32
Topic #: 1
[All CKS Questions]

Enable audit logs in the cluster, To Do so, enable the log backend, and ensure that

1. logs are stored at /var/log/kubernetes-logs.txt.

2. Log files are retained for 12 days.

3. at maximum, a number of 8 old audit logs files are retained.

4. set the maximum size before getting rotated to 200MB

Edit and extend the basic policy to log:

1. namespaces changes at RequestResponse

2. Log the request body of secrets changes in the namespace kube-system.

3. Log all other resources in core and extensions at the Request level.

4. Log "pods/portforward", "services/proxy" at Metadata level.

5. Omit the Stage RequestReceived

All other requests at the Metadata level

Show Suggested Answer Hide Answer
Suggested Answer: A

by Hoa at Feb 03, 2023, 08:11 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lura
7 months ago
I thought logs were kept indefinitely? This is new to me!
upvoted 0 times
...
Kip
8 months ago
200MB max size? That’s a bit small for busy clusters.
upvoted 0 times
...
Van
8 months ago
Wait, we have to keep logs for 12 days? Seems excessive.
upvoted 0 times
...
Skye
8 months ago
Totally agree, especially for compliance.
upvoted 0 times
...
Wilda
8 months ago
Audit logs are super important for security!
upvoted 0 times
...
Willow
8 months ago
I recall that we need to omit the Stage RequestReceived, but I can't remember if we have to include all other requests at the Metadata level or just specific ones.
upvoted 0 times
...
Naomi
8 months ago
I’m a bit confused about the policy editing part. Do we need to specify the log level for each resource type in the YAML file?
upvoted 0 times
...
Bettina
8 months ago
I think we did a similar question where we had to set the log path and retention period. The path was definitely something like /var/log/kubernetes-logs.txt, right?
upvoted 0 times
...
Sherrell
8 months ago
I remember we practiced enabling audit logs, but I'm not entirely sure about the exact flags for retention settings.
upvoted 0 times
...
Alline
9 months ago
Okay, I think I've got this. The scenario is all about supporting the business through the architecture, so principles like "Maximize Benefit to the Enterprise" and "Responsive Change Management" are crucial. The other principles in option A also seem well-aligned. I'm feeling pretty confident about that being the best answer.
upvoted 0 times
...
Luis
9 months ago
This seems like a straightforward question about Microsoft 365 Analytics features. I think the key is to focus on the requirements - scheduling time for priority work and silencing chats in Teams.
upvoted 0 times
...
Elenor
9 months ago
I'm pretty confident I know the answer to this one. The CAPWAP heartbeat detection interval is set to 20 seconds before the active/standby switchover occurs.
upvoted 0 times
...
Merlyn
9 months ago
I remember learning about the CANVAS element in my web development class. I believe the valid events are mouseup, mousemove, and click. I'm fairly confident in those choices.
upvoted 0 times
...
Rebecka
1 year ago
Configuring audit logs is no easy task, but these instructions make it straightforward. I'm glad they included the example for running kube-apiserver as a Pod.
upvoted 0 times
Sabine
1 year ago
I agree, having the example for running kube-apiserver as a Pod is really helpful in understanding the process.
upvoted 0 times
...
Francine
1 year ago
Yes, configuring audit logs can be complex, but having clear instructions definitely helps.
upvoted 0 times
...
Helga
1 year ago
Thanks for the detailed explanation. I appreciate the example provided for running kube-apiserver as a Pod.
upvoted 0 times
...
...
Ilene
1 year ago
This is a well-thought-out question. The details around the CIS Kubernetes Benchmark and the ability to configure the audit log backend are a nice touch.
upvoted 0 times
Delsie
12 months ago
Don't forget to edit and extend the basic policy to log specific changes.
upvoted 0 times
...
Alba
1 year ago
We also need to set the maximum size before rotation to 200MB.
upvoted 0 times
...
Arlen
1 year ago
Yes, we should enable the log backend and make sure the logs are stored at /var/log/kubernetes-logs.txt.
upvoted 0 times
...
Hyman
1 year ago
I think we need to enable audit logs in the cluster.
upvoted 0 times
...
Jacqueline
1 year ago
And don't forget to set the maximum size before rotation to 200MB.
upvoted 0 times
...
Phung
1 year ago
We need to make sure the log files are stored at /var/log/kubernetes-logs.txt.
upvoted 0 times
...
Malinda
1 year ago
Yes, it helps track all the requests and events happening in the cluster.
upvoted 0 times
...
Nikita
1 year ago
I think enabling audit logs in the cluster is crucial for security.
upvoted 0 times
...
...
Laticia
1 year ago
Haha, imagine if the audit logs were stored in /dev/null by mistake. The admins would be scratching their heads trying to find the logs!
upvoted 0 times
Arlene
1 year ago
Yeah, storing audit logs in /dev/null would definitely cause some confusion.
upvoted 0 times
...
Mica
1 year ago
That would be a nightmare! They would be searching for logs that don't exist.
upvoted 0 times
...
...
Mauricio
1 year ago
The policy configuration looks comprehensive, covering changes to namespaces, secrets, and other resources. I like how it includes logging at different stages like RequestResponse and Metadata.
upvoted 0 times
...
Steffanie
1 year ago
I agree, it's crucial to have a detailed audit trail for compliance purposes.
upvoted 0 times
...
Talia
1 year ago
Yes, it helps track all the requests and changes made in the cluster.
upvoted 0 times
...
Jesus
1 year ago
Enabling audit logs in the cluster is crucial for security and compliance. The instructions provided cover the key aspects well, like log file path, retention period, and rotation settings.
upvoted 0 times
Brett
1 year ago
Remember to omit the Stage RequestReceived and log all other requests at the Metadata level.
upvoted 0 times
...
Tegan
1 year ago
Set the maximum size before rotation to 200MB and configure the audit policy to log specific changes.
upvoted 0 times
...
Phillip
1 year ago
Don't forget to retain log files for 12 days and limit the number of old audit log files to 8.
upvoted 0 times
...
Candra
1 year ago
Make sure to enable the log backend and set the log file path to /var/log/kubernetes-logs.txt.
upvoted 0 times
...
...
Willodean
1 year ago
I think enabling audit logs in the cluster is important for security.
upvoted 0 times
...

Save Cancel