U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 48 Discussion

Enable audit logs in the cluster, To Do so, enable the log backend, and ensure that1. logs are stored at /var/log/kubernetes/kubernetes-logs.txt.2. Log files are retained for 5 days.3. at maximum, a number of 10 old audit logs files are retained.Edit and extend the basic policy to log:1. Cronjobs changes at RequestResponse2. Log the request body of deployments changes in the namespace kube-system.3. Log all other resources in core and extensions at the Request level.4. Don't log watch requests by the "system:kube-proxy" on endpoints or
A) Explanation:

Linux Foundation CKS Exam - Topic 1 Question 48 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 48
Topic #: 1
[All CKS Questions]

Enable audit logs in the cluster, To Do so, enable the log backend, and ensure that

1. logs are stored at /var/log/kubernetes/kubernetes-logs.txt.

2. Log files are retained for 5 days.

3. at maximum, a number of 10 old audit logs files are retained.

Edit and extend the basic policy to log:

1. Cronjobs changes at RequestResponse

2. Log the request body of deployments changes in the namespace kube-system.

3. Log all other resources in core and extensions at the Request level.

4. Don't log watch requests by the "system:kube-proxy" on endpoints or

Show Suggested Answer Hide Answer
Suggested Answer: A

by Elli at Feb 09, 2024, 01:18 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nichelle
7 months ago
Why not log watch requests from kube-proxy? Seems important!
upvoted 0 times
...
Sang
7 months ago
I think logging the request body is a bit too much.
upvoted 0 times
...
Deonna
7 months ago
Wait, only 5 days of retention? That seems short.
upvoted 0 times
...
Jade
7 months ago
Agreed! It's essential for security.
upvoted 0 times
...
Salley
8 months ago
Audit logs should definitely be enabled for better tracking.
upvoted 0 times
...
Tennie
8 months ago
I feel like we did something like this in our last mock exam. The request body logging for deployments in kube-system seems familiar, but I need to double-check the syntax.
upvoted 0 times
...
Vincenza
8 months ago
For the policy, I’m pretty sure we need to log Cronjobs at RequestResponse level, but I’m not clear on how to exclude the kube-proxy watch requests.
upvoted 0 times
...
Alease
8 months ago
I think the log backend needs to be set up first, right? I recall a similar question where we had to specify log file paths.
upvoted 0 times
...
Stephaine
8 months ago
I remember we practiced enabling audit logs, but I’m a bit unsure about the exact retention settings. Was it 5 days or a week?
upvoted 0 times
...
Mike
8 months ago
Okay, I got this. Enabling the audit logs, setting the file path, retention, and max old logs - easy peasy. And then extending the policy to log the specific resource changes, no problem. I feel pretty confident I can nail this question.
upvoted 0 times
...
Kenneth
8 months ago
Whoa, this is a lot of stuff to configure. Audit logging in Kubernetes can get pretty complex. I better make sure I don't miss any of the details here - I don't want to lose points on silly mistakes. Gotta read this question carefully.
upvoted 0 times
...
Gianna
8 months ago
Okay, let me break this down step-by-step. First, I need to enable the log backend. Then I'll set the log file path, retention period, and max old log files. After that, I'll extend the audit policy to log the specific resource changes they're asking for. I think if I work through it methodically, I can get this done.
upvoted 0 times
...
Sherly
8 months ago
Hmm, this is a bit tricky. I'll need to review the details carefully to make sure I get all the log settings right. Enabling the log backend, specifying the log file path, retention period, and max old log files - that's a lot to keep track of.
upvoted 0 times
...
Rima
9 months ago
This looks like a pretty straightforward question on configuring Kubernetes audit logging. I think I can handle this - I just need to make sure I understand all the requirements clearly.
upvoted 0 times
...
Arlette
9 months ago
I'm a little confused by all the options here. Log shipping, availability groups, migration assistant - it's a lot to consider. I think I'll need to do some more research on the pros and cons of each approach before I make a decision. This is an important migration, so I want to make sure I get it right.
upvoted 0 times
...
Eun
9 months ago
This looks like a straightforward question. I'll carefully read through the options and think about common issues that could cause a query to fail.
upvoted 0 times
...
Sharee
9 months ago
Okay, I think I've got a plan. Option B, creating a second cluster in Asia and using a load balancer, seems like the best way to reduce latency for the Asia users. I'll make sure to add the public IPs to the DNS zone.
upvoted 0 times
...
Carol
9 months ago
Hmm, I'm a bit unsure about this one. I'll need to think it through carefully before selecting an answer.
upvoted 0 times
...
Lenna
9 months ago
I vaguely recall something about 802.3at specifically mentioning 100m, but I could see how some might confuse it with another standard.
upvoted 0 times
...
Sheldon
2 years ago
I agree, it helps in understanding changes made to critical resources.
upvoted 0 times
...
Tammy
2 years ago
Logging request body of deployments in kube-system namespace provides valuable information.
upvoted 0 times
...
Marylyn
2 years ago
Yes, it allows for historical analysis and investigation if needed.
upvoted 0 times
...
Sheldon
2 years ago
I believe ensuring that log files are retained for 5 days is a good practice.
upvoted 0 times
...
Tammy
2 years ago
I agree with you, Marylyn. It helps in tracking changes and potential issues.
upvoted 0 times
...
Marylyn
2 years ago
I think enabling audit logs in the cluster is important for security.
upvoted 0 times
...
Martha
2 years ago
I see the rationale behind each requirement now. It's all about enhancing security and monitoring in the cluster.
upvoted 0 times
...
Vicki
2 years ago
Exactly. And we should not forget to extend the basic policy to log specific changes, like Cronjobs and deployments.
upvoted 0 times
...
Karl
2 years ago
We also need to be careful about the old audit logs files limit. Keeping it to a maximum of 10 is important.
upvoted 0 times
...
Martha
2 years ago
I agree. We have to pay attention to the specifics like storing logs at /var/log/kubernetes/kubernetes-logs.txt and retaining them for 5 days.
upvoted 0 times
...
Vicki
2 years ago
I think enabling audit logs is crucial for security reasons. We need to make sure we capture the right information.
upvoted 0 times
...
Karl
2 years ago
This question is tricky. I need to focus on each requirement.
upvoted 0 times
...

Save Cancel