Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 57 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 57
Topic #: 1
[All CKS Questions]

Context

A default-deny NetworkPolicy avoids to accidentally expose a Pod in a namespace that doesn't have any other NetworkPolicy defined.

Task

Create a new default-deny NetworkPolicy named defaultdeny in the namespace testing for all traffic of type Egress.

The new NetworkPolicy must deny all Egress traffic in the namespace testing.

Apply the newly created default-deny NetworkPolicy to all Pods running in namespace testing.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Noe at Jun 20, 2024, 02:02 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mira
4 months ago
I’m not sure, can’t some services still need Egress?
upvoted 0 times
...
Amie
4 months ago
This is a must for any production environment!
upvoted 0 times
...
Stephaine
4 months ago
Wait, does this mean all outgoing traffic is blocked?
upvoted 0 times
...
Mariann
4 months ago
Totally agree, better safe than sorry.
upvoted 0 times
...
Queen
5 months ago
Default-deny is a solid security practice!
upvoted 0 times
...
Stephaine
5 months ago
I recall that we had a similar question where we had to allow specific traffic. This time it feels like the opposite, so I hope I remember the deny rules correctly.
upvoted 0 times
...
Benedict
5 months ago
I’m a bit confused about the namespace part. Do I need to specify the namespace in the YAML file or just apply it in the right context?
upvoted 0 times
...
Rosita
5 months ago
I think the default-deny policy should just have an empty `ingress` and `egress` section, right? That’s how we did it in the practice questions.
upvoted 0 times
...
Wava
5 months ago
I remember we practiced creating NetworkPolicies, but I’m not entirely sure about the exact syntax for the default-deny policy.
upvoted 0 times
...
Ulysses
5 months ago
Whoa, this is a tricky one. I need to be really careful to get all the details right, or I could end up locking myself out of the namespace. Let me think this through step-by-step.
upvoted 0 times
...
Jolanda
5 months ago
Okay, I think I've got a good handle on this. I'll create the NetworkPolicy, make sure it's denying all Egress traffic, and then apply it to the namespace.
upvoted 0 times
...
Maile
5 months ago
Hmm, I'm a bit unsure about the specifics of how to apply the NetworkPolicy to all Pods in the namespace. I'll need to review the documentation on that.
upvoted 0 times
...
Bulah
6 months ago
This looks straightforward enough. I'll start by creating the new NetworkPolicy with the required settings.
upvoted 0 times
...
Broderick
6 months ago
Hmm, I'm a bit confused on how to approach this. The front-end load is throwing me off. I'll need to review the formula for this.
upvoted 0 times
...
Maybelle
6 months ago
I feel like detection mode plays a role in how the IPS responds to threats, but I'm unsure if that would explain the connection dropping.
upvoted 0 times
...
Winfred
6 months ago
Option D looks promising - the compute.networkViewer role plus the compute.networks.use permission. That should give the networking team the read-only access they need.
upvoted 0 times
...
Percy
2 years ago
Well, well, well, looks like we've got a sneaky little network policy question here. But I'm not falling for it - C is the way to go, folks!
upvoted 0 times
Lashaunda
2 years ago
Great, C it is for the default-deny NetworkPolicy in the testing namespace.
upvoted 0 times
...
Kenneth
2 years ago
Let's go with C then, it seems like the safest choice for this scenario.
upvoted 0 times
...
Louann
2 years ago
I agree, C seems like the best option to deny all Egress traffic.
upvoted 0 times
...
Veronica
2 years ago
I think C is the correct choice for this network policy.
upvoted 0 times
...
...
Magnolia
2 years ago
Haha, I love how they're trying to trick us with the 'default-allow' option. Nice try, but I'm too smart for that. C all the way!
upvoted 0 times
Jules
2 years ago
We're too smart for their tricks.
upvoted 0 times
...
Ria
2 years ago
Definitely, option C is the way to go.
upvoted 0 times
...
Veronika
2 years ago
I agree, they can't fool us with that 'default-allow' option.
upvoted 0 times
...
Reita
2 years ago
Sanjuana: Agreed, C all the way!
upvoted 0 times
...
Sanjuana
2 years ago
Definitely, option C is the way to go.
upvoted 0 times
...
Dudley
2 years ago
I know right, they can't fool us with that 'default-allow' option.
upvoted 0 times
...
...
Gilberto
2 years ago
Oh boy, this one's a toughie. But I'll trust my gut and go with C. Gotta keep those Pods locked down, you know?
upvoted 0 times
...
Glenn
2 years ago
Hmm, I'm not sure. The question mentions a 'default-deny NetworkPolicy', but option A shows a 'default-allow' policy. I think I'll go with C just to be safe.
upvoted 0 times
Detra
2 years ago
I agree, let's go with C.
upvoted 0 times
...
Therese
2 years ago
I think C is the safest option.
upvoted 0 times
...
...
Elly
2 years ago
I think the correct answer is C. The question clearly states that the new NetworkPolicy must deny all Egress traffic in the namespace testing, and the image for option C shows the correct configuration for that.
upvoted 0 times
Ma
2 years ago
Let's go with option C then. It aligns with the task of denying all Egress traffic in the namespace testing.
upvoted 0 times
...
Loise
2 years ago
The image for option C matches the requirements specified in the question for denying all Egress traffic.
upvoted 0 times
...
Justine
2 years ago
Yes, option C is the best choice for creating a default-deny NetworkPolicy in this scenario.
upvoted 0 times
...
Cammy
2 years ago
I agree, option C is the correct answer. It denies all Egress traffic in the namespace testing.
upvoted 0 times
...
...
Crista
2 years ago
That makes sense. It's important to have strict controls in place for Egress traffic.
upvoted 0 times
...
Marjory
2 years ago
I believe the purpose is to avoid accidentally exposing a Pod in a namespace without any other NetworkPolicy.
upvoted 0 times
...
Crista
2 years ago
Yes, we need to create a new default-deny NetworkPolicy named defaultdeny in the namespace testing.
upvoted 0 times
...
Marjory
2 years ago
I think the question is about creating a default-deny NetworkPolicy.
upvoted 0 times
...

Save Cancel