Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 1 Question 75 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 75
Topic #: 1
[All CKS Questions]

You must complete this task on the following cluster/nodes: Cluster:trace Master node:master Worker node:worker1 You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context trace Given: You may use Sysdig or Falco documentation. Task: Use detection tools to detect anomalies like processes spawning and executing something weird frequently in the single container belonging to Podtomcat. Two tools are available to use: 1. falco 2. sysdig Tools are pre-installed on the worker1 node only. Analyse the container's behaviour for at least 40 seconds, using filters that detect newly spawning and executing processes. Store an incident file at/home/cert_masters/report, in the following format: [timestamp],[uid],[processName] Note:Make sure to store incident file on the cluster's worker node, don't move it to master node.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Cherelle at Mar 03, 2025, 07:12 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cassi
16 days ago
Haha, I wonder if the exam writers have a sense of humor. 'Newly spawning and executing processes' - it sounds like we're dealing with some kind of container breakout or malware scenario. Better bring my popcorn!
upvoted 0 times
Arthur
2 days ago
I know, right? Sounds like we're in for an interesting challenge.
upvoted 0 times
...
...
Daniel
18 days ago
I'm a bit confused about the output format for the incident file. The task mentions a specific format, but the solution doesn't seem to address that. I'll need to double-check the requirements.
upvoted 0 times
...
Oliva
22 days ago
Hmm, the task mentions using either Falco or Sysdig, but the solution is focused on Falco. I wonder if Sysdig would be a viable alternative, or if Falco is the preferred tool for this scenario.
upvoted 0 times
...
Annamae
1 months ago
Looks like we need to use Falco to detect any anomalies in the Tomcat container. The rules provided look good, but I'll need to check the Falco documentation to make sure I'm understanding everything correctly.
upvoted 0 times
Darnell
9 days ago
I agree, Falco seems like the best tool to use for this task. The rules provided are detailed, but it's always good to double-check with the documentation.
upvoted 0 times
...
Sherron
20 days ago
User 1: I think we should use Falco to detect anomalies in the Tomcat container.
upvoted 0 times
...
...
Yolande
2 months ago
That's a good point, sysdig might give us better insights into the container's behavior.
upvoted 0 times
...
Rochell
2 months ago
I prefer using sysdig because it provides more detailed information.
upvoted 0 times
...
Yolande
2 months ago
I think I will use falco for this task.
upvoted 0 times
...

Save Cancel