Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 5 Question 85 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 85
Topic #: 5
[All CKS Questions]

Context

A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.

Task

Given an existing Pod named web-pod running in the namespace security.

Edit the existing Role bound to the Pod's ServiceAccount sa-dev-1 to only allow performing watch operations, only on resources of type services.

Create a new Role named role-2 in the namespace security, which only allows performing update

operations, only on resources of type namespaces.

Create a new RoleBinding named role-2-binding binding the newly created Role to the Pod's ServiceAccount.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lai at Nov 22, 2025, 01:02 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Denny
11 hours ago
I think option A is the best choice. It limits access well.
upvoted 0 times
...
Vannessa
5 days ago
I feel the same. Need to focus on the specifics.
upvoted 0 times
...
Gearldine
24 days ago
Sounds good, but are we sure this won't break anything?
upvoted 0 times
...
Jolene
29 days ago
Wait, we can create a Role for namespaces? That’s new to me!
upvoted 0 times
...
Susana
1 month ago
Totally agree, less is more when it comes to permissions!
upvoted 0 times
...
Annamaria
1 month ago
Just need to limit permissions to watch services only.
upvoted 0 times
...
Bobbie
1 month ago
Wait, we have to create a new Role and RoleBinding? That's a lot of steps.
upvoted 0 times
...
Dick
2 months ago
Haha, I bet the exam writer had a good laugh coming up with this one.
upvoted 0 times
...
Laquita
2 months ago
Hmm, I'm not sure about the namespace update permission. Seems a bit overkill.
upvoted 0 times
...
Santos
2 months ago
This looks straightforward, I think I can handle it.
upvoted 0 times
...
Ronnie
2 months ago
I recall that we had to bind Roles to ServiceAccounts in a previous exercise. I hope I can remember the steps to create the RoleBinding correctly.
upvoted 0 times
...
Stanford
2 months ago
I think I need to look up the exact syntax for defining permissions in a Role. I feel like I might mix up the resource types.
upvoted 0 times
...
An
3 months ago
This seems like a good opportunity to demonstrate my RBAC knowledge. I'm confident I can complete all the tasks efficiently and accurately. I'll make sure to follow the exact requirements and pay close attention to the details.
upvoted 0 times
...
Denise
3 months ago
Okay, let's break this down step-by-step. First, I'll edit the existing Role to only allow watch operations on services. Then, I'll create a new Role for updating namespaces and bind it to the Pod's ServiceAccount. I think I can handle this, but I'll double-check my work before submitting.
upvoted 0 times
...
Doretha
3 months ago
This question is tricky. Permissions can get complicated.
upvoted 0 times
...
Brett
3 months ago
This seems similar to that practice question where we had to create a RoleBinding. I think I can manage that part, but the specifics on namespaces are a bit fuzzy.
upvoted 0 times
...
Eric
3 months ago
I remember we practiced editing Roles before, but I'm not entirely sure how to limit permissions specifically to watch operations.
upvoted 0 times
...
Jovita
4 months ago
I think updating namespaces is a bit risky, but okay.
upvoted 0 times
...
Nenita
4 months ago
Hmm, I'm a bit unsure about the specifics of the RBAC resources and their interactions. I'll need to carefully read through the question and make sure I understand the expected changes before attempting to implement them.
upvoted 0 times
...
Delmy
4 months ago
This looks like a straightforward RBAC question. I'll start by reviewing the existing Role bound to the Pod's ServiceAccount and then create a new Role and RoleBinding as per the requirements.
upvoted 0 times
Delisa
4 months ago
Good idea! We need to see what permissions it has.
upvoted 0 times
...
...

Save Cancel