Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 4 Question 69 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 69
Topic #: 4
[All CKS Questions]

Context

A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.

Task

Create a new PodSecurityPolicy named prevent-psp-policy,which prevents the creation of privileged Pods.

Create a new ClusterRole named restrict-access-role, which uses the newly created PodSecurityPolicy prevent-psp-policy.

Create a new ServiceAccount named psp-restrict-sa in the existing namespace staging.

Finally, create a new ClusterRoleBinding named restrict-access-bind, which binds the newly created ClusterRole restrict-access-role to the newly created ServiceAccount psp-restrict-sa.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Bev at Oct 20, 2024, 12:50 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Viola
5 months ago
I’m surprised we’re still using PodSecurityPolicies, aren’t they deprecated?
upvoted 0 times
...
Desmond
5 months ago
Wait, does this really apply to all namespaces?
upvoted 0 times
...
Minna
6 months ago
Totally agree, security first!
upvoted 0 times
...
Lauran
6 months ago
Sounds good, but are we sure this won't break anything?
upvoted 0 times
...
Bok
6 months ago
Just created a PodSecurityPolicy to block privileged Pods!
upvoted 0 times
...
Sharita
6 months ago
I vaguely remember something about ClusterRoleBindings, but I'm not completely confident about how they relate to the ServiceAccount in this context.
upvoted 0 times
...
Jamal
6 months ago
I feel like I need to double-check how to set the namespace for the ServiceAccount. Was it just a field in the YAML?
upvoted 0 times
...
Tanesha
7 months ago
I think we did a similar question where we had to create a ClusterRole and bind it to a ServiceAccount. I hope I can recall the steps correctly.
upvoted 0 times
...
Paul
7 months ago
I remember we practiced creating PodSecurityPolicies, but I'm a bit unsure about the exact syntax for preventing privileged Pods.
upvoted 0 times
...
Dean
7 months ago
No problem, I've worked with PodSecurityPolicies and RBAC before. I'll create the PodSecurityPolicy first, then the ClusterRole, ServiceAccount, and finally the ClusterRoleBinding. As long as I get the resource names and namespace correct, I should be able to knock this out quickly.
upvoted 0 times
...
Lamonica
7 months ago
This looks like a tricky one. I'll need to make sure I understand the relationships between the different Kubernetes resources and how they all fit together. Maybe I'll start by sketching out the overall structure before diving into the specific commands.
upvoted 0 times
...
Jess
7 months ago
Okay, I think I've got a good handle on this. First, I'll create the PodSecurityPolicy to prevent privileged Pods, then the ClusterRole to use that policy. Next, I'll create the ServiceAccount in the staging namespace, and finally, the ClusterRoleBinding to link the ClusterRole and ServiceAccount. Should be straightforward if I follow the steps carefully.
upvoted 0 times
...
Gilma
7 months ago
Hmm, I'm a bit unsure about the exact syntax for creating these resources. I'll need to review the Kubernetes documentation on PodSecurityPolicies and RBAC to make sure I get the details right.
upvoted 0 times
...
Ahmad
7 months ago
This looks like a straightforward question on setting up a PodSecurityPolicy and associated RBAC resources. I'll start by creating the PodSecurityPolicy to prevent privileged Pods, then the ClusterRole to use that policy, the ServiceAccount, and finally the ClusterRoleBinding to tie it all together.
upvoted 0 times
...
Paris
2 years ago
Alright, let's do this! Time to put my Kubernetes skills to the test.
upvoted 0 times
...
Yolande
2 years ago
Haha, 'prevent-psp-policy' - that's a mouthful! But I'm sure I can remember it.
upvoted 0 times
Freeman
1 year ago
And finally, bind the ClusterRole to the ServiceAccount with the ClusterRoleBinding.
upvoted 0 times
...
Aleisha
1 year ago
Don't forget to also create the new ClusterRole and ServiceAccount.
upvoted 0 times
...
Dorthy
1 year ago
Creating the new PodSecurityPolicy is crucial to prevent privileged Pods.
upvoted 0 times
...
Linn
1 year ago
It is a bit of a mouthful, but it's important for security.
upvoted 0 times
...
...
Horace
2 years ago
I agree, creating a PodSecurityPolicy can be tricky.
upvoted 0 times
...
Sang
2 years ago
I think the task is quite challenging.
upvoted 0 times
...
Remedios
2 years ago
Wow, this seems like a pretty straightforward task. I'm confident I can nail this one!
upvoted 0 times
Cherelle
1 year ago
If you have any questions, feel free to ask for help.
upvoted 0 times
...
Madelyn
1 year ago
I'm sure you'll do great, just take it step by step.
upvoted 0 times
...
Jani
1 year ago
Just follow the steps provided and you'll be fine.
upvoted 0 times
...
Jame
1 year ago
I agree, it looks like a simple task to complete.
upvoted 0 times
...
Ira
1 year ago
Gregg: Thanks for the reassurance, I'll get started on it now.
upvoted 0 times
...
Gregg
2 years ago
User 2: Just follow the steps provided, and you'll be fine.
upvoted 0 times
...
Marta
2 years ago
I agree, it does seem straightforward.
upvoted 0 times
...
...

Save Cancel