Linux Foundation Exam CKS Topic 5 Question 76 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 76
Topic #: 5

[All CKS Questions]

A container image scanner is set up on the cluster.

Given an incomplete configuration in the directory

/etc/kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://test-server.local.8081/image_policy

1. Enable the admission plugin.

2. Validate the control configuration and change it to implicit deny.

Finally, test the configuration by deploying the pod having the image tag as latest.

AExplanation:
ssh-add ~/.ssh/tempprivate
eval '$(ssh-agent -s)'
cd contrib/terraform/aws
vi terraform.tfvars
terraform init
terraform apply -var-file=credentials.tfvars
ansible-playbook -i ./inventory/hosts ./cluster.yml -e ansible_ssh_user=core -e bootstrap_os=coreos -b --become-user=root --flush-cache -e ansible_user=core

Show Suggested Answer

Suggested Answer: A

by Nicolette at Mar 22, 2025, 06:03 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Solange

2 days ago

Agreed, and then we can test the configuration by deploying the pod with the latest image tag.

upvoted 0 times

...

Lauran

10 days ago

After that, we should validate the control configuration and set it to implicit deny.

upvoted 0 times

...

Oliva

11 days ago

Yes, that's important for security measures.

upvoted 0 times

...

Solange

14 days ago

I think we need to enable the admission plugin first.

upvoted 0 times

...

Daniela

15 days ago

This question is making me hungry. All this talk about containers and images is making me crave a nice, juicy container of ice cream. Mmm, now that's the kind of image I can get behind!

upvoted 0 times

...

Jutta

20 days ago

The instructions for the Terraform and Ansible steps seem a bit out of place here. I think those are for a different question. Let's just focus on the container image scanner configuration.

upvoted 0 times

...

Barbra

22 days ago

I'm a bit confused about the 'implicit deny' part. Does that mean we need to set the default policy to deny everything and then explicitly allow the images we want to deploy?

upvoted 0 times

...

Jamal

26 days ago

Hmm, this seems pretty straightforward. The question is asking us to enable the admission plugin and validate the control configuration, then test the configuration by deploying a pod with the latest image tag.

upvoted 0 times

Ronna

10 days ago

Finally, we can test the configuration by deploying a pod with the latest image tag.

upvoted 0 times

...

Gwenn

11 days ago

After that, we need to validate the control configuration and change it to implicit deny.

upvoted 0 times

...

Avery

13 days ago

Let's start by enabling the admission plugin.

upvoted 0 times

...