Free Preparation Discussions
MENU
Linux Foundation CNPA Exam - Topic 2 Question 17 Discussion
Topic #: 2
For a cloud native platform handling sensitive customer data, which approach ensures compliance with data privacy regulations like GDPR and PCI DSS within a Kubernetes environment?
Compliance with regulations like GDPR and PCI DSS requires fine-grained control, auditing, and data protection. Option C is correct because deploying a policy engine like Open Policy Agent (OPA) enables dynamic enforcement of policies, real-time data masking, and comprehensive audit logging. This ensures sensitive data is protected while providing traceability and compliance reporting.
Option A is insufficient, as default IAM policies without Kubernetes-level governance do not provide the granularity required for compliance. Option B (Kubernetes Secrets) adds encryption but lacks auditability and runtime enforcement. Option D (RBAC and network policies) improves security posture but does not provide comprehensive compliance coverage or data privacy features like masking and logging.
OPA and similar tools integrate with Kubernetes admission control to enforce compliance policies consistently, providing the flexibility and auditability needed in regulated industries.
--- CNCF Security TAG Best Practices
--- CNCF Platforms Whitepaper
--- Cloud Native Platform Engineering Study Guide
Currently there are no comments in this discussion, be the first to comment!