Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation KCNA Exam - Topic 2 Question 73 Discussion

Actual exam question for Linux Foundation's KCNA exam
Question #: 73
Topic #: 2
[All KCNA Questions]

Which authorization-mode allows granular control over the operations that different entities can perform on different objects in a Kubernetes cluster?

Show Suggested Answer Hide Answer
Suggested Answer: B

Role Based Access Control (RBAC) is the standard Kubernetes authorization mode that provides granular control over what users and service accounts can do to which resources, so B is correct. RBAC works by defining Roles (namespaced) and ClusterRoles (cluster-wide) that contain sets of rules. Each rule specifies API groups, resource types, resource names (optional), and allowed verbs such as get, list, watch, create, update, patch, and delete. You then attach these roles to identities using RoleBindings or ClusterRoleBindings.

This gives fine-grained, auditable access control. For example, you can allow a CI service account to create and patch Deployments only in a specific namespace, while restricting it from reading Secrets. You can allow developers to view Pods and logs but prevent them from changing cluster-wide networking resources. This is exactly the ''granular control over operations on objects'' described by the question.

Why other options are not the best answer: ''Webhook mode'' is an authorization mechanism where Kubernetes calls an external service to decide authorization. While it can be granular depending on the external system, Kubernetes' common built-in answer for granular object-level control is RBAC. ''Node authorization'' is a specialized authorizer for kubelets/nodes to access resources they need; it's not the general-purpose system for all cluster entities. ABAC (Attribute-Based Access Control) is an older mechanism and is not the primary recommended authorization model; it can be expressive but is less commonly used and not the default best-practice for Kubernetes authorization today.

In Kubernetes security practice, RBAC is typically paired with authentication (certs/OIDC), admission controls, and namespaces to build a defense-in-depth security posture. RBAC policy is also central to least privilege: granting only what is necessary for a workload or user role to function. This reduces blast radius if credentials are compromised.

Therefore, the verified answer is B: Role Based Access Control.


by Catarina at Jan 23, 2026, 02:12 PM

Limited Time Offer

25%

Off

Get Premium KCNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lemuel
9 hours ago
I feel like I read about this in the context of Kubernetes security, but I can't recall if it was specifically about RBAC or something else.
upvoted 0 times
...
Tamera
5 days ago
I'm a bit confused about the different modes. Is it possible that there are other options besides RBAC that allow for granular control?
upvoted 0 times
...
Katy
28 days ago
I remember something about authorization modes, and I think there was a question similar to this in our practice exam. Could it be RBAC?
upvoted 0 times
...
Camellia
1 month ago
I think the answer might be Role-Based Access Control, but I'm not entirely sure if that's the only option.
upvoted 0 times
...
Shawna
1 month ago
Kubernetes authorization is a tricky topic. I'm going to take a few minutes to think through the different options and decide which one best fits the "granular control" requirement in the question.
upvoted 0 times
...
Dalene
1 month ago
Ah, I remember learning about this in class. RBAC is the way to go for granular control over Kubernetes resources. I'll make sure to highlight the key features of RBAC in my response.
upvoted 0 times
...
Berry
2 months ago
Kubernetes has a few different authorization modes, but the one that gives you the most control is probably Role-Based Access Control (RBAC). I'll focus on explaining how RBAC works in my answer.
upvoted 0 times
...
Serita
2 months ago
Hmm, I'm not too familiar with Kubernetes authorization modes. I'll need to review my notes on that topic before attempting this question.
upvoted 0 times
...
Huey
2 months ago
I think this is asking about Kubernetes RBAC, which allows you to define fine-grained permissions for different users and roles.
upvoted 0 times
...

Save Cancel