Linux Foundation Certified Kubernetes Security Specialist Exam Questions

Name: Linux Foundation Certified Kubernetes Security Specialist Exam
Brand: Pass4Success
SKU: Certified Kubernetes Security Specialist
Price: 69.00 USD
Availability: InStock
Rating: 5.0 (121 reviews)

Exam Name: Certified Kubernetes Security Specialist

Exam Code: Certified Kubernetes Security Specialist

Related Certification(s): Linux Foundation Kubernetes Security Specialist Certification

Certification Provider: Linux Foundation

Actual Exam Duration: 120 Minutes

Number of Certified Kubernetes Security Specialist practice questions in our database: 48 (updated: Jul. 20, 2024)

Disscuss Linux Foundation Certified Kubernetes Security Specialist Topics, Questions or Ask Anything Related

Submit Cancel

Nadine

22 days ago

Just passed the CKS exam! One tricky area was Pod Security Policies. Expect questions on configuring and troubleshooting PSPs. Study the different policy options and their impact on pod creation. Big thanks to Pass4Success for their spot-on practice questions that helped me prepare quickly!

upvoted 0 times

...

Free Linux Foundation Certified Kubernetes Security Specialist Exam Actual Questions

Note: Premium Questions for Certified Kubernetes Security Specialist were last updated On Jul. 20, 2024 (see below)

Question #1

Context

A CIS Benchmark tool was run against the kubeadm-created cluster and found multiple issues that must be addressed immediately.

Task

Fix all issues via configuration and restart the affected components to ensure the new settings take effect.

Fix all of the following violations that were found against the API server:

Fix all of the following violations that were found against the Kubelet:

Fix all of the following violations that were found against etcd:

AExplanation:

Reveal Solution

Correct Answer: A

Question #2

Context

A default-deny NetworkPolicy avoids to accidentally expose a Pod in a namespace that doesn't have any other NetworkPolicy defined.

Task

Create a new default-deny NetworkPolicy named defaultdeny in the namespace testing for all traffic of type Egress.

The new NetworkPolicy must deny all Egress traffic in the namespace testing.

Apply the newly created default-deny NetworkPolicy to all Pods running in namespace testing.

AExplanation:

Reveal Solution

Correct Answer: A

Question #3

Context

A CIS Benchmark tool was run against the kubeadm-created cluster and found multiple issues that must be addressed immediately.

Task

Fix all issues via configuration and restart the affected components to ensure the new settings take effect.

Fix all of the following violations that were found against the API server:

Fix all of the following violations that were found against the Kubelet:

Fix all of the following violations that were found against etcd:

AExplanation:

Reveal Solution

Correct Answer: A

Question #4

Context

A default-deny NetworkPolicy avoids to accidentally expose a Pod in a namespace that doesn't have any other NetworkPolicy defined.

Task

Create a new default-deny NetworkPolicy named defaultdeny in the namespace testing for all traffic of type Egress.

The new NetworkPolicy must deny all Egress traffic in the namespace testing.

Apply the newly created default-deny NetworkPolicy to all Pods running in namespace testing.

AExplanation:

Reveal Solution

Correct Answer: A

Question #5

Context

A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.

Task

Create a new PodSecurityPolicy named prevent-psp-policy,which prevents the creation of privileged Pods.

Create a new ClusterRole named restrict-access-role, which uses the newly created PodSecurityPolicy prevent-psp-policy.

Create a new ServiceAccount named psp-restrict-sa in the existing namespace staging.

Finally, create a new ClusterRoleBinding named restrict-access-bind, which binds the newly created ClusterRole restrict-access-role to the newly created ServiceAccount psp-restrict-sa.