Deal of the Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Certified Kubernetes Security Specialist Exam

Certification Provider: Linux Foundation
Exam Name: Certified Kubernetes Security Specialist
Duration: 120 Minutes
Number of questions in our database: 48
Exam Version: May. 24, 2023
Exam Official Topics:
  • Topic 1: Single Topic

Free Linux Foundation Certified Kubernetes Security Specialist Exam Actual Questions

The questions for Certified Kubernetes Security Specialist were last updated On May. 24, 2023

Question #1

Create a RuntimeClass named untrusted using the prepared runtime handler named runsc.

Create a Pods of image alpine:3.13.2 in the Namespace default to run on the gVisor runtime class.

Reveal Solution Hide Solution
Correct Answer: A

Question #2

Task

Analyze and edit the given Dockerfile /home/candidate/KSSC00301/Docker file (based on the ubuntu:16.04 image), fixing two instructions present in the file that are prominent security/best-practice issues.

Analyze and edit the given manifest file /home/candidate/KSSC00301/deployment.yaml, fixing two fields present in the file that are prominent security/best-practice issues.

Reveal Solution Hide Solution
Correct Answer: A

Question #3

You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context stage Context: A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace. Task: 1. Create a new PodSecurityPolcy named deny-policy, which prevents the creation of privileged Pods. 2. Create a new ClusterRole name deny-access-role, which uses the newly created PodSecurityPolicy deny-policy. 3. Create a new ServiceAccount named psd-denial-sa in the existing namespace development. Finally, create a new ClusterRoleBindind named restrict-access-bind, which binds the newly created ClusterRole deny-access-role to the newly created ServiceAccount psp-denial-sa

Reveal Solution Hide Solution
Correct Answer: A

Question #4

Task

Analyze and edit the given Dockerfile /home/candidate/KSSC00301/Docker file (based on the ubuntu:16.04 image), fixing two instructions present in the file that are prominent security/best-practice issues.

Analyze and edit the given manifest file /home/candidate/KSSC00301/deployment.yaml, fixing two fields present in the file that are prominent security/best-practice issues.

Reveal Solution Hide Solution
Correct Answer: A

Question #5

Context

The kubeadm-created cluster's Kubernetes API server was, for testing purposes, temporarily configured to allow unauthenticated and unauthorized access granting the anonymous user duster-admin access.

Task

Reconfigure the cluster's Kubernetes API server to ensure that only authenticated and authorized REST requests are allowed.

Use authorization mode Node,RBAC and admission controller NodeRestriction.

Cleaning up, remove the ClusterRoleBinding for user system:anonymous.

Reveal Solution Hide Solution
Correct Answer: A

Explore Other Linux Foundation Exams

Unlock all Certified Kubernetes Security Specialist Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss Linux Foundation Certified Kubernetes Security Specialist Topics, Questions or Ask Anything Related

Submit Cancel

Save Cancel