clapgeek logo
Certified Kubernetes Security Specialist (CKS)
Last Update Nov 21, 2024
Total Questions : 48
Why Choose ClapGeek
Customers Passed
Linux Foundation CKS
Average Score In Real
Exam At Testing Centre
Questions came word by
word from this dump
Try a free demo of our Linux Foundation CKS PDF and practice exam software before the purchase to get a closer look at practice questions and answers.
We provide up to 3 months of free after-purchase updates so that you get Linux Foundation CKS practice questions of today and not yesterday.
We have a long list of satisfied customers from multiple countries. Our Linux Foundation CKS practice questions will certainly assist you to get passing marks on the first attempt.
ClapGeek offers Linux Foundation CKS PDF questions, web-based and desktop practice tests that are consistently updated.
ClapGeek has a support team to answer your queries 24/7. Contact us if you face login issues, payment and download issues. We will entertain you as soon as possible.
Thousands of customers passed the Linux Foundation Designing Linux Foundation Azure Infrastructure Solutions exam by using our product. We ensure that upon using our exam products, you are satisfied.
Context
A container image scanner is set up on the cluster, but it's not yet fully integrated into the cluster s configuration. When complete, the container image scanner shall scan for and reject the use of vulnerable images.
Task
Given an incomplete configuration in directory /etc/kubernetes/epconfig and a functional container image scanner with HTTPS endpoint https://wakanda.local:8081 /image_policy :
1. Enable the necessary plugins to create an image policy
2. Validate the control configuration and change it to an implicit deny
3. Edit the configuration to point to the provided HTTPS endpoint correctly
Finally, test if the configuration is working by trying to deploy the vulnerable resource /root/KSSC00202/vulnerable-resource.yml.
You can switch the cluster/configuration context using the following command:
[desk@cli] $ kubectl config use-context stage
Context:
A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.
Task:
1. Create a new PodSecurityPolcy named deny-policy, which prevents the creation of privileged Pods.
2. Create a new ClusterRole name deny-access-role, which uses the newly created PodSecurityPolicy deny-policy.
3. Create a new ServiceAccount named psd-denial-sa in the existing namespace development.
Finally, create a new ClusterRoleBindind named restrict-access-bind, which binds the newly created ClusterRole deny-access-role to the newly created ServiceAccount psp-denial-sa
You can switch the cluster/configuration context using the following command:
[desk@cli] $ kubectl config use-context prod-account
Context:
A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.
Task:
Given an existing Pod named web-pod running in the namespace database.
1. Edit the existing Role bound to the Pod's ServiceAccount test-sa to only allow performing get operations, only on resources of type Pods.
2. Create a new Role named test-role-2 in the namespace database, which only allows performing update operations, only on resources of type statuefulsets.
3. Create a new RoleBinding named test-role-2-bind binding the newly created Role to the Pod's ServiceAccount.
Note: Don't delete the existing RoleBinding.
I took the CKS test and scored 90% on the exam after just three weeks of preparation from clapgeek.com.
TESTED 21 Nov 2024
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated
Text
Description automatically generated