New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CKS Exam Dumps - Linux Foundation Kubernetes Security Specialist Questions and Answers

Page: 1 / 1
Questions 4

You can switch the cluster/configuration context using the following command:

[desk@cli] $ kubectl config use-context prod-account 

Context:

A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.

Task:

Given an existing Pod named web-pod running in the namespace database.

1. Edit the existing Role bound to the Pod's ServiceAccount test-sa to only allow performing get operations, only on resources of type Pods.

2. Create a new Role named test-role-2 in the namespace database, which only allows performing update operations, only on resources of type statuefulsets.

3. Create a new RoleBinding named test-role-2-bind binding the newly created Role to the Pod's ServiceAccount.

Note: Don't delete the existing RoleBinding.

Options:

Buy Now
Questions 5

You must complete this task on the following cluster/nodes: Cluster: immutable-cluster

Master node: master1

Worker node: worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $  kubectl config use-context immutable-cluster 

Context: It is best practice to design containers to be stateless and immutable.

Task:

Inspect Pods running in namespace prod and delete any Pod that is either not stateless or not immutable.

Use the following strict interpretation of stateless and immutable:

1. Pods being able to store data inside containers must be treated as not stateless. 

Note: You don't have to worry whether data is actually stored inside containers or not already.

2. Pods being configured to be privileged in any way must be treated as potentially not stateless or not immutable.

Options:

Buy Now
Questions 6

use the Trivy to scan the following images,

1.  amazonlinux:1

2.  k8s.gcr.io/kube-controller-manager:v1.18.6

Look for images with HIGH or CRITICAL severity vulnerabilities and store the output of the same in /opt/trivy-vulnerable.txt

Options:

Buy Now
Page: 1 / 1
Exam Code: CKS
Exam Name: Certified Kubernetes Security Specialist (CKS)
Last Update: Dec 30, 2024
Questions: 48
CKS pdf

CKS PDF

$25.5  $84.99
CKS Engine

CKS Testing Engine

$28.5  $94.99
CKS PDF + Engine

CKS PDF + Testing Engine

$40.5  $134.99