1. Home
  2. Linux Foundation
  3. CKS Exam Questions

Free CKS Exam Questions - Linux Foundation CKS Exam

Linux Foundation CKS Exam

Certified Kubernetes Security Specialist

Total Questions: 48

Linux Foundation CKS Exam - Prepare from Latest, Not Redundant Questions!

Many candidates desire to prepare their Linux Foundation CKS exam with the help of only updated and relevant study material. But during their research, they usually waste most of their valuable time with information that is either not relevant or outdated. Study4Exam has a fantastic team of subject-matter experts that make sure you always get the most up-to-date preparatory material. Whenever there is a change in the syllabus of the Certified Kubernetes Security Specialist exam, our team of experts updates CKS questions and eliminates outdated questions. In this way, we save you money and time.

Do Not Fall for Cheap and Old Linux Foundation CKS Exam Questions

Study4Exam offers Premium High-Quality Exam Questions

Find out what will be covered on the exam and how it will be presented so you can prepare adequately. You can better prepare for the Linux Foundation CKS exam by familiarizing yourself with the types of questions and topics covered on the exam. Don't squander your time studying irrelevant material; instead, focus on what will be on the actual Kubernetes Security Specialist exam.

Not Just Questions - Get Real Linux Foundation CKS Exam Experience

Create a schedule that allows you to devote sufficient time each day to studying for the Certified Kubernetes Security Specialist exam. Try to cover the complete syllabus of the Kubernetes Security Specialist exam. Do a self-assessment of preparation to know your weak spots. Fill these gaps in your preparation with our preparatory material and ace your exam on the first attempt.

Linux Foundation CKS Questions

Q1.

Context:

Cluster:prod

Master node:master1

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context prod

Task:

Analyse and edit the given Dockerfile (based on theubuntu:18:04image)

/home/cert_masters/Dockerfilefixing two instructions present in the file being prominent security/best-practice issues.

Analyse and edit the given manifest file

/home/cert_masters/mydeployment.yamlfixing two fields present in the file being prominent security/best-practice issues.

Note:Don't add or remove configuration settings; only modify the existing configuration settings, so that two configuration settings each are no longer security/best-practice concerns.

Should you need an unprivileged user for any of the tasks, use usernobodywith user id65535

Q2.

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context stage

Context:

A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.

Task:

1. Create a new PodSecurityPolcy named deny-policy, which prevents the creation of privileged Pods.

2. Create a new ClusterRole name deny-access-role, which uses the newly created PodSecurityPolicy deny-policy.

3. Create a new ServiceAccount named psd-denial-sa in the existing namespace development.

Finally, create a new ClusterRoleBindind named restrict-access-bind, which binds the newly created ClusterRole deny-access-role to the newly created ServiceAccount psp-denial-sa

Q3.

You must complete this task on the following cluster/nodes: Cluster:immutable-cluster

Master node:master1

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context immutable-cluster

Context: It is best practice to design containers to be stateless and immutable.

Task:

Inspect Pods running in namespaceprodand delete any Pod that is either not stateless or not immutable.

Use the following strict interpretation of stateless and immutable:

1. Pods being able to store data inside containers must be treated as not stateless.

Note:You don't have to worry whether data is actually stored inside containers or not already.

2. Pods being configured to beprivilegedin any way must be treated as potentially not stateless or not immutable.

Q4.

Cluster:admission-cluster

Master node:master

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context admission-cluster

Context:

A container image scanner is set up on the cluster, but it's not yet fully integrated into the cluster's configuration. When complete, the container image scanner shall scan for and reject the use of vulnerable images.

Task:

You have to complete the entire task on the cluster's master node, where all services and files have been prepared and placed.

Given an incomplete configuration in directory /etc/Kubernetes/config and a functional container image scanner with HTTPS endpoint https://imagescanner.local:8181/image_policy:

1. Enable the necessary plugins to create an image policy

2. Validate the control configuration and change it to an implicit deny

3. Edit the configuration to point to the provided HTTPS endpoint correctly

Finally, test if the configuration is working by trying to deploy the vulnerable resource /home/cert_masters/test-pod.yml

Note: You can find the container image scanner's log file at /var/log/policy/scanner.log

Q5.

Cluster:qa-cluster

Master node:masterWorker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context qa-cluster

Task:

Create a NetworkPolicy namedrestricted-policyto restrict access to Podproductrunning in namespacedev.

Only allow the following Pods to connect to Pod products-service:

1. Pods in the namespaceqa

2. Pods with labelenvironment: stage, in any namespace

Solutions:
Question: 1 Answer: A
Question: 2 Answer: A
Question: 3 Answer: A
Question: 4 Answer: A
Question: 5 Answer: A

Limited Time Offer

50%

Off

Get Premium CKS Questions as Interactive Practice Test or PDF

Get Full Access for Linux Foundation CKS questions with 50% exclusive Discount

Get All Questions

Note: If you see any error in these Linux Foundation Certified Kubernetes Security Specialist questions or answers, get in touch with us via email: support@study4exam.com.

Linux Foundation Kubernetes | CKS Valid Dumps | Kubernetes Security Specialist Exam Questions

Disscuss Linux Foundation CKS Topics, Questions or Ask Anything Related

Currently there are no comments in this discussion, be the first to comment!