Login / Register
Sharpen Your Knowledge with Linux Foundation (Certified Kubernetes Security Specialist) Certification Sample Questions
CertsTime has provided you with a sample question set to elevate your knowledge about the Linux Foundation Certified Kubernetes Security Specialist exam. With these updated sample questions, you can become quite familiar with the difficulty level and format of the real Certified Kubernetes Security Specialist certification test. Try our sample Linux Foundation Certified Kubernetes Security Specialist certification practice exam to get a feel for the real exam environment. Our sample practice exam gives you a sense of reality and an idea of the questions on the actual Linux Foundation Kubernetes Security Specialist certification exam.
Our sample questions are similar to the Real Linux Foundation Certified Kubernetes Security Specialist exam questions. The premium Linux Foundation Certified Kubernetes Security Specialist certification practice exam gives you a golden opportunity to evaluate and strengthen your preparation with real-time scenario-based questions. Plus, by practicing real-time scenario-based questions, you will run into a variety of challenges that will push you to enhance your knowledge and skills.
Linux Foundation Certified Kubernetes Security Specialist Sample Questions:
You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context stage Context: A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace. Task: 1. Create a new PodSecurityPolcy named deny-policy, which prevents the creation of privileged Pods. 2. Create a new ClusterRole name deny-access-role, which uses the newly created PodSecurityPolicy deny-policy. 3. Create a new ServiceAccount named psd-denial-sa in the existing namespace development. Finally, create a new ClusterRoleBindind named restrict-access-bind, which binds the newly created ClusterRole deny-access-role to the newly created ServiceAccount psp-denial-sa
You must complete this task on the following cluster/nodes: Cluster:immutable-cluster Master node:master1 Worker node:worker1
You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context immutable-cluster
Context: It is best practice to design containers to be stateless and immutable. Task: Inspect Pods running in namespaceprodand delete any Pod that is either not stateless or not immutable. Use the following strict interpretation of stateless and immutable: 1. Pods being able to store data inside containers must be treated as not stateless. Note:You don't have to worry whether data is actually stored inside containers or not already. 2. Pods being configured to beprivilegedin any way must be treated as potentially not stateless or not immutable.
Context
A container image scanner is set up on the cluster, but it's not yet fully integrated into the cluster s configuration. When complete, the container image scanner shall scan for and reject the use of vulnerable images.
Task
Given an incomplete configuration in directory /etc/kubernetes/epconfig and a functional container image scanner with HTTPS endpoint https://wakanda.local:8081 /image_policy :
1. Enable the necessary plugins to create an image policy
2. Validate the control configuration and change it to an implicit deny
3. Edit the configuration to point to the provided HTTPS endpoint correctly
Finally, test if the configuration is working by trying to deploy the vulnerable resource /root/KSSC00202/vulnerable-resource.yml.
Cluster:qa-cluster Master node:masterWorker node:worker1 You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context qa-cluster Task: Create a NetworkPolicy namedrestricted-policyto restrict access to Podproductrunning in namespacedev. Only allow the following Pods to connect to Pod products-service: 1. Pods in the namespaceqa 2. Pods with labelenvironment: stage, in any namespace
Using the runtime detection tool Falco, Analyse the container behavior for at least 20 seconds, using filters that detect newly spawning and executing processes in a single container of Nginx.
store the incident file art /opt/falco-incident.txt, containing the detected incidents. one per line, in the format
[timestamp],[uid],[processName]
Note: If there is any error in our Linux Foundation Certified Kubernetes Security Specialist certification exam sample questions, please update us via email at support@certstime.com.
