Network Policy Questions
Practice questions for Network Policy topic in Cilium Certified Associate. 36 questions covering this domain.
What is the default traffic posture for a Cilium-managed endpoint before any policy selects it?
An operator wants denied egress from pods to fail fast instead of timing out. What is the documented way to do that?
A developer complains that connections to a forbidden destination hang instead of failing immediately. What is the default deny behavior for Cilium eg...
The first policy that selects an endpoint contains only an ingress section. What happens to that endpoint?
An administrator wants to intercept DNS cluster-wide without making endpoints enter default-deny mode. Which setting enables that pattern?
A team applies a policy with enableDefaultDeny disabled, but it also contains a layer 7 rule and some requests start dropping. What best explains the ...
Which statement about nodeSelector in Cilium policy is correct?
Two allow rules overlap, and one matches a broader set of traffic than the other. How does Cilium evaluate them?
Which policy enforcement mode disables policy enforcement on all endpoints even if rules select them?
A team needs to allow their `api` pods to make outbound HTTPS calls to `api.stripe.com` without allowing all internet egress. Which Cilium policy feat...
In Cilium, what does the `endpointSelector` field of a CiliumNetworkPolicy specify?
An operator observes that denied egress connections from pods hang for 30 seconds instead of failing immediately, impacting application restart times....
An engineer applies the following CiliumNetworkPolicy to pods with `app=frontend` and expects to allow egress to `app=backend` on port 8080. However, ...
A security team enables `policyEnforcementMode=always` on a production cluster. Shortly after, all pods lose the ability to communicate even though no...
An operator wants to write a Cilium network policy that allows ingress traffic only from pods carrying the label `app=payments`. Which selector constr...
A platform team uses `CiliumClusterwideNetworkPolicy` to apply a baseline policy across all nodes. Which selector type is available in `CiliumClusterw...
A security engineer applies a CiliumNetworkPolicy to the `database` pods that contains only an ingress rule allowing traffic from `app=backend` pods. ...
A Cilium operator applies a policy that allows only HTTP GET requests to the path `/api/v1/` on the `backend` service. An application then makes a POS...
If a policy label selector does not include a source prefix, how will Cilium match labels?
Which statement about endpointSelector and nodeSelector is correct in Cilium rule structure?
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.