CNPA
Platform Observability, Security, and Conformance
medium
Question 3 of 40

A platform team wants to ensure a compromised application Pod cannot read Secrets from other namespaces via the Kubernetes API server. Which two controls together best limit this exposure?

ADisable the Kubernetes API server and access etcd directly from application Pods
BBind the Pod ServiceAccount to a minimal RBAC role and apply NetworkPolicy restricting Pod egress to the API server
CRemove all ServiceAccounts from the cluster to prevent any API server access
DUse PodDisruptionBudget to prevent Pod termination during a security investigation

More Platform Observability, Security, and Conformance Questions

40 questions

Full Certified Cloud Native Platform Engineering Associate Practice Test

All topics covered

All Certified Cloud Native Platform Engineering Associate Questions

Browse by topic

Related Questions

Which three signals are considered the three pillars of observability in cloud native systems?...

easy

A platform engineer wants to prevent Pods from running as root across an entire Kubernetes namespace...

easy

A microservices application experiences intermittent latency spikes. A platform engineer wants to id...

medium

A platform team wants to enforce that all Kubernetes workloads define resource requests and limits b...

medium

A platform team wants traffic between microservices inside a Kubernetes cluster to be encrypted in t...

medium
View all Platform Observability, Security, and Conformance questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account