Fundamentals of Kyverno Questions
Practice questions for Fundamentals of Kyverno topic in Kyverno Certified Associate. 36 questions covering this domain.
A team wants to block Namespaces that are missing a required label at admission time. Which Kyverno rule type is designed for that use case?
A policy author writes one validate rule that matches only `Pod` and wants equivalent coverage for Deployments, DaemonSets, Jobs, and CronJobs without...
A platform team wants a Kubernetes-native policy engine that lets it author policies with YAML and CEL instead of learning a new DSL. Which tool best ...
A security engineer wants every deployment to reference immutable OCI image content so later tag retargeting cannot change what runs. Which image refe...
A team changes a rule so `match.resources.kinds` contains both `Pod` and `Deployment`, but it still expects controller auto-generation to occur. What ...
A cluster administrator wants CREATE and UPDATE requests checked before resources are admitted. In cluster, how does Kyverno receive those requests?
How are Kyverno policies typically managed inside a Kubernetes cluster?
An operator wants to install Kyverno into `kube-system` alongside unrelated workloads to save namespaces. What does official installation guidance rec...
A platform engineer wants every new Namespace to automatically receive a default NetworkPolicy and RoleBinding. Which Kyverno rule type should be used...
Which Kyverno rule type would you use to automatically create a default ResourceQuota in every new Namespace?
A Kyverno validate rule has `failureAction: Enforce` set. What happens when a new resource violates this policy?
A team wants to verify that container images in a Deployment are signed using Cosign. They write a `verifyImages` rule. Which statement is true about ...
Which CNCF maturity level has Kyverno achieved?
A Kyverno policy matches only `Pod` kind and uses a `patchesJson6902` mutate rule. Will Kyverno auto-generate equivalent rules for Deployment and Stat...
What is the primary interface through which Kyverno receives resource admission requests from the Kubernetes API server?
A Kyverno policy needs to automatically add a `team` label to every new ConfigMap that does not already have one. Which rule type should be used?
What is the primary purpose of the `deny` block within a Kyverno validate rule?
In a Kyverno policy, what does `failureAction: Audit` do when a resource violates a validate rule?
A cluster operator wants to keep authoring Kyverno `validate.cel` rules but have Kubernetes perform native in-process validation where supported. Whic...
A security team wants Kyverno to reject a Kubernetes manifest if the signed YAML was altered before creation. Which Kyverno capability addresses that ...
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.