Writing Policies Questions
Practice questions for Writing Policies topic in Kyverno Certified Associate. 64 questions covering this domain.
A platform team wants Kyverno to remove temporary resources automatically after a set time without writing a full cleanup policy. Which reserved label...
A validate policy matches only `Pod` and uses a pattern on `metadata.namespace`. The author wants controller coverage through auto-generation. Why can...
A mutate rule uses `foreach` with `patchesJson6902` to add `securityContext` to every container. Which variable lets the patch refer to the current li...
A team tries to populate `verifyImages.imageReferences` from a ConfigMap using `{{ }}` variables so the allowed image list is dynamic. What does offic...
A generate rule needs to create a brand-new ConfigMap whose contents are written directly inside the policy. Which source type should be used?
Which statement about `verifyImages.imageReferences` is correct?
A mutate rule uses `patchStrategicMerge` to update fields inside `spec.containers[]`. What must be present for the merge to occur on other container f...
When a resource matches a rule but the combined preconditions evaluate to false, how is that rule treated?
A mutate rule uses `patchesJson6902` and matches only `Pod`. The author expects the same JSON patch to be auto-generated for Deployments. What is the ...
What does the add anchor notation `+(runAsNonRoot): true` do in a mutate rule?
A policy should apply only to Services where `spec.type` is `NodePort`. Why is a precondition a good fit for that requirement?
A validate rule uses `failureAction: Audit`. What happens when a matching new resource violates the rule?
Which two patch styles are supported for Kyverno mutate rules?
A mutate existing policy is triggered by a Secret update and then patches existing Deployments. Which statement is correct about how that mutation run...
A cluster already has many Namespaces before a new generate policy is installed. Which setting makes Kyverno create target resources for those existin...
A generate rule clones a Secret into every new Namespace with `synchronize: true`. The source Secret is later modified. What should happen to the down...
In a Kyverno policy, what is the `request.userInfo` variable used for?
In a Kyverno validate rule, what does `anyPattern` require for a resource to pass validation?
A CleanupPolicy is defined with a `schedule` field set to a cron expression. Which Kyverno controller processes this policy?
In a Kyverno `foreach` mutation rule, which variable refers to the index of the current element being processed?
Sign in to see all 64 questions
Create a free account to browse all questions — completely free during our launch phase.