Compliance and Security Frameworks Questions
Practice questions for Compliance and Security Frameworks topic in Kubernetes and Cloud Native Security Associate. 20 questions covering this domain.
Which Tekton resource instantiates a Pipeline for execution with specific inputs, outputs, and execution parameters?
What is Falco primarily observing when it performs runtime detection on Linux systems?
Which CNCF project is designed to provide runtime security detection across hosts, containers, Kubernetes, and cloud environments?
A team wants a Kubernetes extension that installs custom resources used as building blocks for CI/CD workflows. Which project matches that description...
In Tekton Pipelines, which entity defines a series of steps that launch specific build or delivery tools and produce outputs?
An audit team needs continuous, automated evidence that a Kubernetes cluster meets the CIS Kubernetes Benchmark across control plane and worker nodes....
Which NIST publication specifically addresses application container security and is frequently cited in cloud native compliance programs?
A regulated organization must demonstrate that workloads handling cardholder data run with strong access controls, segmentation, and audit logging. Wh...
Which organization publishes the widely-referenced CIS Kubernetes Benchmark used for hardening control plane and node configurations?
Which threat-modeling methodology categorizes threats using the mnemonic Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, ...
What is OpenSSF Scorecard primarily used for?
An organization requires only that build provenance exists for released artifacts. Which SLSA build level satisfies that minimum?
Which statement best describes SLSA Build L3?
A company already has internal open source policies and wants an automated way to gauge repository security posture across many projects. Which use of...
Which additional property distinguishes SLSA Build L2 from L1?
A compliance team wants to ask whether an artifact can be traced to a controlled build process with authenticated provenance. Which framework is most ...
An assessor asks for one measure focused on repository practices and another focused on the integrity level of artifact generation. Which pairing is t...
A security program wants an official, automated signal about whether projects use branch protection, code review, and dependency update practices. Whi...
A team already uses SLSA concepts for artifact provenance but also wants a separate repository posture signal. Which addition is the best complement?
During an audit, a repository passes many quality checks but cannot show trustworthy build provenance for the exact released artifact. What gap remain...
Sign in to see all 20 questions
Create a free account to browse all questions — completely free during our launch phase.