Kubernetes Cluster Component Security Questions
Practice questions for Kubernetes Cluster Component Security topic in Kubernetes and Cloud Native Security Associate. 43 questions covering this domain.
A security administrator must allow API server to kubelet communication across an untrusted network and wants the API server to verify the kubelet's s...
Traffic sent to a ClusterIP Service must be forwarded to the correct backend Pod on each node. Which component typically manages those node-level forw...
A node is upgraded to Kubernetes v1.26+, but the container runtime on that node still lacks support for CRI v1. What should an operator expect?
By default, how does the kubelet treat requests to its HTTPS endpoint that are not rejected by any configured authentication method?
Why does Kubernetes use the Container Runtime Interface, or CRI?
A cluster running in a cloud provider needs to manage load balancers and other provider-specific resources. Which optional control plane component han...
Which Kubernetes component stores the API server's persistent cluster data?
A Pod has already been scheduled to a worker node, but its containers are not starting. Which node component is primarily responsible for ensuring the...
A role grants get access on the nodes/proxy subresource because the author assumes it is read-only. Why is that dangerous?
An operator runs kubectl logs and kubectl port-forward through the control plane. Which connection path is being used behind the scenes?
A newly created Pod has no node assigned yet. Which component chooses a suitable node for it?
An administrator notices that etcd member-to-member traffic on a self-managed cluster is unencrypted, while client-to-etcd is already mTLS. Which etcd...
The kubelet historically exposed an unauthenticated read-only HTTP port that leaked workload information. What is the current default for that port in...
When a node first joins a cluster, the kubelet does not yet have a client certificate. Which Kubernetes feature lets the kubelet automatically obtain ...
Which directory on a kubeadm-bootstrapped control plane node holds the static Pod manifests that the kubelet starts automatically (kube-apiserver, kub...
Which kube-proxy operating mode uses kernel-level connection tracking with a hash-based load balancer that scales better than long iptables chains for...
Which kube-apiserver flag enables the API server to write a structured audit log of API requests to a file on disk?
A CSI driver Pod must mount block devices and bind-mount paths on the host so that workload Pods can use the volumes. From a security perspective, why...
An administrator wants to encrypt Secret objects at rest in etcd without re-architecting storage. Which Kubernetes feature, configured on the kube-api...
An administrator must securely connect kube-apiserver to etcd. Which authentication mechanism is recommended between the API server and etcd?
Sign in to see all 43 questions
Create a free account to browse all questions — completely free during our launch phase.