Kubernetes Security Fundamentals Questions
Practice questions for Kubernetes Security Fundamentals topic in Kubernetes and Cloud Native Security Associate. 45 questions covering this domain.
An audit policy contains several rules that could match the same API request. Which rule determines the audit level that is applied?
A namespace has a default deny egress NetworkPolicy and applications suddenly cannot resolve DNS names. What is the most likely reason?
A developer needs to store confidential API credentials for a workload. Which Kubernetes object is designed for that purpose?
In Kubernetes v1.22 and later, how are ServiceAccount credentials normally provided to a Pod?
A namespace is labeled pod-security.kubernetes.io/enforce=restricted. What happens when a new Pod violates that enforced policy?
Why is granting list access to Secret objects considered sensitive?
A platform team wants to reuse the same permission set in multiple namespaces but grant it only inside each target namespace. Which RBAC pattern fits ...
A workload should not receive API credentials automatically unless it explicitly needs them. What setting in the Pod spec disables automatic token inj...
Which Pod Security Standards level is aimed at ease of adoption while preventing known privilege escalations?
A team creates a Deployment whose Pod template violates the namespace's enforced Pod Security level. Which statement is correct?
A source Pod and a destination Pod are both selected by NetworkPolicies. Under Kubernetes semantics, when is a connection between them allowed?
Which Kubernetes RBAC pattern allows an organization to extend a built-in ClusterRole over time by labeling additional ClusterRoles so their rules are...
An administrator wants to restrict who may create RoleBindings that reference an existing high-privilege ClusterRole, even when the requester is allow...
Which Pod Security Standards level is the most permissive and is intended for system or infrastructure workloads that legitimately need full privilege...
If no NetworkPolicy objects select a Pod in a namespace, what is the default Kubernetes behavior for ingress and egress traffic to and from that Pod?
An administrator with the cluster-admin role uses kubectl with --as=alice to test a permission. Which RBAC verb on the users resource must the adminis...
In Kubernetes 1.22+, projected ServiceAccount tokens used by Pods include an `audience` claim. What is the security purpose of binding tokens to a spe...
Which Kubernetes audit policy level records the request body and response body for a matching API request, providing the highest fidelity for forensic...
An organization wants to prevent any Pod in a namespace from setting `hostPID: true`, `hostIPC: true`, or `hostNetwork: true` and to apply this at adm...
Which Kubernetes authentication strategy authenticates a user by validating a TLS client certificate signed by a CA that the kube-apiserver trusts via...
Sign in to see all 45 questions
Create a free account to browse all questions — completely free during our launch phase.