KCSA
Kubernetes Threat Model
hard
Question 1 of 32

A security reviewer sees that a user has get access on nodes/proxy. Why is this more dangerous than it first appears?

AIt bypasses audit logging and admission control and can reach kubelet APIs that execute commands in containers
BIt automatically disables NetworkPolicies on the affected nodes
CIt lets the user rewrite etcd data directly
DIt only exposes node CPU metrics, which are low risk

More Kubernetes Threat Model Questions

32 questions

Full Kubernetes and Cloud Native Security Associate Practice Test

All topics covered

All Kubernetes and Cloud Native Security Associate Questions

Browse by topic

Related Questions

In normal Kubernetes operation, which control plane component do nodes and Pods talk to remotely whe...

easy

Why is granting permission to create Pods or workload resources in a namespace considered a privileg...

medium

Which RBAC grant is enough to reveal Secret contents even if get permission was never granted?...

medium

A multi-tenant cluster allows semi-trusted users to create many objects, and the operator is worried...

medium

Which permission is risky because it allows issuing tokens for existing ServiceAccounts?...

medium
View all Kubernetes Threat Model questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account