Overview of Cloud Native Security Questions
Practice questions for Overview of Cloud Native Security topic in Kubernetes and Cloud Native Security Associate. 28 questions covering this domain.
In a multi-tenant cluster, an image has already been pulled onto a node once. The security team wants every new Pod start to require valid registry cr...
A security instructor explains the 4Cs model for cloud native security. Which layer is the outermost layer in that model?
A Pod in namespace payments must pull from a private registry. Where must the referenced imagePullSecret exist for the Pod spec to use it?
During the distribute phase, a platform team wants to reduce unauthorized pulls of internal container images. Where should those images be placed?
An engineer creates several NetworkPolicy objects to isolate application tiers, but traffic remains completely open. What is the most likely root caus...
A team wants every Pod restart to use the exact same image content even if someone later retags the registry entry. Which image reference best meets t...
A release team already scanned and signed its images. Before workloads are admitted, it now wants to enforce that only cryptographically verified arti...
Which artifact provides a machine-readable inventory of every component, library, and dependency that makes up a piece of software, and is recommended...
A team is choosing between soft multi-tenancy and hard multi-tenancy for a shared cluster. Which statement best describes hard multi-tenancy in Kubern...
An application team wants to find security defects directly in the source code before a build runs in CI. Which class of security testing best describ...
An organization wants to apply defense-in-depth across all 4Cs. Which combination of controls reflects defense-in-depth applied to a single workload?
In the 4Cs of Cloud Native Security model, which layer is the innermost and represents the developer's application logic?
Within the 4Cs model, which Cluster-layer control most directly limits which images may run in a namespace and rejects unsigned or unscanned images at...
A platform team needs stronger workload isolation than standard Linux containers because they run code submitted by untrusted users. Which technology ...
A security lead is defining practices for the develop stage of a cloud native program. Which activity belongs there?
A team wants to reduce supply chain risk before images reach the cluster. Which action is part of the distribute stage?
A team is locking down a private registry and also reviewing how applications handle security-sensitive behavior after startup. Which pair of KCSA dom...
Which concern belongs primarily to the runtime stage of the cloud native security lifecycle?
A platform team signs images with cosign and wants the cluster to admit only verified artifacts. Which approach is strongest?
A team wants to verify not only an image signature but also the authenticity of its software bill of materials before deployment. Which statement is a...
Sign in to see all 28 questions
Create a free account to browse all questions — completely free during our launch phase.