Question 1

Why is it important to regularly review and analyze Kubernetes audit logs?

Options :

A : To improve the performance of applications running in the cluster

B : To ensure high availability of services within the cluster

C : To detect and investigate suspicious activities or potential security incidents within the cluster

D : To manage the network bandwidth usage among cluster components

Answer: C

Question 2

In the context of Kubernetes cluster security, how can the Scheduler component be secured to prevent unauthorized scheduling of pods?

Options :

A : By implementing Horizontal Pod Autoscaling for the Scheduler

B : By applying Network Policies specific to the Scheduler

C : By enforcing Role-Based Access Control (RBAC) for scheduling decisions

D : By using a Service Mesh to manage traffic to the Scheduler

Answer: C

Question 3

What is the role of a Certificate Authority (CA) in the PKI setup of a Kubernetes cluster?

Options :

A : To provide load balancing between different Kubernetes services

B : To manage the distribution of secrets within the Kubernetes cluster

C : To issue and manage digital certificates for secure communication within the cluster

D : To optimize network traffic routing within the Kubernetes environment

Answer: C

Question 4

Why is the secure management of secrets in persistent storage important in Kubernetes threat modeling?

Options :

A : To facilitate seamless scaling of applications based on storage demands

B : To prevent unauthorized access to sensitive information like credentials and keys stored as secrets

C : To optimize the load balancing across different storage resources

D : To improve the network communication efficiency between storage volumes and pods

Answer: B

Question 5

What does the 'cluster-admin' ClusterRole enable when used in a RoleBinding?

Options :

A : It gives full control over every resource in the role binding's namespace, not including the namespace object for isolation purposes.

B : It gives full control over every resource in the cluster and in all namespaces.

C : It gives full control over every resource in the role binding's namespace, including the namespace itself.

D : It allows read/write access to most resources in the role binding's namespace. This role does not allow write access to resource quota, to the namespace itself, and to EndpointSlices (or Endpoints).

Answer: B

Confidently Practice Online with Free KCSA Exam Cram

Buying Options: