Scribd
Upload
14 views14 pages

cks1

Uploaded by

Srinivasan Vasanth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views14 pages

cks1

Uploaded by

Srinivasan Vasanth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Limited Time Discount Offer! 15% Off - Ends in 02:15:23 - Use Discount Coupon Code A4T2024

Input your exam code ... 

Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam
Questions

QUESTION NO: 1
Context
A CIS Benchmark tool was run against the kubeadm-created cluster and found multiple issues that must be addressed immediately.
Task
Fix all issues via configuration and restart the affected components to ensure the new settings take effect.
Fix all of the following violations that were found against the API server:

Fix all of the following violations that were found against the Kubelet:

Chat now

https://www.actual4test.com/exam/CKS-questions 1/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Fix all of the following violations that were found against etcd:

Hide answers/explanation  Discussion 0

Correct Answer:

Chat now

https://www.actual4test.com/exam/CKS-questions 2/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Chat now

https://www.actual4test.com/exam/CKS-questions 3/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Chat now

https://www.actual4test.com/exam/CKS-questions 4/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

QUESTION NO: 2
Context
A PodSecurityPolicy shall prevent the creation of privileged Pods in a specific namespace.
Task
Create a new PodSecurityPolicy named prevent-psp-policy,which prevents the creation of privileged Pods.
Create a new ClusterRole named restrict-access-role, which uses the newly created PodSecurityPolicy prevent-psp-policy.
Create a new ServiceAccount named psp-restrict-sa in the existing namespace staging.
Finally, create a new ClusterRoleBinding named restrict-access-bind, which binds the newly created ClusterRole restrict-access-role to the newly created
ServiceAccount psp-restrict-sa.

Chat now

https://www.actual4test.com/exam/CKS-questions 5/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Hide answers/explanation  Discussion 0

Correct Answer:

Chat now

https://www.actual4test.com/exam/CKS-questions 6/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Chat now

https://www.actual4test.com/exam/CKS-questions 7/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Chat now

https://www.actual4test.com/exam/CKS-questions 8/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

QUESTION NO: 3
You can switch the cluster/configuration context using the following command: [desk@cli] $ kubectl config use-context prod-account Context: A Role bound to a Pod's
ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions. Task: Given an existing Pod named web-pod
running in the namespace database. 1. Edit the existing Role bound to the Pod's ServiceAccount test-sa to only allow performing get operations, only on resources of
type Pods. 2. Create a new Role named test-role-2 in the namespace database, which only allows performing update operations, only on resources of type
statuefulsets. 3. Create a new RoleBinding named test-role-2-bind binding the newly created Role to the Pod's ServiceAccount. Note: Don't delete the existing
RoleBinding.

Hide answers/explanation  Discussion 0

Correct Answer:

Chat now

https://www.actual4test.com/exam/CKS-questions 9/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Chat now

https://www.actual4test.com/exam/CKS-questions 10/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

QUESTION NO: 4
Create a RuntimeClass named gvisor-rc using the prepared runtime handler named runsc.
Create a Pods of image Nginx in the Namespace server to run on the gVisor runtime class

Hide answers/explanation  Discussion 0

Correct Answer:

Install the Runtime Class for gVisor


{ # Step 1: Install a RuntimeClass
cat <<EOF | kubectl apply -f -
apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
name: gvisor
handler: runsc
EOF
}
Create a Pod with the gVisor Runtime Class
{ # Step 2: Create a pod
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: nginx-gvisor
spec:
runtimeClassName: gvisor
containers:
- name: nginx
image: nginx
EOF
}
Verify that the Pod is running
{ # Step 3: Get the pod
Chat now

https://www.actual4test.com/exam/CKS-questions 11/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]
kubectl get pod nginx-gvisor -o wide
}

QUESTION NO: 5
You can switch the cluster/configuration context using the following command: [desk@cli] $ kubectl config use-context stage Context: A PodSecurityPolicy shall
prevent the creation of privileged Pods in a specific namespace. Task: 1. Create a new PodSecurityPolcy named deny-policy, which prevents the creation of privileged
Pods. 2. Create a new ClusterRole name deny-access-role, which uses the newly created PodSecurityPolicy deny-policy. 3. Create a new ServiceAccount named psd-
denial-sa in the existing namespace development. Finally, create a new ClusterRoleBindind named restrict-access-bind, which binds the newly created ClusterRole
deny-access-role to the newly created ServiceAccount psp-denial-sa

Hide answers/explanation  Discussion 0

Correct Answer:

Create psp to disallow privileged container


apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: deny-access-role
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- "deny-policy"
k create sa psp-denial-sa -n development
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: restrict-access-bing
roleRef:
kind: ClusterRole
name: deny-access-role
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: psp-denial-sa
namespace: development
Explanation
master1 $ vim psp.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: deny-policy
spec:
privileged: false # Don't allow privileged pods!
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
master1 $ vim cr1.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: deny-access-role
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- "deny-policy"
master1 $ k create sa psp-denial-sa -n development master1 $ vim cb1.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:
name: restrict-access-bing
roleRef:
kind: ClusterRole
name: deny-access-role Chat now

https://www.actual4test.com/exam/CKS-questions 12/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize specific service accounts:
- kind: ServiceAccount
name: psp-denial-sa
namespace: development
master1 $ k apply -f psp.yaml master1 $ k apply -f cr1.yaml master1 $ k apply -f cb1.yaml Reference: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

QUALITY AND VALUE


Actual4test Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all
study materials.

TESTED AND APPROVED


We are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these
authorizations provide.

EASY TO PASS
If you prepare for the exams using our Actual4test testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free
torrent / rapidshare all stuff.

TRY BEFORE BUY


Actual4test offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.

(https://www.actual4test.com)

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test
pdf to succeed.

RECENT DISCUSSIONS

Exam M2010-616 Topic 3 Question 8 Discussion (https://www.actual4test.com/discussions/IBM/exam-m2010-616-topic-3-question-8-discussion-p1099425.html)

Exam 2V0-31.23 Topic 3 Question 23 Discussion (https://www.actual4test.com/discussions/VMware/exam-2v0-31.23-topic-3-question-23-discussion-p1099424.html)

Chat now

https://www.actual4test.com/exam/CKS-questions 13/14
27/12/2024, 16:57 Linux Foundation Certified Kubernetes Security Specialist (CKS) - CKS Free Exam Questions [2024]

Exam 2V0-11.24 Topic 1 Question 279 Discussion (https://www.actual4test.com/discussions/VMware/exam-2v0-11.24-topic-1-question-279-discussion-p1099423.html)

Exam HP0-S43 Topic 1 Question 55 Discussion (https://www.actual4test.com/discussions/HP/exam-hp0-s43-topic-1-question-55-discussion-p1099422.html)

Exam A2040-922 Topic 1 Question 1 Discussion (https://www.actual4test.com/discussions/IBM/exam-a2040-922-topic-1-question-1-discussion-p1099421.html)

Exam M2090-728 Topic 1 Question 6 Discussion (https://www.actual4test.com/discussions/IBM/exam-m2090-728-topic-1-question-6-discussion-p1099420.html)

Exam M6040-424 Topic 1 Question 4 Discussion (https://www.actual4test.com/discussions/IBM/exam-m6040-424-topic-1-question-4-discussion-p1099418.html)

Useful Links

ALL PRODUCTS (HTTPS://WWW.ACTUAL4TEST.COM/ALLPRODUCTS.PHP) 

FREQUENTLY ASKED QUESTIONS (HTTPS://WWW.ACTUAL4TEST.COM/PAGE_FAQS.HTML) 

GUARANTEE & REFUND POLICY (HTTPS://WWW.ACTUAL4TEST.COM/PAGE_GUARANTEE.HTML) 

HOW TO BUY? (HTTPS://WWW.ACTUAL4TEST.COM/PAGE_HOWTOBUY.HTML) 

ABOUT US (HTTPS://WWW.ACTUAL4TEST.COM/PAGE_ABOUT.HTML) 

Contact Us

Our Working Time: ( GMT 0:00-15:00 )


From Monday to Saturday

Support: Contact now  (https://www.actual4test.com/contact.php)

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2024 Actual4test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy
(https://www.actual4test.com/page_privacy.html)

 (https://www.facebook.com/sharer.php?u=https://www.actual4test.com/exam/CKS-questions)
 (https://twitter.com/share?
original_referer=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttp%2Fwww.actual4test.com%2F&source=tweetbutton&text=Actual4test&url=https://www.actual4test.com/exam/CKS-
questions&via=)
 (https://plus.google.com/share?url=https://www.actual4test.com/exam/CKS-questions)
 (https://www.linkedin.com/cws/share?url=https://www.actual4test.com/exam/CKS-questions)
 (https://pinterest.com/pin/create/button/?url=https://www.actual4test.com/exam/CKS-
questions&description=Actual4test&media=https://www.actual4test.com/_/a4t/imgs/product.jpg)

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA
Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners
prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the
brands.

Chat now

https://www.actual4test.com/exam/CKS-questions 14/14

You might also like