CKS Cluster Setup and Hardening • Complete Question Bank
Complete CKS Cluster Setup and Hardening question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Admission controller that enforces security constraints on pods
Defines how groups of pods can communicate with each other and other network endpoints
Role-based access control for authorization within the cluster
Linux security facility to restrict system calls from a container
Mandatory access control system that confines programs to a limited set of resources
Drag a concept onto its matching description — or click a concept then click the description.
Prevents processes from gaining more privileges than their parent
Ensures the container runs with a user ID that is not 0 (root)
Mounts the container's root filesystem as read-only
Drops all Linux capabilities, minimizing kernel privileges
Disables privileged mode, preventing access to host devices
A developer creates a pod with the following YAML: apiVersion: v1 kind: Pod metadata: name: mypod spec: serviceAccountName: default automountServiceAccountToken: true containers: - name: app image: nginx
What is the security concern with this configuration?