Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Cluster Hardening practice sets

CKS Cluster Hardening • Complete Question Bank

CKS Cluster Hardening — All Questions With Answers

Complete CKS Cluster Hardening question bank — all 0 questions with answers and detailed explanations.

15
Questions
Free
No signup
Certifications/CKS/Practice Test/Cluster Hardening/All Questions
Question 1hardmultiple choice
Read the full Cluster Hardening explanation →

A security team wants to ensure that all pods in a namespace run with a restricted seccomp profile. Which Pod Security Standard admission controller mode should be used to enforce this without blocking necessary pods?

Question 2mediummultiple choice
Read the full Cluster Hardening explanation →

A cluster uses RBAC and a ServiceAccount 'monitor' in namespace 'observability'. The account needs to list pods in all namespaces. Which ClusterRole and binding should be created?

Question 3easymultiple choice
Read the full Cluster Hardening explanation →

An administrator wants to prevent pods from running as root. Which SecurityContext field should be set at the pod level?

Question 4mediummultiple choice
Read the full Cluster Hardening explanation →

A company uses kube-bench to scan their cluster. The report shows a warning: 'Ensure that the --authorization-mode argument is set to Node,RBAC'. What is the best way to fix this?

Question 5hardmultiple choice
Read the full Cluster Hardening explanation →

A pod is failing to start with: 'Error: container has runAsNonRoot and image will run as root'. The pod spec sets securityContext.runAsNonRoot: true. The container image is 'nginx:latest' which runs as root. Which change allows the pod to run while maintaining security?

Question 6easymultiple choice
Read the full Cluster Hardening explanation →

Which Kubernetes resource should be used to restrict egress traffic from pods?

Question 7mediummultiple choice
Read the full Cluster Hardening explanation →

A developer created a ClusterRole 'pod-reader' with rules to get, list, and watch pods. They bound it to a user via ClusterRoleBinding. The user reports they cannot list pods in namespace 'test'. What is the most likely cause?

Question 8hardmultiple choice
Read the full Cluster Hardening explanation →

A cluster has a PodSecurityPolicy that requires 'RunAsAny' for the user. An administrator wants to enforce that all pods in namespace 'production' must run with a specific seccomp profile. Which approach is recommended given PSP is deprecated?

Question 9mediummulti select
Read the full Cluster Hardening explanation →

Which TWO of the following are valid ways to restrict access to the Kubernetes API server?

Question 10hardmulti select
Read the full Cluster Hardening explanation →

Which THREE of the following are required to secure etcd in a Kubernetes cluster?

Question 11easymulti select
Read the full Cluster Hardening explanation →

Which TWO of the following are best practices for securing container images?

Question 12hardmulti select
Read the full Cluster Hardening explanation →

Which THREE of the following are valid methods to enforce pod security standards in a Kubernetes cluster?

Question 13hardmultiple choice
Read the full Cluster Hardening explanation →

You are the security engineer for a multi-tenant Kubernetes cluster. The cluster uses kubeadm and runs Kubernetes v1.24. Each tenant has a dedicated namespace. A new tenant, 'acme-corp', requires that all pods in their namespace run with a read-only root filesystem and must not be able to escalate privileges. They also need to run a legacy container that must listen on a port below 1024. The cluster currently uses PodSecurityPolicy (PSP) but is planning to migrate to Pod Security Admission (PSA). The legacy container needs to run as non-root with the NET_BIND_SERVICE capability to bind to port 80. You need to configure security policies for the 'acme-corp' namespace without affecting other tenants. Which approach best meets these requirements while following Kubernetes best practices?

Question 14mediumdrag order
Read the full Cluster Hardening explanation →

Arrange the steps to enable and configure audit logging in Kubernetes.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediummatching
Read the full Cluster Hardening explanation →

Match each Kubernetes security tool or feature to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Checks whether Kubernetes is deployed securely according to CIS benchmarks

Penetration testing tool for Kubernetes clusters

Policy engine for enforcing custom policies on Kubernetes resources

Runtime security monitoring tool that detects abnormal behavior

Vulnerability scanner for container images, filesystems, and Git repos

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CKS Practice Test 1 — 10 Questions→CKS Practice Test 2 — 10 Questions→CKS Practice Test 3 — 10 Questions→CKS Practice Test 4 — 10 Questions→CKS Practice Test 5 — 10 Questions→CKS Practice Exam 1 — 20 Questions→CKS Practice Exam 2 — 20 Questions→CKS Practice Exam 3 — 20 Questions→CKS Practice Exam 4 — 20 Questions→Free CKS Practice Test 1 — 30 Questions→Free CKS Practice Test 2 — 30 Questions→Free CKS Practice Test 3 — 30 Questions→CKS Practice Questions 1 — 50 Questions→CKS Practice Questions 2 — 50 Questions→CKS Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Monitoring Logging and Runtime SecurityCluster Setup and HardeningSystem HardeningMinimize Microservice VulnerabilitiesSupply Chain SecurityMonitoring, Logging and Runtime SecurityCluster SetupCluster Hardening

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Cluster Hardening setsAll Cluster Hardening questionsCKS Practice Hub