Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Monitoring Logging and Runtime Security practice sets

CKS Monitoring Logging and Runtime Security • Complete Question Bank

CKS Monitoring Logging and Runtime Security — All Questions With Answers

Complete CKS Monitoring Logging and Runtime Security question bank — all 0 questions with answers and detailed explanations.

18
Questions
Free
No signup
Certifications/CKS/Practice Test/Monitoring Logging and Runtime Security/All Questions
Question 1mediummultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A security team wants to detect anomalous process executions in containers without modifying the container images or requiring agents inside containers. Which approach is most suitable?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

An organization uses Kubernetes with multiple namespaces and wants to ensure that containers running as non-root cannot escalate to root via setuid binaries. Which combination of security contexts and Pod Security Standards achieves this?

Question 3easymultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A DevOps engineer notices that a container's stdout logs are not appearing in the `kubectl logs` output. The container runs a legacy application that writes logs to a file inside the container. What is the most efficient way to capture these logs without modifying the application?

Question 4hardmultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A security auditor requires that all container images used in the cluster are scanned for vulnerabilities before deployment. The team uses a private registry with image signing. Which solution enforces that only signed and scanned images are deployed?

Question 5easymultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A cluster administrator wants to monitor network traffic between pods for security analysis. Which tool is designed specifically for this purpose and integrates with Kubernetes?

Question 6mediummulti select
Read the full Monitoring Logging and Runtime Security explanation →

Which TWO actions are effective for detecting and preventing container breakout attempts using runtime security tools?

Question 7hardmulti select
Read the full Monitoring Logging and Runtime Security explanation →

Which THREE practices help ensure the integrity and confidentiality of container logs in a Kubernetes cluster?

Question 8mediummultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A DevOps team is deploying a new microservice that processes sensitive payment data. The security policy requires that all file system writes outside the /tmp directory be logged and alerted. Which runtime security tool and configuration best achieves this requirement with minimal performance impact?

Question 9hardmulti select
Read the full Monitoring Logging and Runtime Security explanation →

A security engineer runs kube-hunter against a production cluster and receives the above output. The cluster uses kubeadm with default settings. Which two actions should the engineer take to remediate the vulnerabilities?

Network Topology
$ kube-hunterreport jsonlog warnRefer to the exhibit.Exhibit:```"vulnerability": "CVE-2020-8558","component": "kubelet","severity": "medium",},"vulnerability": "CVE-2019-11245","severity": "high",
Question 10easymulti select
Read the full Monitoring Logging and Runtime Security explanation →

An auditor requires that all audit logs from the Kubernetes API server be stored for 90 days and be tamper-proof. Which TWO measures should be implemented?

Question 11hardmultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

You are a security engineer for a financial services company running a Kubernetes cluster with 50 nodes. The cluster uses containerd as the container runtime and Calico for networking. The security team has detected unusual outbound network connections from a pod running in the 'payments' namespace to an external IP address known to be a command-and-control server. The pod is part of a Deployment named 'payment-processor' with 3 replicas. The cluster has a Falco daemonset deployed with default rules, and audit logging is enabled for the API server. You need to quickly identify the compromised container and contain the threat. Which action should you take FIRST?

Question 12easymulti select
Read the full Monitoring Logging and Runtime Security explanation →

You are auditing a cluster for runtime security best practices. Which TWO of the following actions are recommended to improve container runtime security?

Question 13mediummultiple choice
Read the full Monitoring Logging and Runtime Security explanation →

A security team deploys the above pod and profile. The pod runs but a security scan reports that mount-related syscalls are being allowed instead of logged. What is the most likely reason?

Exhibit

Refer to the exhibit.
```
apiVersion: v1
kind: Pod
metadata:
  name: security-pod
spec:
  containers:
  - name: test
    image: alpine
    command: ["sleep", "3600"]
    securityContext:
      seccompProfile:
        type: Localhost
        localhostProfile: "profiles/audit.json"
      capabilities:
        add: ["SYS_ADMIN"]
```
The seccomp profile at /var/lib/kubelet/seccomp/profiles/audit.json contains:
```
{
  "defaultAction": "SCMP_ACT_ALLOW",
  "architectures": ["SCMP_ARCH_X86_64"],
  "syscalls": [
    {
      "names": ["mount", "umount2"],
      "action": "SCMP_ACT_LOG"
    }
  ]
}
```
Question 14hardmultiple choice
Read the full NAT/PAT explanation →

You are responsible for a production Kubernetes cluster running critical workloads. The cluster uses containerd as the container runtime. The security team has deployed Falco with default rules and it is running as a DaemonSet. Recently, the team noticed that several pods have been unexpectedly terminated by the OOMKiller. You suspect a container is performing a fork bomb attack, exhausting memory. You need to detect and prevent such attacks in real-time. Falco is already installed. Which single action should you take to best address this threat?

Question 15mediumdrag order
Read the full Monitoring Logging and Runtime Security explanation →

Arrange the steps to configure and use kube-bench to audit a Kubernetes cluster's security.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediumdrag order
Read the full Monitoring Logging and Runtime Security explanation →

Order the steps to recover a Kubernetes cluster after a control plane failure where the API server certificate has expired.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediummatching
Read the full Monitoring Logging and Runtime Security explanation →

Match each Kubernetes command to its function related to security.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Check whether an action is allowed for a user or service account

Approve a certificate signing request (CSR)

Run a temporary interactive pod for troubleshooting

Create a secret from literals, files, or directories

Apply a PodSecurityPolicy configuration (deprecated)

Question 18mediummatching
Read the full Monitoring Logging and Runtime Security explanation →

Match each Kubernetes certificate type to its usage.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Used by kubelet to serve the kubelet API (e.g., exec, logs)

Used by kubelet to authenticate to the API server

Used by the API server to serve HTTPS endpoints

Used to sign service account tokens so they can be verified

Used by an administrator to authenticate to the cluster with full privileges

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CKS Practice Test 1 — 10 Questions→CKS Practice Test 2 — 10 Questions→CKS Practice Test 3 — 10 Questions→CKS Practice Test 4 — 10 Questions→CKS Practice Test 5 — 10 Questions→CKS Practice Exam 1 — 20 Questions→CKS Practice Exam 2 — 20 Questions→CKS Practice Exam 3 — 20 Questions→CKS Practice Exam 4 — 20 Questions→Free CKS Practice Test 1 — 30 Questions→Free CKS Practice Test 2 — 30 Questions→Free CKS Practice Test 3 — 30 Questions→CKS Practice Questions 1 — 50 Questions→CKS Practice Questions 2 — 50 Questions→CKS Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Monitoring Logging and Runtime SecurityCluster Setup and HardeningSystem HardeningMinimize Microservice VulnerabilitiesSupply Chain SecurityMonitoring, Logging and Runtime SecurityCluster SetupCluster Hardening

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Monitoring Logging and Runtime Security setsAll Monitoring Logging and Runtime Security questionsCKS Practice Hub