CKS Monitoring Logging and Runtime Security • Complete Question Bank
Complete CKS Monitoring Logging and Runtime Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
apiVersion: v1
kind: Pod
metadata:
name: security-pod
spec:
containers:
- name: test
image: alpine
command: ["sleep", "3600"]
securityContext:
seccompProfile:
type: Localhost
localhostProfile: "profiles/audit.json"
capabilities:
add: ["SYS_ADMIN"]
```
The seccomp profile at /var/lib/kubelet/seccomp/profiles/audit.json contains:
```
{
"defaultAction": "SCMP_ACT_ALLOW",
"architectures": ["SCMP_ARCH_X86_64"],
"syscalls": [
{
"names": ["mount", "umount2"],
"action": "SCMP_ACT_LOG"
}
]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Check whether an action is allowed for a user or service account
Approve a certificate signing request (CSR)
Run a temporary interactive pod for troubleshooting
Create a secret from literals, files, or directories
Apply a PodSecurityPolicy configuration (deprecated)
Drag a concept onto its matching description — or click a concept then click the description.
Used by kubelet to serve the kubelet API (e.g., exec, logs)
Used by kubelet to authenticate to the API server
Used by the API server to serve HTTPS endpoints
Used to sign service account tokens so they can be verified
Used by an administrator to authenticate to the cluster with full privileges