Back to Certified Kubernetes Security Specialist CKS questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Certified Kubernetes Security Specialist CKS practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CKS
exam code
CNCF
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CKS topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymulti select
Full question →

Which TWO of the following are best practices for securing container images?

Question 2hardmulti select
Full question →

A security engineer runs kube-hunter against a production cluster and receives the above output. The cluster uses kubeadm with default settings. Which two actions should the engineer take to remediate the vulnerabilities?

Network Topology
$ kube-hunterreport jsonlog warnRefer to the exhibit.Exhibit:```"vulnerability": "CVE-2020-8558","component": "kubelet","severity": "medium",},"vulnerability": "CVE-2019-11245","severity": "high",
Question 3hardmulti select
Full question →

Which THREE practices help ensure the integrity and confidentiality of container logs in a Kubernetes cluster?

Question 4mediummulti select
Full question →

Which TWO actions are effective for detecting and preventing container breakout attempts using runtime security tools?

Question 5hardmulti select
Full question →

Which THREE of the following are valid methods to restrict access to etcd in a Kubernetes cluster? (Select THREE)

Question 6hardmulti select
Full question →

Which THREE of the following are valid ways to restrict access to etcd? (Select 3)

Question 7mediummulti select
Full question →

Which TWO of the following are valid AppArmor profile modes? (Select two.)

Question 8mediummulti select
Full question →

Which TWO of the following are recommended settings from the CIS Kubernetes Benchmark for the kube-apiserver? (Select 2)

Question 9mediummulti select
Full question →

Which TWO of the following are valid methods to apply a custom seccomp profile to a pod in Kubernetes?

Question 10mediummulti select
Full question →

Which TWO of the following are valid seccomp profile types in Kubernetes? (Select two.)

Question 11hardmulti select
Full question →

Which TWO of the following are valid AppArmor profile modes? (Select 2 correct answers)

Question 12hardmulti select
Full question →

Which THREE of the following are best practices for reducing the attack surface of a Kubernetes node?

Question 13mediummulti select
Full question →

Which TWO of the following are valid methods to apply a seccomp profile to a container? (Select 2 correct answers)

Question 14mediummulti select
Full question →

Which TWO of the following are valid AppArmor profile modes?

Question 15easymulti select
Full question →

Which TWO of the following are valid Kubernetes RuntimeClass handlers for container sandboxing? (Choose two.)

Question 16mediummulti select
Full question →

Which THREE of the following are restrictions enforced by the 'baseline' Pod Security Standard? (Select three.)

Question 17mediummulti select
Full question →

Which THREE of the following actions help reduce the attack surface of containers? (Select 3 correct answers)

Question 18easymulti select
Full question →

Which TWO of the following are valid AppArmor profile modes? (Select two.)

Question 19mediummulti select
Full question →

Which TWO of the following are valid Pod Security Standards levels?

Question 20mediummulti select
Full question →

Which TWO of the following are valid ways to securely manage secrets in Kubernetes? (Choose two.)

These CKS practice questions are part of Courseiva's free CNCF certification practice question bank. Courseiva provides original exam-style CKS questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.