Which of the following is the correct way to disable swap on a Kubernetes node to improve security?
This disables swap immediately and permanently.
Why this answer
Disabling swap is a prerequisite for Kubernetes nodes to ensure kubelet works correctly with memory management and resource isolation. Running 'swapoff -a' disables all active swap devices immediately, and removing the swap entry from /etc/fstab prevents swap from being re-enabled after a reboot. This is the standard and complete method recommended by Kubernetes documentation for system hardening.
Exam trap
The trap here is that candidates may think 'vm.swappiness=0' is sufficient to disable swap, but it only minimizes swap usage without actually turning it off, which still violates Kubernetes node requirements.
How to eliminate wrong answers
Option B is wrong because setting 'vm.swappiness=0' only reduces the kernel's tendency to use swap but does not disable it; swap remains active and can still be used, which can cause kubelet instability. Option C is wrong because 'systemctl stop swap' is not a valid systemd command; swap is managed via 'swapoff' or systemd swap units (e.g., 'systemctl stop dev-sda1.swap'), but the generic 'swap' service does not exist. Option D is wrong because 'kubelet --disable-swap' is not a valid kubelet flag; kubelet does not have a built-in option to disable swap, and swap must be disabled at the OS level before starting kubelet.