Practice Free KCSA Exam Online Questions
In a Kubernetes cluster, what are the security risks associated with using ConfigMaps for storing secrets?
- A . Storing secrets in ConfigMaps does not allow for fine-grained access control via RBAC.
- B . Storing secrets in ConfigMaps can expose sensitive information as they are stored in plaintext and can be accessed by unauthorized users.
- C . Using ConfigMaps for storing secrets might make applications incompatible with the Kubernetes cluster.
- D . ConfigMaps store sensitive information in etcd encoded in base64 format automatically, which does not ensure confidentiality of data.
When using a cloud provider’s managed Kubernetes service, who is responsible for maintaining the etcd cluster?
- A . Kubernetes administrator
- B . Namespace administrator
- C . Cloud provider
- D . Application developer
Why might NetworkPolicy resources have no effect in a Kubernetes cluster?
- A . NetworkPolicy resources are only enforced if the Kubernetes scheduler supports them.
- B . NetworkPolicy resources are only enforced if the networking plugin supports them.
- C . NetworkPolicy resources are only enforced for unprivileged Pods.
- D . NetworkPolicy resources are only enforced if the user has the right RBAC permissions.
You are responsible for securing the kubelet component in a Kubernetes cluster.
Which of the following statements about kubelet security is correct?
- A . Kubelet runs as a privileged container by default.
- B . Kubelet does not have any built-in security features.
- C . Kubelet supports TLS authentication and encryption for secure communication with the API server.
- D . Kubelet requires root access to interact with the host system.
Given a standard Kubernetes cluster architecture comprising a single control plane node (hosting both etcd and the control plane as Pods) and three worker nodes, which of the following data flows crosses a trust boundary?
- A . From kubelet to Container Runtime
- B . From kubelet to API Server
- C . From kubelet to Controller Manager
- D . From API Server to Container Runtime
What is a multi-stage build?
- A . A build process that involves multiple developers collaborating on building an image.
- B . A build process that involves multiple repositories for storing container images.
- C . A build process that involves multiple containers running simultaneously to speed up the image creation.
- D . A build process that involves multiple stages of image creation, allowing for smaller, optimized images.
In a Kubernetes environment, what kind of Admission Controller can modify resource manifests when applied to the Kubernetes API to fix misconfigurations automatically?
- A . ValidatingAdmissionController
- B . PodSecurityPolicy
- C . MutatingAdmissionController
- D . ResourceQuota
What mechanism can I use to block unsigned images from running in my cluster?
- A . Enabling Admission Controllers to validate image signatures.
- B . Using PodSecurityPolicy (PSP) to enforce image signing and validation.
- C . Using Pod Security Standards (PSS) to enforce validation of signatures.
- D . Configuring Container Runtime Interface (CRI) to enforce image signing and validation.
In Kubernetes, what is Public Key Infrastructure used for?
- A . To manage certificates and ensure secure communication in a Kubernetes cluster.
- B . To automate the scaling of containers in a Kubernetes cluster.
- C . To manage networking in a Kubernetes cluster.
- D . To monitor and analyze performance metrics of a Kubernetes cluster.
You want to minimize security issues in running Kubernetes Pods.
Which of the following actions can help achieve this goal?
- A . Sharing sensitive data among Pods in the same cluster to improve collaboration.
- B . Running Pods with elevated privileges to maximize their capabilities.
- C . Implement Pod Security standards in the Pod’s YAML configuration.
- D . Deploying Pods with randomly generated names to obfuscate their identities.