Back

Practice Free KCSA Exam Online Questions

Question #11

What is the purpose of an egress NetworkPolicy?

  • A . To control the incoming network traffic to a Kubernetes cluster.
  • B . To control the outbound network traffic from a Kubernetes cluster.
  • C . To secure the Kubernetes cluster against unauthorized access.
  • D . To control the outgoing network traffic from one or more Kubernetes Pods.

Reveal Solution Hide Solution

Correct Answer: D
Question #12

Which of the following statements correctly describes a container breakout?

  • A . A container breakout is the process of escaping the container and gaining access to the Pod’s network traffic.
  • B . A container breakout is the process of escaping a container when it reaches its resource limits.
  • C . A container breakout is the process of escaping the container and gaining access to the cloud provider’s infrastructure.
  • D . A container breakout is the process of escaping the container and gaining access to the host operating system.

Reveal Solution Hide Solution

Correct Answer: D
Question #13

Which way of defining security policy brings consistency, minimizes toil, and reduces the probability of misconfiguration?

  • A . Using a declarative approach to define security policies as code.
  • B . Relying on manual audits and inspections for security policy enforcement.
  • C . Manually configuring security controls for each individual resource, regularly.
  • D . Implementing security policies through manual scripting on an ad-hoc basis.

Reveal Solution Hide Solution

Correct Answer: A
Question #14

How do Kubernetes namespaces impact the application of policies when using Pod Security Admission?

  • A . Namespaces are ignored; Pod Security Admission policies apply cluster-wide only.
  • B . Different policies can be applied to specific namespaces.
  • C . Each namespace can have only one active policy.
  • D . The default namespace enforces the strictest security policies by default.

Reveal Solution Hide Solution

Correct Answer: B
Question #15

What is the main reason an organization would use a Cloud Workload Protection Platform (CWPP) solution?

  • A . To protect containerized workloads from known vulnerabilities and malware threats.
  • B . To automate the deployment and management of containerized workloads.
  • C . To manage networking between containerized workloads in the Kubernetes cluster.
  • D . To optimize resource utilization and scalability of containerized workloads.

Reveal Solution Hide Solution

Correct Answer: A
Question #16

In order to reduce the attack surface of the Scheduler, which default parameter should be set to false?

  • A . –scheduler-name
  • B . –profiling
  • C . –secure-kubeconfig
  • D . –bind-address

Reveal Solution Hide Solution

Correct Answer: B
Question #17

What was the name of the precursor to Pod Security Standards?

  • A . Container Runtime Security
  • B . Kubernetes Security Context
  • C . Container Security Standards
  • D . Pod Security Policy

Reveal Solution Hide Solution

Correct Answer: D
Question #18

Which standard approach to security is augmented by the 4C’s of Cloud Native security?

  • A . Zero Trust
  • B . Least Privilege
  • C . Defense-in-Depth
  • D . Secure-by-Design

Reveal Solution Hide Solution

Correct Answer: C