Linux Foundation KCSA Exam Questions Instant Access

Question 1

On a client machine, what directory (by default) contains sensitive credential information?

A/etc/kubernetes/

B$HOME/.kube

C/opt/kubernetes/secrets/

D$HOME/.config/kubernetes/

Answer : B

Question 2

You are responsible for securing the kubelet component in a Kubernetes cluster.

Which of the following statements about kubelet security is correct?

AKubelet runs as a privileged container by default.

BKubelet does not have any built-in security features.

CKubelet supports TLS authentication and encryption for secure communication with the API server.

DKubelet requires root access to interact with the host system.

Answer : C

Question 3

What was the name of the precursor to Pod Security Standards?

AContainer Runtime Security

BKubernetes Security Context

CContainer Security Standards

DPod Security Policy

Answer : D

Question 4

What does the 'cluster-admin' ClusterRole enable when used in a RoleBinding?

AIt gives full control over every resource in the role binding's namespace, not including the namespace object for isolation purposes.

BIt gives full control over every resource in the cluster and in all namespaces.

CIt gives full control over every resource in the role binding's namespace, including the namespace itself.

DIt allows read/write access to most resources in the role binding's namespace. This role does not allow write access to resource quota, to the namespace itself, and to EndpointSlices (or Endpoints).

Answer : B

Question 5

Which of the following statements regarding a container run with privileged: true is correct?

AA container run with privileged: true within a cluster can access all Secrets used within that cluster.

BA container run with privileged: true within a Namespace can access all Secrets used within that Namespace.

CA container run with privileged: true on a node can access all Secrets used on that node.

DA container run with privileged: true has no additional access to Secrets than if it were run with privileged: false.

Answer : D

Question 6

Which of the following statements best describes the role of the Scheduler in Kubernetes?

AThe Scheduler is responsible for monitoring and managing the health of the Kubernetes cluster.

BThe Scheduler is responsible for ensuring the security of the Kubernetes cluster and its components.

CThe Scheduler is responsible for managing the deployment and scaling of applications in the Kubernetes cluster.

DThe Scheduler is responsible for assigning Pods to nodes based on resource availability and other constraints.

Answer : D

Question 7

In a Kubernetes environment, what kind of Admission Controller can modify resource manifests when applied to the Kubernetes API to fix misconfigurations automatically?

AValidatingAdmissionController

BPodSecurityPolicy

CMutatingAdmissionController

DResourceQuota

Answer : C

Linux Foundation Kubernetes and Cloud Native Security Associate KCSA Exam Questions