Linux Foundation KCSA Exam Questions Instant Access

Question 1

Which standard approach to security is augmented by the 4C's of Cloud Native security?

AZero Trust

BLeast Privilege

CDefense-in-Depth

DSecure-by-Design

Answer : C

Question 2

In a Kubernetes environment, what kind of Admission Controller can modify resource manifests when applied to the Kubernetes API to fix misconfigurations automatically?

AValidatingAdmissionController

BPodSecurityPolicy

CMutatingAdmissionController

DResourceQuota

Answer : C

Question 3

What mechanism can I use to block unsigned images from running in my cluster?

AEnabling Admission Controllers to validate image signatures.

BUsing PodSecurityPolicy (PSP) to enforce image signing and validation.

CUsing Pod Security Standards (PSS) to enforce validation of signatures.

DConfiguring Container Runtime Interface (CRI) to enforce image signing and validation.

Answer : A

Question 4

What is the purpose of the Supplier Assessments and Reviews control in the NIST 800-53 Rev. 5 set of controls for Supply Chain Risk Management?

ATo evaluate and monitor existing suppliers for adherence to security requirements.

BTo conduct regular audits of suppliers' financial performance.

CTo establish contractual agreements with suppliers.

DTo identify potential suppliers for the organization.

Answer : A

Question 5

What is a multi-stage build?

AA build process that involves multiple developers collaborating on building an image.

BA build process that involves multiple repositories for storing container images.

CA build process that involves multiple containers running simultaneously to speed up the image creation.

DA build process that involves multiple stages of image creation, allowing for smaller, optimized images.

Answer : D

Question 6

How can a user enforce the Pod Security Standard without third-party tools?

AThrough implementing Kyverno or OPA Policies.

BUse the PodSecurity admission controller.

CIt is only possible to enforce the Pod Security Standard with additional tools within the cloud native ecosystem.

DNo additional measures have to be taken to enforce the Pod Security Standard.

Answer : B

Question 7

On a client machine, what directory (by default) contains sensitive credential information?

A/etc/kubernetes/

B$HOME/.kube

C/opt/kubernetes/secrets/

D$HOME/.config/kubernetes/

Answer : B

Linux Foundation Kubernetes and Cloud Native Security Associate KCSA Exam Questions