Last Update Oct 9, 2024
Total Questions : 48
Last Update Oct 9, 2024
Total Questions : 48
Certified Kubernetes Security Specialist (CKS)
Last Update Oct 9, 2024
Total Questions : 48
Why Choose CertsBoard
Customers Passed
Linux Foundation CKS
Average Score In Real
Exam At Testing Centre
Questions came word by
word from this dump
Try a free demo of our Linux Foundation CKS PDF and practice exam software before the purchase to get a closer look at practice questions and answers.
We provide up to 3 months of free after-purchase updates so that you get Linux Foundation CKS practice questions of today and not yesterday.
We have a long list of satisfied customers from multiple countries. Our Linux Foundation CKS practice questions will certainly assist you to get passing marks on the first attempt.
CertsBoard offers Linux Foundation CKS PDF questions, web-based and desktop practice tests that are consistently updated.
CertsBoard has a support team to answer your queries 24/7. Contact us if you face login issues, payment and download issues. We will entertain you as soon as possible.
Thousands of customers passed the Linux Foundation Designing Linux Foundation Azure Infrastructure Solutions exam by using our product. We ensure that upon using our exam products, you are satisfied.
Context
A container image scanner is set up on the cluster, but it's not yet fully integrated into the cluster s configuration. When complete, the container image scanner shall scan for and reject the use of vulnerable images.
Task
Given an incomplete configuration in directory /etc/kubernetes/epconfig and a functional container image scanner with HTTPS endpoint https://wakanda.local:8081 /image_policy :
1. Enable the necessary plugins to create an image policy
2. Validate the control configuration and change it to an implicit deny
3. Edit the configuration to point to the provided HTTPS endpoint correctly
Finally, test if the configuration is working by trying to deploy the vulnerable resource /root/KSSC00202/vulnerable-resource.yml.
You can switch the cluster/configuration context using the following command:
[desk@cli] $ kubectl config use-context test-account
Task: Enable audit logs in the cluster.
To do so, enable the log backend, and ensure that:
1. logs are stored at /var/log/Kubernetes/logs.txt
2. log files are retained for 5 days
3. at maximum, a number of 10 old audit log files are retained
A basic policy is provided at /etc/Kubernetes/logpolicy/audit-policy.yaml. It only specifies what not to log.
Note: The base policy is located on the cluster's master node.
Edit and extend the basic policy to log:
1. Nodes changes at RequestResponse level
2. The request body of persistentvolumes changes in the namespace frontend
3. ConfigMap and Secret changes in all namespaces at the Metadata level
Also, add a catch-all rule to log all other requests at the Metadata level
Note: Don't forget to apply the modified policy.
use the Trivy to scan the following images,
1. amazonlinux:1
2. k8s.gcr.io/kube-controller-manager:v1.18.6
Look for images with HIGH or CRITICAL severity vulnerabilities and store the output of the same in /opt/trivy-vulnerable.txt