Question 1

What does the 'cluster-admin' ClusterRole enable when used in a RoleBinding?

Options :

A : It gives full control over every resource in the role binding's namespace, not including the namespace object for isolation purposes.

B : It gives full control over every resource in the cluster and in all namespaces.

C : It gives full control over every resource in the role binding's namespace, including the namespace itself.

D : It allows read/write access to most resources in the role binding's namespace. This role does not allow write access to resource quota, to the namespace itself, and to EndpointSlices (or Endpoints).

Answer: B

Question 2

What is the primary purpose of configuring audit logs in a Kubernetes environment?

Options :

A : To enhance the load balancing efficiency across different nodes

B : To track and record actions taken on the Kubernetes API for security monitoring and analysis

C : To automatically adjust pod scaling based on logged events

D : To optimize the allocation of storage resources in the cluster

Answer: B

Question 3

Why is restricting access to Kubernetes’ cluster-level resources critical in mitigating privilege escalation risks?

Options :

A : To improve the performance efficiency of the cluster

B : To optimize resource allocation among different applications in the cluster

C : To prevent unauthorized users or compromised applications from gaining extensive control over the cluster

D : To facilitate better network traffic management within the cluster

Answer: C

Question 4

What is a key security measure for the Kubernetes Controller Manager to prevent unauthorized control of cluster components?

Options :

A : Configuring Horizontal Pod Autoscaling for the Controller Manager

B : Enabling Role-Based Access Control (RBAC) for the Controller Manager-s operations

C : Implementing network policies specific to the Controller Manager

D : Regularly updating container runtime environments in the cluster

Answer: B

Question 5

A Kubernetes cluster tenant can launch privileged pods in contravention of the restricted Pod Security Standard mandated for cluster tenants and enforced by the built-in PodSecurity admission controller. The tenant has full CRUD permissions on the namespace object and the namespaced resources. How did the tenant achieve this?

Options :

A : The scope of the tenant role means privilege escalation is impossible.

B : By tampering with the namespace labels.

C : By deleting the PodSecurity admission controller deployment running in their namespace.

D : By using higher-level access credentials obtained reading secrets from another namespace.

Answer: B

Free KCSA Mock Exam – Practice Online Confidently

Buying Options: