Valid CKS Exam Dumps are Your best Choice to Pass

Category:

Comments:

Post Date:


If you are looking to take your career in Kubernetes Security Specialist to the next level, the CKS certification is an excellent option. To prepare for the CKS exam, you need to have a deep understanding of The Linux Foundation products and how to configure them. The best way to prepare for the exam is by using CKS exam dumps questions, which give you a better understanding of the format of the exam. This will help you become familiar with the types of questions you can expect on the actual CKS exam, and it will give you a chance to practice your test-taking skills. Test free online CKS exam dumps questions below.

Page 1 of 2

1. CORRECT TEXT

Create a PSP that will prevent the creation ofprivileged pods in the namespace.

Create a new PodSecurityPolicy named prevent-privileged-policy which prevents the creation of privileged pods.

Create a new ServiceAccount named psp-sa in the namespace default.

Create a new ClusterRole namedprevent-role, which uses the newly created Pod Security Policy prevent-privileged-policy.

Create a new ClusterRoleBinding named prevent-role-binding, which binds the created ClusterRole prevent-role to the created SA psp-sa.

Also, Check the Configuration is working or not by trying to Create a Privileged pod, it should get failed.

2. pods with label version:v1 in any namespace.

Make sure to apply the network policy.

3. CORRECT TEXT

Create a new ServiceAccount named backend-sa in the existing namespace default, which has the capability to list the pods inside thenamespace default.

Create a new Pod named backend-pod in the namespace default, mount the newly created sa backend-sa to the pod, and Verify that the pod is able to list pods.

Ensure that the Pod is running.

4. CORRECT TEXT

Cluster: scanner

Master node: controlplane

Worker node: worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $ kubectl config use-context scanner

Given:

You may use Trivy's documentation.

Task:

Use the Trivy open-source container scanner to detect images with severe vulnerabilities used by Pods in the namespace nato.

Look for images with High or Critical severity vulnerabilities and delete the Pods that use those images.

Trivy is pre-installed on the cluster's master node. Use cluster's master node to use Trivy.

5. Do not use/modify the created files in the following steps, create new temporary files if needed.

Create a new secret names newsecret in the safe namespace, with the following content:

Username: dbadmin

Password: moresecurepas

Finally, create a new Pod that has access to the secret newsecret via a volume:

✑ Namespace:safe

✑ Pod name:mysecret-pod

✑ Container name:db-container

✑ Image:redis

✑ Volume name:secret-vol

✑ Mount path:/etc/mysecret

6. Validate the control configuration and change it to implicit deny.

Finally, test the configuration by deploying the pod having the image tag as the latest.

7. Create a new RoleBinding named test-role-2-bind binding the newly created Role to the Pod's ServiceAccount.

Note: Don't delete the existing RoleBinding.

8. CORRECT TEXT

Using the runtime detection tool Falco, Analyse the container behavior for at least 30 seconds, using filters that detect newly spawning and executing processes store the incident file art /opt/falco-incident.txt, containing the detected incidents. one per line, in the format

[timestamp],[uid],[user-name],[processName]

9. Edit the configuration to point to the provided HTTPS endpoint correctly

Finally, test if the configuration is working by trying to deploy the vulnerable resource /home/cert_masters/test-pod.yml

Note: You can find the container image scanner's log file at /var/log/policy/scanner.log

10. Does not allow access from Pods, not in namespace staging.


 

TAGS:

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Related

Posts