FreeCram
  1. Home
  2. Linux Foundation
  3. Certified Kubernetes Security Specialist (CKS)
  4. LinuxFoundation.CKS.v2022-06-08.q25
  5. Question 15

Valid CKS Dumps shared by ExamDiscuss.com for Helping Passing CKS Exam! ExamDiscuss.com now offer the newest CKS exam dumps, the ExamDiscuss.com CKS exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CKS dumps with Test Engine here:

Access CKS Dumps Premium Version
(66 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 15/25

Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted.
Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim.
Create a new ServiceAccount named psp-sa in the namespace restricted.
Create a new ClusterRole named psp-role, which uses the newly created Pod Security Policy prevent-volume-policy
Create a new ClusterRoleBinding named psp-role-binding, which binds the created ClusterRole psp-role to the created SA psp-sa.
Hint:
Also, Check the Configuration is working or not by trying to Mount a Secret in the pod maifest, it should get failed.
POD Manifest:
apiVersion: v1
kind: Pod
metadata:
name:
spec:
containers:
- name:
image:
volumeMounts:
- name:
mountPath:
volumes:
- name:
secret:
secretName:

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (25q)
1 commentQuestion 1: A container image scanner is set up on the cluster. Given an...
Question 2: SIMULATION Create a new NetworkPolicy named deny-all in the ...
Question 3: Context: Cluster: prod Master node: master1 Worker node: wor...
Question 4: Create a Pod name Nginx-pod inside the namespace testing, Cr...
Question 5: SIMULATION Before Making any changes build the Dockerfile wi...
Question 6: Context: Cluster: gvisor Master node: master1 Worker node: w...
Question 7: Using the runtime detection tool Falco, Analyse the containe...
Question 8: You can switch the cluster/configuration context using the f...
Question 9: On the Cluster worker node, enforce the prepared AppArmor pr...
Question 10: SIMULATION On the Cluster worker node, enforce the prepared ...
Question 11: SIMULATION Given an existing Pod named test-web-pod running ...
Question 12: Before Making any changes build the Dockerfile with tag base...
Question 13: SIMULATION Given an existing Pod named nginx-pod running in ...
Question 14: Cluster: dev Master node: master1 Worker node: worker1 You c...
Question 15: Create a PSP that will only allow the persistentvolumeclaim ...
Question 16: Service is running on port 389 inside the system, find the p...
Question 17: Create a RuntimeClass named untrusted using the prepared run...
Question 18: SIMULATION Using the runtime detection tool Falco, Analyse t...
Question 19: You must complete this task on the following cluster/nodes: ...
Question 20: SIMULATION Using the runtime detection tool Falco, Analyse t...
Question 21: SIMULATION use the Trivy to scan the following images, 1. am...
Question 22: Given an existing Pod named nginx-pod running in the namespa...
Question 23: Cluster: qa-cluster Master node: master Worker node: worker1...
Question 24: Fix all issues via configuration and restart the affected co...
Question 25: SIMULATION Enable audit logs in the cluster, To Do so, enabl...