FreeCram
  1. Home
  2. Linux Foundation
  3. Certified Kubernetes Security Specialist (CKS)
  4. LinuxFoundation.CKS.v2023-03-27.q41
  5. Question 3
<< Prev Question Next Question >>

Question 3/41

Context
The kubeadm-created cluster's Kubernetes API server was, for testing purposes, temporarily configured to allow unauthenticated and unauthorized access granting the anonymous user duster-admin access.
Task
Reconfigure the cluster's Kubernetes API server to ensure that only authenticated and authorized REST requests are allowed.
Use authorization mode Node,RBAC and admission controller NodeRestriction.
Cleaning up, remove the ClusterRoleBinding for user system:anonymous.

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (41q)
1 commentQuestion 1: Using the runtime detection tool Falco, Analyse the containe...
Question 2: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...
Question 3: Context The kubeadm-created cluster's Kubernetes API server ...
Question 4: use the Trivy to scan the following images, 1. amazonlinux:1...
Question 5: SIMULATION Create a RuntimeClass named untrusted using the p...
Question 6: Context A Role bound to a Pod's ServiceAccount grants overly...
Question 7: Create a RuntimeClass named untrusted using the prepared run...
Question 8: Context A container image scanner is set up on the cluster, ...
Question 9: Create a Pod name Nginx-pod inside the namespace testing, Cr...
Question 10: SIMULATION Create a network policy named restrict-np to rest...
Question 11: SIMULATION Analyze and edit the given Dockerfile FROM ubuntu...
Question 12: On the Cluster worker node, enforce the prepared AppArmor pr...
Question 13: You can switch the cluster/configuration context using the f...
Question 14: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...
Question 15: SIMULATION Create a new ServiceAccount named backend-sa in t...
Question 16: Context A default-deny NetworkPolicy avoids to accidentally ...
Question 17: Using the runtime detection tool Falco, Analyse the containe...
Question 18: You can switch the cluster/configuration context using the f...
Question 19: You must complete this task on the following cluster/nodes: ...
Question 20: SIMULATION Create a RuntimeClass named gvisor-rc using the p...
Question 21: SIMULATION Fix all issues via configuration and restart the ...
Question 22: SIMULATION Enable audit logs in the cluster, To Do so, enabl...
Question 23: Create a network policy named allow-np, that allows pod in t...
Question 24: a. Retrieve the content of the existing secret named default...
Question 25: SIMULATION Secrets stored in the etcd is not secure at rest,...
Question 26: You can switch the cluster/configuration context using the f...
Question 27: Enable audit logs in the cluster, To Do so, enable the log b...
Question 28: Fix all issues via configuration and restart the affected co...
Question 29: Context A CIS Benchmark tool was run against the kubeadm-cre...
Question 30: Context A PodSecurityPolicy shall prevent the creation of pr...
Question 31: Two tools are pre-installed on the cluster's worker node: Us...
Question 32: SIMULATION Create a Pod name Nginx-pod inside the namespace ...
Question 33: SIMULATION Create a network policy named allow-np, that allo...
Question 34: Given an existing Pod named nginx-pod running in the namespa...
Question 35: You can switch the cluster/configuration context using the f...
Question 36: SIMULATION Create a new NetworkPolicy named deny-all in the ...
Question 37: Create a User named john, create the CSR Request, fetch the ...
Question 38: SIMULATION On the Cluster worker node, enforce the prepared ...
Question 39: SIMULATION Using the runtime detection tool Falco, Analyse t...
Question 40: Fix all issues via configuration and restart the affected co...
Question 41: Context AppArmor is enabled on the cluster's worker node. An...