<< Prev Question Next Question >>

Question 11/41

SIMULATION
Analyze and edit the given Dockerfile
FROM ubuntu:latest
RUN apt-get update -y
RUN apt-install nginx -y
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
USER ROOT
Fixing two instructions present in the file being prominent security best practice issues Analyze and edit the deployment manifest file apiVersion: v1 kind: Pod metadata:
name: security-context-demo-2
spec:
securityContext:
runAsUser: 1000
containers:
- name: sec-ctx-demo-2
image: gcr.io/google-samples/node-hello:1.0
securityContext:
runAsUser: 0
privileged: True
allowPrivilegeEscalation: false
Fixing two fields present in the file being prominent security best practice issues Don't add or remove configuration settings; only modify the existing configuration settings Whenever you need an unprivileged user for any of the tasks, use user test-user with the user id 5487

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (41q)
1 commentQuestion 1: Using the runtime detection tool Falco, Analyse the containe...
Question 2: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...
Question 3: Context The kubeadm-created cluster's Kubernetes API server ...
Question 4: use the Trivy to scan the following images, 1. amazonlinux:1...
Question 5: SIMULATION Create a RuntimeClass named untrusted using the p...
Question 6: Context A Role bound to a Pod's ServiceAccount grants overly...
Question 7: Create a RuntimeClass named untrusted using the prepared run...
Question 8: Context A container image scanner is set up on the cluster, ...
Question 9: Create a Pod name Nginx-pod inside the namespace testing, Cr...
Question 10: SIMULATION Create a network policy named restrict-np to rest...
Question 11: SIMULATION Analyze and edit the given Dockerfile FROM ubuntu...
Question 12: On the Cluster worker node, enforce the prepared AppArmor pr...
Question 13: You can switch the cluster/configuration context using the f...
Question 14: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...
Question 15: SIMULATION Create a new ServiceAccount named backend-sa in t...
Question 16: Context A default-deny NetworkPolicy avoids to accidentally ...
Question 17: Using the runtime detection tool Falco, Analyse the containe...
Question 18: You can switch the cluster/configuration context using the f...
Question 19: You must complete this task on the following cluster/nodes: ...
Question 20: SIMULATION Create a RuntimeClass named gvisor-rc using the p...
Question 21: SIMULATION Fix all issues via configuration and restart the ...
Question 22: SIMULATION Enable audit logs in the cluster, To Do so, enabl...
Question 23: Create a network policy named allow-np, that allows pod in t...
Question 24: a. Retrieve the content of the existing secret named default...
Question 25: SIMULATION Secrets stored in the etcd is not secure at rest,...
Question 26: You can switch the cluster/configuration context using the f...
Question 27: Enable audit logs in the cluster, To Do so, enable the log b...
Question 28: Fix all issues via configuration and restart the affected co...
Question 29: Context A CIS Benchmark tool was run against the kubeadm-cre...
Question 30: Context A PodSecurityPolicy shall prevent the creation of pr...
Question 31: Two tools are pre-installed on the cluster's worker node: Us...
Question 32: SIMULATION Create a Pod name Nginx-pod inside the namespace ...
Question 33: SIMULATION Create a network policy named allow-np, that allo...
Question 34: Given an existing Pod named nginx-pod running in the namespa...
Question 35: You can switch the cluster/configuration context using the f...
Question 36: SIMULATION Create a new NetworkPolicy named deny-all in the ...
Question 37: Create a User named john, create the CSR Request, fetch the ...
Question 38: SIMULATION On the Cluster worker node, enforce the prepared ...
Question 39: SIMULATION Using the runtime detection tool Falco, Analyse t...
Question 40: Fix all issues via configuration and restart the affected co...
Question 41: Context AppArmor is enabled on the cluster's worker node. An...