CKS Exam Dumps | You must complete this task on the following cluster/nodes: Cluster: immutable-cluster Master node: master1

Home
Linux Foundation
Certified Kubernetes Security Specialist (CKS)
LinuxFoundation.CKS.v2023-03-27.q41
Question 19

Valid CKS Dumps shared by ExamDiscuss.com for Helping Passing CKS Exam! ExamDiscuss.com now offer the newest CKS exam dumps, the ExamDiscuss.com CKS exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CKS dumps with Test Engine here:

Access CKS Dumps Premium Version
(49 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 19/41

You must complete this task on the following cluster/nodes: Cluster: immutable-cluster Master node: master1 Worker node: worker1 You can switch the cluster/configuration context using the following command:
[desk@cli] $ kubectl config use-context immutable-cluster
Context: It is best practice to design containers to be stateless and immutable.
Task:
Inspect Pods running in namespace prod and delete any Pod that is either not stateless or not immutable.
Use the following strict interpretation of stateless and immutable:
1. Pods being able to store data inside containers must be treated as not stateless.
Note: You don't have to worry whether data is actually stored inside containers or not already.
2. Pods being configured to be privileged in any way must be treated as potentially not stateless or not immutable.

Correct Answer:

k get pods -n prod
k get pod <pod-name> -n prod -o yaml | grep -E 'privileged|ReadOnlyRootFileSystem' Delete the pods which do have any of these 2 properties privileged:true or ReadOnlyRootFileSystem: false
[desk@cli]$ k get pods -n prod
NAME READY STATUS RESTARTS AGE
cms 1/1 Running 0 68m
db 1/1 Running 0 4m
nginx 1/1 Running 0 23m
[desk@cli]$ k get pod nginx -n prod -o yaml | grep -E 'privileged|RootFileSystem'
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"creationTimestamp":null,"labels":{"run":"nginx"},"name":"nginx","namespace":"prod"},"spec":{"containers":[{"image":"nginx","name":"nginx","resources":{},"securityContext":{"privileged":true}}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always"},"status":{}} f:privileged: {} privileged: true

[desk@cli]$ k delete pod nginx -n prod
[desk@cli]$ k get pod db -n prod -o yaml | grep -E 'privileged|RootFilesystem'

[desk@cli]$ k delete pod cms -n prod Reference: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ https://cloud.google.com/architecture/best-practices-for-operating-containers Reference:
[desk@cli]$ k delete pod cms -n prod Reference: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ https://cloud.google.com/architecture/best-practices-for-operating-containers

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (41q): 1 commentQuestion 1: Using the runtime detection tool Falco, Analyse the containe...; Question 2: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...; Question 3: Context The kubeadm-created cluster's Kubernetes API server ...; Question 4: use the Trivy to scan the following images, 1. amazonlinux:1...; Question 5: SIMULATION Create a RuntimeClass named untrusted using the p...; Question 6: Context A Role bound to a Pod's ServiceAccount grants overly...; Question 7: Create a RuntimeClass named untrusted using the prepared run...; Question 8: Context A container image scanner is set up on the cluster, ...; Question 9: Create a Pod name Nginx-pod inside the namespace testing, Cr...; Question 10: SIMULATION Create a network policy named restrict-np to rest...; Question 11: SIMULATION Analyze and edit the given Dockerfile FROM ubuntu...; Question 12: On the Cluster worker node, enforce the prepared AppArmor pr...; Question 13: You can switch the cluster/configuration context using the f...; Question 14: Analyze and edit the given Dockerfile FROM ubuntu:latest RUN...; Question 15: SIMULATION Create a new ServiceAccount named backend-sa in t...; Question 16: Context A default-deny NetworkPolicy avoids to accidentally ...; Question 17: Using the runtime detection tool Falco, Analyse the containe...; Question 18: You can switch the cluster/configuration context using the f...; Question 19: You must complete this task on the following cluster/nodes: ...; Question 20: SIMULATION Create a RuntimeClass named gvisor-rc using the p...; Question 21: SIMULATION Fix all issues via configuration and restart the ...; Question 22: SIMULATION Enable audit logs in the cluster, To Do so, enabl...; Question 23: Create a network policy named allow-np, that allows pod in t...; Question 24: a. Retrieve the content of the existing secret named default...; Question 25: SIMULATION Secrets stored in the etcd is not secure at rest,...; Question 26: You can switch the cluster/configuration context using the f...; Question 27: Enable audit logs in the cluster, To Do so, enable the log b...; Question 28: Fix all issues via configuration and restart the affected co...; Question 29: Context A CIS Benchmark tool was run against the kubeadm-cre...; Question 30: Context A PodSecurityPolicy shall prevent the creation of pr...; Question 31: Two tools are pre-installed on the cluster's worker node: Us...; Question 32: SIMULATION Create a Pod name Nginx-pod inside the namespace ...; Question 33: SIMULATION Create a network policy named allow-np, that allo...; Question 34: Given an existing Pod named nginx-pod running in the namespa...; Question 35: You can switch the cluster/configuration context using the f...; Question 36: SIMULATION Create a new NetworkPolicy named deny-all in the ...; Question 37: Create a User named john, create the CSR Request, fetch the ...; Question 38: SIMULATION On the Cluster worker node, enforce the prepared ...; Question 39: SIMULATION Using the runtime detection tool Falco, Analyse t...; Question 40: Fix all issues via configuration and restart the affected co...; Question 41: Context AppArmor is enabled on the cluster's worker node. An...

[×]

Download PDF File

Enter your email address to download LinuxFoundation.CKS.v2023-03-27.q41.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 19/41

LEAVE A REPLY

Download PDF File