KCSA Exam Dumps | Which of the following is a valid security risk caused by having no egress controls in a Kubernetes cluster?

Home
Linux Foundation
Linux Foundation Kubernetes and Cloud Native Security Associate
LinuxFoundation.KCSA.v2025-12-26.q28
Question 27

Valid KCSA Dumps shared by EduDump.com for Helping Passing KCSA Exam! EduDump.com now offer the newest KCSA exam dumps, the EduDump.com KCSA exam questions have been updated and answers have been corrected get the newest EduDump.com KCSA dumps with Test Engine here:

Access KCSA Dumps Premium Version
(62 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 27/28

Which of the following is a valid security risk caused by having no egress controls in a Kubernetes cluster?

A. Denial of Service

B. Data exfiltration

C. Increased attack surface

D. Unauthorized access to external resources

Correct Answer: B

* Egress NetworkPoliciesrestrict outbound traffic from Pods.
* Without egress restrictions, a compromised Pod could exfiltrate sensitive data (secrets, logs, customer data) to an attacker-controlled server.
* Exact extract (Kubernetes Docs - Network Policies):
* "Egress rules control outbound connections from Pods. Without such restrictions, compromised workloads can connect freely to external endpoints."
* Other options clarified:
* A: DoS is more about flooding, not egress absence.
* C: "Increased attack surface" is vague but not the main risk.
* D: True in a sense, but the precise and most common risk isdata exfiltration.
References:
Kubernetes Docs - Network Policies: https://kubernetes.io/docs/concepts/services-networking/network- policies/

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (28q): Question 1: Which other controllers are part of the kube-controller-mana...; Question 2: What is the difference between gVisor and Firecracker?...; Question 3: A cluster administrator wants to enforce the use of a differ...; Question 4: You want to minimize security issues in running Kubernetes P...; Question 5: What information is stored in etcd?...; Question 6: In order to reduce the attack surface of the Scheduler, whic...; Question 7: What mechanism can I use to block unsigned images from runni...; Question 8: As a Kubernetes and Cloud Native Security Associate, a user ...; Question 9: An attacker compromises a Pod and attempts to use its servic...; Question 10: You are responsible for securing thekubeletcomponent in a Ku...; Question 11: A container image istrojanizedby an attacker by compromising...; Question 12: Why does the defaultbase64 encodingthat Kubernetes applies t...; Question 13: Which information does a user need to verify a signed contai...; Question 14: Which of the following statements best describes the role of...; Question 15: What was the name of the precursor to Pod Security Standards...; Question 16: How can a user enforce thePod Security Standardwithout third...; Question 17: Which of the following statements best describes the role of...; Question 18: Which standard approach to security is augmented by the 4C's...; Question 19: In which order are thevalidating and mutating admission cont...; Question 20: Which step would give an attacker a foothold in a cluster bu...; Question 21: Which way of defining security policy brings consistency, mi...; Question 22: Which of the following statements correctly describes a cont...; Question 23: Given a standard Kubernetes cluster architecture comprising ...; Question 24: Why mightNetworkPolicyresources have no effect in a Kubernet...; Question 25: In a cluster that contains Nodes withmultiple container runt...; Question 26: What is Grafana?; Question 27: Which of the following is a valid security risk caused by ha...; Question 28: On a client machine, what directory (by default) contains se...

[×]

Download PDF File

Enter your email address to download LinuxFoundation.KCSA.v2025-12-26.q28.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 27/28

LEAVE A REPLY

Download PDF File