KCSA Exam Dumps | Which step would give an attacker a foothold in a cluster butno long-term persistence?

Home
Linux Foundation
Linux Foundation Kubernetes and Cloud Native Security Associate
LinuxFoundation.KCSA.v2025-12-26.q28
Question 20

Valid KCSA Dumps shared by ExamDiscuss.com for Helping Passing KCSA Exam! ExamDiscuss.com now offer the newest KCSA exam dumps, the ExamDiscuss.com KCSA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com KCSA dumps with Test Engine here:

Access KCSA Dumps Premium Version
(62 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 20/28

Which step would give an attacker a foothold in a cluster butno long-term persistence?

A. Modify Kubernetes objects stored within etcd.

B. Modify file on host filesystem.

C. Starting a process in a running container.

D. Create restarting container on host using Docker.

Correct Answer: C

* Starting a process in a running containerprovides an attacker withtemporary execution (foothold) inside the cluster, but once the container is stopped or restarted, that malicious process is lost. This means the attacker has nolong-term persistence.
* Incorrect options:
* (A) Modifying objects inetcdgrants persistent access since cluster state is stored in etcd.
* (B) Modifying files on thehost filesystemcan create persistence across reboots or container restarts.
* (D) Creating a restarting container directly on the host via Docker bypasses Kubernetes but persists across pod restarts if Docker restarts it.
References:
CNCF Security Whitepaper - Threat Modeling section: Describes howephemeral processes inside containersprovide attackers short-term control but not durable persistence.
Kubernetes Documentation - Cluster Threat Model emphasizes ephemeral vs. persistent attacker footholds.

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (28q): Question 1: Which other controllers are part of the kube-controller-mana...; Question 2: What is the difference between gVisor and Firecracker?...; Question 3: A cluster administrator wants to enforce the use of a differ...; Question 4: You want to minimize security issues in running Kubernetes P...; Question 5: What information is stored in etcd?...; Question 6: In order to reduce the attack surface of the Scheduler, whic...; Question 7: What mechanism can I use to block unsigned images from runni...; Question 8: As a Kubernetes and Cloud Native Security Associate, a user ...; Question 9: An attacker compromises a Pod and attempts to use its servic...; Question 10: You are responsible for securing thekubeletcomponent in a Ku...; Question 11: A container image istrojanizedby an attacker by compromising...; Question 12: Why does the defaultbase64 encodingthat Kubernetes applies t...; Question 13: Which information does a user need to verify a signed contai...; Question 14: Which of the following statements best describes the role of...; Question 15: What was the name of the precursor to Pod Security Standards...; Question 16: How can a user enforce thePod Security Standardwithout third...; Question 17: Which of the following statements best describes the role of...; Question 18: Which standard approach to security is augmented by the 4C's...; Question 19: In which order are thevalidating and mutating admission cont...; Question 20: Which step would give an attacker a foothold in a cluster bu...; Question 21: Which way of defining security policy brings consistency, mi...; Question 22: Which of the following statements correctly describes a cont...; Question 23: Given a standard Kubernetes cluster architecture comprising ...; Question 24: Why mightNetworkPolicyresources have no effect in a Kubernet...; Question 25: In a cluster that contains Nodes withmultiple container runt...; Question 26: What is Grafana?; Question 27: Which of the following is a valid security risk caused by ha...; Question 28: On a client machine, what directory (by default) contains se...

[×]

Download PDF File

Enter your email address to download LinuxFoundation.KCSA.v2025-12-26.q28.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 20/28

LEAVE A REPLY

Download PDF File