KCSA Exam Dumps | Why does the defaultbase64 encodingthat Kubernetes applies to the contents of Secret resources provide

Home
Linux Foundation
Linux Foundation Kubernetes and Cloud Native Security Associate
LinuxFoundation.KCSA.v2025-12-26.q28
Question 12

Valid KCSA Dumps shared by ExamDiscuss.com for Helping Passing KCSA Exam! ExamDiscuss.com now offer the newest KCSA exam dumps, the ExamDiscuss.com KCSA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com KCSA dumps with Test Engine here:

Access KCSA Dumps Premium Version
(62 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 12/28

Why does the defaultbase64 encodingthat Kubernetes applies to the contents of Secret resources provide inadequate protection?

A. Base64 encoding is vulnerable to brute-force attacks.

B. Base64 encoding relies on a shared key which can be easily compromised.

C. Base64 encoding does not encrypt the contents of the Secret, only obfuscates it.

D. Base64 encoding is not supported by all Secret Stores.

Correct Answer: C

* Kubernetes stores Secret data asbase64-encoded stringsin etcd by default.
* Base64 is not encryption- it is a simple encoding scheme that merelyobfuscatesdata for transport and storage. Anyone with read access to etcd or the Secret manifest can easily decode the value back to plaintext.
* For actual protection, Kubernetes supportsencryption at rest(via encryption providers) and external Secret management (Vault, KMS, etc.).
References:
Kubernetes Documentation - Secrets
CNCF Security Whitepaper - Data protection section: highlights that base64 encoding does not protect data and encryption at rest is recommended.

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (28q): Question 1: Which other controllers are part of the kube-controller-mana...; Question 2: What is the difference between gVisor and Firecracker?...; Question 3: A cluster administrator wants to enforce the use of a differ...; Question 4: You want to minimize security issues in running Kubernetes P...; Question 5: What information is stored in etcd?...; Question 6: In order to reduce the attack surface of the Scheduler, whic...; Question 7: What mechanism can I use to block unsigned images from runni...; Question 8: As a Kubernetes and Cloud Native Security Associate, a user ...; Question 9: An attacker compromises a Pod and attempts to use its servic...; Question 10: You are responsible for securing thekubeletcomponent in a Ku...; Question 11: A container image istrojanizedby an attacker by compromising...; Question 12: Why does the defaultbase64 encodingthat Kubernetes applies t...; Question 13: Which information does a user need to verify a signed contai...; Question 14: Which of the following statements best describes the role of...; Question 15: What was the name of the precursor to Pod Security Standards...; Question 16: How can a user enforce thePod Security Standardwithout third...; Question 17: Which of the following statements best describes the role of...; Question 18: Which standard approach to security is augmented by the 4C's...; Question 19: In which order are thevalidating and mutating admission cont...; Question 20: Which step would give an attacker a foothold in a cluster bu...; Question 21: Which way of defining security policy brings consistency, mi...; Question 22: Which of the following statements correctly describes a cont...; Question 23: Given a standard Kubernetes cluster architecture comprising ...; Question 24: Why mightNetworkPolicyresources have no effect in a Kubernet...; Question 25: In a cluster that contains Nodes withmultiple container runt...; Question 26: What is Grafana?; Question 27: Which of the following is a valid security risk caused by ha...; Question 28: On a client machine, what directory (by default) contains se...

[×]

Download PDF File

Enter your email address to download LinuxFoundation.KCSA.v2025-12-26.q28.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 12/28

LEAVE A REPLY

Download PDF File