Want to practice some free The Linux Foundation CKS exam questions? You can study the following The Linux Foundation CKS exam online questions. Killtest provides 44 Q&As for The Linux Foundation CKS exam, which has been proven effective in the CKS exam preparation. Besides, you can get full payment fee refund if you fail CKS exam by using Killtest CKS practice exam questions. Ready? Go!
The Linux Foundation CKS Online Practice Exam Questions
The questions of CKS were last updated on Apr 22,2024 .
Viewing page 1 out of 5 pages.
Viewing questions 1 out of 27 questions
Create the Pod using this manifest
CORRECT TEXT Fix all issues via configuration and restart the affected components to ensure the new setting takes effect. Fix all of the following violations that were found against the API server:- ✑ a. Ensure that the RotateKubeletServerCertificate argumentissettotrue. ✑ b. Ensure that the admission control plugin PodSecurityPolicyisset. ✑ c. Ensure that the --kubelet-certificate-authority argumentissetasappropriate. Fix all of the following violations that were found against the Kubelet:- ✑ a. Ensure the --anonymous-auth argumentissettofalse. ✑ b. Ensure that the --authorization-mode argumentissetto Webhook. Fix all of the following violations that were found against the ETCD:- ✑ a. Ensure that the --auto-tls argumentisnotsettotrue ✑ b. Ensure that the --peer-auto-tls argumentisnotsettotrue Hint: Take the use of Tool Kube-Bench
sysdig Tools are pre-installed on the worker1 node only. Analyse the container’s behaviour for at least 40 seconds, using filters that detect newly spawning and executing processes. Store an incident file at /home/cert_masters/report, in the following format: [timestamp],[uid],[processName] Note: Make sure to store incident file on the cluster's worker node, don't move it to master node.
CORRECT TEXT On the Cluster worker node, enforce the prepared AppArmor profile ✑ #include<tunables/global> ✑ ✑ profilenginx-deny flags=(attach_disconnected) { ✑ #include<abstractions/base> ✑ ✑ file, ✑ ✑ # Deny all file writes. ✑ deny/** w, ✑ } ✑ EOF' Edit the prepared manifest file to include the AppArmor profile. ✑ apiVersion: v1 ✑ kind: Pod ✑ metadata: ✑ name:apparmor-pod ✑ spec: ✑ containers: ✑ - name: apparmor-pod ✑ image: nginx Finally, apply the manifests files and create the Pod specified on it. Verify: Try to make a file inside the directory which is restricted.
CORRECT TEXT Cluster: scanner Master node: controlplane Worker node: worker1 You can switch the cluster/configuration context using the following command: [desk@cli] $ kubectl config use-context scanner Given: You may use Trivy's documentation. Task: Use the Trivy open-source container scanner to detect images with severe vulnerabilities used by Pods in the namespace nato. Look for images with High or Critical severity vulnerabilities and delete the Pods that use those images. Trivy is pre-installed on the cluster's master node. Use cluster's master node to use Trivy.
Exam Code: CKSQ & A: 44 Q&AsUpdated: Apr 22,2024
[email protected]
GMT+8: Mon-Sat 8:00-18:00
GMT: Mon-Sat 0:00-10:00