Practice Test

1. Which of the following component watches for newly created Pods with no assigned node and selects a node for them to run on? a. kubelet b. kube-scheduler c. kube-apiserver d. kube-controller

Answer: b. kube-scheduler

Reference: https://kubernetes.io/docs/concepts/overview/components/#kube-scheduler

2. Which of the following is NOT a category of security threat addressed by the STRIDE threat model? a. Spoofing b. Tampering c. Resource Management d. Information Disclosure

Answer: c. Resource Management STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privilege.

3. Which of the following is NOT a security best practice? a. system:masters group is not used for user or component authentication after bootstrapping b. Enabling of audit logs c. ConfigMaps are used to hold confidential data d. Container images are configured to run as unprivileged user.

Answer: c. ConfigMaps are used to hold confidential data Secrets must be used instead of ConfigMaps.

4. What is the function of a kube-proxy? a. Network proxy that implements part of the kubernetes service concept b. Component that manages the execution and lifecycle of containers c. Component that serves as the front end for the kubernetes control plane d. Component that serves as the backend database

Answer: a. network proxy that implements part of the kubernetes service concept

Reference: https://kubernetes.io/docs/concepts/overview/components/#kube-proxy

5. PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. What is the successor of PSP? a. Pod Security Admission b. Pod Security Administration c. Pod Security Control c. Pod Security Controller

Answer: a. Pod Security Admission Among the options, only PSA is a valid kubernetes component. Reference: https://kubernetes.io/docs/concepts/security/pod-security-admission/

PreviousCompliance and Security Frameworks NextMy Notes (Cheatsheet)

Last updated 1 year ago