FREE CKA Security Questions and Answers
What is the primary purpose of Role-Based Access Control (RBAC) in Kubernetes?
RBAC controls access to Kubernetes resources based on user roles and permissions. It uses Role, ClusterRole, RoleBinding, and ClusterRoleBinding objects to define and enforce access policies.
Which Kubernetes resource is used to securely store sensitive data like API keys and passwords?
A Secret is used to securely store sensitive data like API keys, passwords, or tokens. While ConfigMap stores non-sensitive configuration data, PersistentVolume provides storage, and ServiceAccount manages Pod-level credentials for accessing the API server.
How can you enforce API access policies for specific users or groups in Kubernetes?
Role and RoleBinding (or ClusterRole and ClusterRoleBinding) objects enforce access policies for specific users, groups, or service accounts by defining what actions they can perform on specific resources. ServiceAccounts are for Pod authentication, while the other options are unrelated to API access control.
What is the purpose of a Network Policy in Kubernetes?
Network Policies define how Pods can communicate with each other and with external networks. They work at the network level to allow or deny traffic based on specified rules. Encryption and API access are managed using other mechanisms.
Which of the following ensures that Pods run with restricted permissions in Kubernetes?
The Security Context specifies security-related settings for Pods or containers, such as user IDs, group IDs, and access privileges. It ensures Pods run with restricted permissions. RBAC manages access to Kubernetes resources, Pod Disruption Budget ensures Pod availability, and Node Affinity controls scheduling.