CKA Security

Question 1

What is the primary purpose of Role-Based Access Control (RBAC) in Kubernetes?

Accepted Answer

To control access to Kubernetes resources based on user roles.

Answer

Role-Based Access Control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In Kubernetes, RBAC allows administrators to define granular permissions (Roles) and then bind those permissions to users or ServiceAccounts (RoleBindings), ensuring that only authorized entities can perform specific actions on cluster resources. This is fundamental for securing the Kubernetes API.

Question 2

Which Kubernetes resource is used to securely store sensitive data like API keys and passwords?

Accepted Answer

Secret

Answer

Secrets are Kubernetes objects designed to store sensitive information, such as passwords, OAuth tokens, and SSH keys. They provide a more secure way to manage this data than putting it directly into Pod definitions or ConfigMaps. Secrets can be mounted as files into Pods or exposed as environment variables, allowing applications to access sensitive data without hardcoding it.

Question 3

How can you enforce API access policies for specific users or groups in Kubernetes?

Accepted Answer

By configuring Role and RoleBinding objects.

Answer

Roles define a set of permissions within a specific namespace, while ClusterRoles define permissions across the entire cluster. RoleBindings then grant the permissions defined in a Role (or ClusterRole) to a specific user, group, or ServiceAccount. This combination allows for precise control over who can access and manipulate Kubernetes resources, enforcing API access policies.

Question 4

What is the purpose of a Network Policy in Kubernetes?

Accepted Answer

To control Pod communication at the network level.

Answer

Network Policies are Kubernetes resources that specify how groups of Pods are allowed to communicate with each other and with other network endpoints. They enable network segmentation and security by defining rules for ingress and egress traffic, acting as a firewall for Pods. This helps to isolate applications and prevent unauthorized communication within the cluster.

Question 5

Which of the following ensures that Pods run with restricted permissions in Kubernetes?

Accepted Answer

Security Context

Answer

A Security Context defines privilege and access control settings for a Pod or an individual container within a Pod. It allows you to specify parameters like the user ID (UID) and group ID (GID) under which the container's process runs, whether it can run as root, and other Linux capabilities. This ensures that Pods operate with the principle of least privilege, enhancing security.

(CKA) Certified Kubernetes Administrator Practice Test

(CKA) Certified Kubernetes Administrator Practice Test

CKA Security