linux foundation kcsa practice test

What mechanism can I use to block unsigned images from running in my cluster?

• A. Enabling Admission Controllers to validate image signatures.
• B. Using PodSecurityPolicy (PSP) to enforce image signing and validation.
• C. Using Pod Security Standards (PSS) to enforce validation of signatures.
• D. Configuring Container Runtime Interface (CRI) to enforce image signing and validation.

What is the main reason an organization would use a Cloud Workload Protection Platform (CWPP)
solution?

• A. To protect containerized workloads from known vulnerabilities and malware threats.
• B. To automate the deployment and management of containerized workloads.
• C. To manage networking between containerized workloads in the Kubernetes cluster.
• D. To optimize resource utilization and scalability of containerized workloads.

Which other controllers are part of the kube controller manager inside the Kubernetes cluster?

• A. Job controller, CronJob controller, and DaemonSet controller
• B. Pod, Service, and Ingress controller
• C. Namespace controller, ConfigMap controller, and Secret controller
• D. Replication controller, Endpoints controller, Namespace controller, and ServiceAccounts controller

What is Grafana?

• A. A cloud-native distributed tracing system for monitoring microservices architectures.
• B. A container orchestration platform for managing and scaling applications.
• C. A platform for monitoring and visualizing time-series data.
• D. A cloud-native security tool for scanning and detecting vulnerabilities in Kubernetes clusters.

Which of the following statements best describe container image signing and verification in the cloud
environment?

• A. Container image signatures and their verification ensure their authenticity and integrity against tampering.
• B. Container image signatures are concerned with defining developer ownership of applications within multi-tenant environments.
• C. Container image signatures are mandatory in cloud environments, as cloud providers would deny the execution of unsigned container images.
• D. Container image signatures affect the performance of containerized applications, as they increase the size of images with additional metadata.

Which technology can be used to apply security policy for internal cluster traffic at the application
layer of the network?

• A. Network Policy
• B. Ingress Controller
• C. Container Runtime
• D. Service Mesh

In the event that kube-proxy is in a CrashLoopBackOff state, what impact does it have on the Pods
running on the same worker node?

• A. The Pods cannot communicate with other Pods in the cluster.
• B. The Pod cannot mount persistent volumes through CSI drivers.
• C. The Pod's security context restrictions cannot be enforced.
• D. The Pod's resource utilization increases significantly.

Which label should be added to the Namespace to block any privileged Pods from being created in
that Namespace?

• A. privileged: false
• B. privileged: true
• C. pod-security.kubernetes.io/enforce: baseline
• D. pod.security.kubernetes.io/privileged: false

Which way of defining security policy brings consistency, minimizes toil, and reduces the probability
of misconfiguration?

• A. Using a declarative approach to define security policies as code.
• B. Relying on manual audits and inspections for security policy enforcement.
• C. Manually configuring security controls for each individual resource, regularly.
• D. Implementing security policies through manual scripting on an ad-hoc basis.

What kind of organization would need to be compliant with PCI DSS?

• A. Retail stores that only accept cash payments.
• B. Government agencies that collect personally identifiable information.
• C. Non-profit organizations that handle sensitive customer data.
• D. Merchants that process credit card payments.