KCSA 試験問題を無料オンラインアクセス

Why does the defaultbase64 encodingthat Kubernetes applies to the contents of Secret resources provide inadequate protection?

• A.Base64 encoding is vulnerable to brute-force attacks.
• B.Base64 encoding does not encrypt the contents of the Secret, only obfuscates it.
• C.Base64 encoding relies on a shared key which can be easily compromised.
• D.Base64 encoding is not supported by all Secret Stores.

Which of the following is a valid security risk caused by having no egress controls in a Kubernetes cluster?

• A.Denial of Service
• B.Data exfiltration
• C.Increased attack surface
• D.Unauthorized access to external resources

In a Kubernetes cluster, what are the security risks associated with using ConfigMaps for storing secrets?

• A.Storing secrets in ConfigMaps does not allow for fine-grained access control via RBAC.
• B.Storing secrets in ConfigMaps can expose sensitive information as they are stored in plaintext and can be accessed by unauthorized users.
• C.Using ConfigMaps for storing secrets might make applications incompatible with the Kubernetes cluster.
• D.ConfigMaps store sensitive information in etcd encoded in base64 format automatically, which does not ensure confidentiality of data.

A cluster administrator wants to enforce the use of a different container runtime depending on the application a workload belongs to.

• A.By configuring amutating admission controllerwebhook that intercepts new workload creation requests and modifies the container runtime based on the application label.
• B.By modifying the kube-apiserver configuration file to specify the desired container runtime for each application.
• C.By configuring avalidating admission controllerwebhook that verifies the container runtime based on the application label and rejects requests that do not comply.
• D.By manually modifying the container runtime for each workload after it has been created.

Which of the following statements best describes the role of the Scheduler in Kubernetes?

• A.The Scheduler is responsible for ensuring the security of the Kubernetes cluster and its components.
• B.The Scheduler is responsible for managing the deployment and scaling of applications in the Kubernetes cluster.
• C.The Scheduler is responsible for assigning Pods to nodes based on resource availability and other constraints.
• D.The Scheduler is responsible for monitoring and managing the health of the Kubernetes cluster.