KCSA 試験問題を無料オンラインアクセス

A container image istrojanizedby an attacker by compromising the build server. Based on the STRIDE threat modeling framework, which threat category best defines this threat?

• A.Spoofing
• B.Repudiation
• C.Tampering
• D.Denial of Service

In a Kubernetes cluster, what are the security risks associated with using ConfigMaps for storing secrets?

• A.ConfigMaps store sensitive information in etcd encoded in base64 format automatically, which does not ensure confidentiality of data.
• B.Storing secrets in ConfigMaps does not allow for fine-grained access control via RBAC.
• C.Storing secrets in ConfigMaps can expose sensitive information as they are stored in plaintext and can be accessed by unauthorized users.
• D.Using ConfigMaps for storing secrets might make applications incompatible with the Kubernetes cluster.

An attacker compromises a Pod and attempts to use its service account token to escalate privileges within the cluster. Which Kubernetes security feature is designed tolimit what this service account can do?

• A.PodSecurity admission
• B.Role-Based Access Control (RBAC)
• C.NetworkPolicy
• D.RuntimeClass

You are responsible for securing thekubeletcomponent in a Kubernetes cluster.
Which of the following statements about kubelet security is correct?

• A.Kubelet runs as a privileged container by default.
• B.Kubelet does not have any built-in security features.
• C.Kubelet requires root access to interact with the host system.
• D.Kubelet supports TLS authentication and encryption for secure communication with the API server.

Which way of defining security policy brings consistency, minimizes toil, and reduces the probability of misconfiguration?

• A.Manually configuring security controls for each individual resource, regularly.
• B.Relying on manual audits and inspections for security policy enforcement.
• C.Using a declarative approach to define security policies as code.
• D.Implementing security policies through manual scripting on an ad-hoc basis.