CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Linux Foundation
  5. CKS

Free CKS Exam Braindumps (page: 3)

Page 3 of 13
PDF with 48 Questions

A container image scanner is set up on the cluster.
Given an incomplete configuration in the directory
/etc/kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://test-server.local.8081/image_policy

1. Enable the admission plugin.
2. Validate the control configuration and change it to implicit deny.

Finally, test the configuration by deploying the pod having the image tag as latest.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

ssh-add ~/.ssh/tempprivate eval "$(ssh-agent -s)"
cd contrib/terraform/aws vi terraform.tfvars terraform init terraform apply -var-file=credentials.tfvars ansible-playbook -i ./inventory/hosts ./cluster.yml -e ansible_ssh_user=core -e bootstrap_os=coreos - b --become-user=root --flush-cache -e ansible_user=core



On the Cluster worker node, enforce the prepared AppArmor profile #include <tunables/global>

profile nginx-deny flags=(attach_disconnected) {
#include <abstractions/base>

file,

# Deny all file writes.
deny /** w,
}
EOF'

Edit the prepared manifest file to include the AppArmor profile.
apiVersion: v1

kind: Pod metadata:
name: apparmor-pod spec:
containers:
- name: apparmor-pod image: nginx

Finally, apply the manifests files and create the Pod specified on it.

Verify: Try to make a file inside the directory which is restricted.

  1. See Explanation section for answer.

Answer(s): A

Explanation:







Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress traffic

  1. See Explanation section for answer.

Answer(s): A

Explanation:

You can create a "default" isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any ingress traffic to those pods.
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy metadata:
name: default-deny-ingress spec:
podSelector: {}
policyTypes:
- Ingress

You can create a "default" egress isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any egress traffic from those pods.

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy metadata:
name: allow-all-egress spec:
podSelector: {}
egress:
- {}
policyTypes:
- Egress

Default deny all ingress and all egress traffic
You can create a "default" policy for a namespace which prevents all ingress AND egress traffic by creating the following NetworkPolicy in that namespace.

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy metadata:
name: default-deny-all spec:
podSelector: {}
policyTypes:
- Ingress
- Egress

This ensures that even pods that aren't selected by any other NetworkPolicy will not be allowed ingress or egress traffic.



a) Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace.
Store the value of the token in the token.txt
b) Create a new secret named test-db-secret in the DB namespace with the following content:
username: mysql password: password@123
Create the Pod name test-db-pod of image nginx in the namespace db that can access test-db-secret via a volume at path /etc/mysql-credentials

  1. See Explanation section for answer.

Answer(s): A

Explanation:

To add a Kubernetes cluster to your project, group, or instance:
Navigate to your:
Project's Operations > Kubernetes page, for a project-level cluster.
Group's Kubernetes page, for a group-level cluster.
Admin Area > Kubernetes page, for an instance-level cluster.
Click Add Kubernetes cluster.
Click the Add existing cluster tab and fill in the details:
Kubernetes cluster name (required) - The name you wish to give the cluster. Environment scope (required) - The associated environment to this cluster. API URL (required) - It's the URL that GitLab uses to access the Kubernetes API. Kubernetes exposes several APIs, we want the "base" URL that is common to all of them. For example, https://kubernetes.example.com rather than https://kubernetes.example.com/api/v1.

Get the API URL by running this command:
kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}' CA certificate (required) - A valid Kubernetes certificate is needed to authenticate to the cluster. We use the certificate created by default.
List the secrets with kubectl get secrets, and one should be named similar to default-token-xxxxx.
Copy that token name for use below.
Get the certificate by running this command:
kubectl get secret <secret name> -o jsonpath="{['data']['ca\.crt']}"



Page 3 of 13



Post your Comments and Discuss Linux Foundation CKS exam with other Community members:

Dipu commented on November 13, 2024
Great Source , i feel really good questions
Anonymous
upvote

Erick commented on July 29, 2024
Great source of studying and preparation.
United Kingdom
upvote

Anonymous commented on July 16, 2023
upload cks exam questions
Anonymous
upvote

Anonymous commented on July 16, 2023
Upload cks exam questions
Anonymous
upvote

Claudio commented on March 30, 2023
Enjoyable and visually appealing test engine software with a strange name Xengine. I found it helpful.
GERMANY
upvote