Which standard approach to security is augmented by the 4C's of Cloud Native security?
A.
Zero Trust
B.
Least Privilege
C.
Defense-in-Depth
D.
Secure-by-Design
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
In a Kubernetes cluster, what are the security risks associated with using ConfigMaps for storing secrets?
A.
Storing secrets in ConfigMaps does not allow for fine-grained access control via RBAC.
B.
Storing secrets in ConfigMaps can expose sensitive information as they are stored in plaintext and can be accessed by unauthorized users.
C.
Using ConfigMaps for storing secrets might make applications incompatible with the Kubernetes cluster.
D.
ConfigMaps store sensitive information in etcd encoded in base64 format automatically, which does not ensure confidentiality of data.
Answer:
B, D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
What is the difference between gVisor and Firecracker?
A.
gVisor is a user-space kernel that provides isolation and security for containers. At the same time, Firecracker is a lightweight virtualization technology for creating and managing secure, multi-tenant container and function-as-a-service (FaaS) workloads.
B.
gVisor is a lightweight virtualization technology for creating and managing secure, multi-tenant container and function-as-a-service (FaaS) workloads. At the same time, Firecracker is a user-space kernel that provides isolation and security for containers.
C.
gVisor and Firecracker are both container runtimes that can be used interchangeably.
D.
gVisor and Firecracker are two names for the same technology, which provides isolation and security for containers.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
You want to minimize security issues in running Kubernetes Pods. Which of the following actions can help achieve this goal?
A.
Sharing sensitive data among Pods in the same cluster to improve collaboration.
B.
Running Pods with elevated privileges to maximize their capabilities.
C.
Implement Pod Security standards in the Pod's YAML configuration.
D.
Deploying Pods with randomly generated names to obfuscate their identities.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
What was the name of the precursor to Pod Security Standards?
A.
Container Runtime Security
B.
Kubernetes Security Context
C.
Container Security Standards
D.
Pod Security Policy
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Which of the following is a control for Supply Chain Risk Management according to NIST 800-53 Rev. 5?
A.
Access Control
B.
System and Communications Protection
C.
Supply Chain Risk Management Plan
D.
Incident Response
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
In a Kubernetes environment, what kind of Admission Controller can modify resource manifests when applied to the Kubernetes API to fix misconfigurations automatically?
A.
ValidatingAdmissionController
B.
PodSecurityPolicy
C.
MutatingAdmissionController
D.
ResourceQuota
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
By default, in a Kubeadm cluster, which authentication methods are enabled?
A.
OIDC, Bootstrap tokens, and Service Account Tokens
B.
X509 Client Certs, OIDC, and Service Account Tokens
C.
X509 Client Certs, Bootstrap Tokens, and Service Account Tokens
D.
X509 Client Certs, Webhook Authentication, and Service Account Tokens
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
A container running in a Kubernetes cluster has permission to modify host processes on the underlying node. What combination of privileges and capabilities is most likely to have led to this privilege escalation?
A.
There is no combination of privileges and capabilities that permits this.
B.
hostPID and SYS_PTRACE
C.
hostPath and AUDIT_WRITE
D.
hostNetwork and NET_RAW
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
What is the purpose of the Supplier Assessments and Reviews control in the NIST 800-53 Rev. 5 set of controls for Supply Chain Risk Management?
A.
To evaluate and monitor existing suppliers for adherence to security requirements.
B.
To conduct regular audits of suppliers' financial performance.
C.
To establish contractual agreements with suppliers.
D.
To identify potential suppliers for the organization.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
What mechanism can I use to block unsigned images from running in my cluster?
A.
Enabling Admission Controllers to validate image signatures.
B.
Using PodSecurityPolicy (PSP) to enforce image signing and validation.
C.
Using Pod Security Standards (PSS) to enforce validation of signatures.
D.
Configuring Container Runtime Interface (CRI) to enforce image signing and validation.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
What is the main reason an organization would use a Cloud Workload Protection Platform (CWPP) solution?
A.
To protect containerized workloads from known vulnerabilities and malware threats.
B.
To automate the deployment and management of containerized workloads.
C.
To manage networking between containerized workloads in the Kubernetes cluster.
D.
To optimize resource utilization and scalability of containerized workloads.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Which other controllers are part of the kube controller manager inside the Kubernetes cluster?
A.
Job controller, CronJob controller, and DaemonSet controller
B.
Pod, Service, and Ingress controller
C.
Namespace controller, ConfigMap controller, and Secret controller
D.
Replication controller, Endpoints controller, Namespace controller, and ServiceAccounts controller
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
What is Grafana?
A.
A cloud-native distributed tracing system for monitoring microservices architectures.
B.
A container orchestration platform for managing and scaling applications.
C.
A platform for monitoring and visualizing time-series data.
D.
A cloud-native security tool for scanning and detecting vulnerabilities in Kubernetes clusters.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Which of the following statements best describe container image signing and verification in the cloud environment?
A.
Container image signatures and their verification ensure their authenticity and integrity against tampering.
B.
Container image signatures are concerned with defining developer ownership of applications within multi-tenant environments.
C.
Container image signatures are mandatory in cloud environments, as cloud providers would deny the execution of unsigned container images.
D.
Container image signatures affect the performance of containerized applications, as they increase the size of images with additional metadata.