Special Summer Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

CKS Certified Kubernetes Security Specialist (CKS) Questions and Answers

Questions 4

Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress traffic


Buy Now
Questions 5

You must complete this task on the following cluster/nodes: Cluster: immutable-cluster

Master node: master1

Worker node: worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $  kubectl config use-context immutable-cluster 

Context: It is best practice to design containers to be stateless and immutable.


Inspect Pods running in namespace prod and delete any Pod that is either not stateless or not immutable.

Use the following strict interpretation of stateless and immutable:

1. Pods being able to store data inside containers must be treated as not stateless. 

Note: You don't have to worry whether data is actually stored inside containers or not already.

2. Pods being configured to be privileged in any way must be treated as potentially not stateless or not immutable.


Buy Now
Questions 6

Analyze and edit the given Dockerfile

  • FROM ubuntu:latest
  • RUN apt-getupdate -y
  • RUN apt-install nginx -y
  • COPY entrypoint.sh /
  • ENTRYPOINT ["/entrypoint.sh"]

Fixing two instructions present in the file being prominent security bestpractice issues

Analyze and edit the deployment manifest file

  • apiVersion: v1
  • kind: Pod
  • metadata:
  •   name: security-context-demo-2
  • spec:
  •   securityContext:
  •     runAsUser: 1000
  •   containers:
  •   - name: sec-ctx-demo-2
  •     image:gcr.io/google-samples/node-hello:1.0
  •     securityContext:
  •       runAsUser: 0
  •       privileged:True
  •       allowPrivilegeEscalation:false

Fixing two fields present in the file being prominent security best practice issues

Don't add or remove configurationsettings; only modify the existing configuration settings

Whenever you need an unprivileged user for any of the tasks, use user  test-user with the user id 5487


Buy Now
Exam Code: CKS
Exam Name: Certified Kubernetes Security Specialist (CKS)
Last Update: Aug 17, 2022
Questions: 44

PDF + Testing Engine

$79.2  $175.99

Testing Engine

$59.4  $131.99
buy now CKS testing engine


$49.5  $109.99
buy now CKS pdf