Quiz Details
QZ-20251027-31958
Topics:
Kubernetes Security
Difficulty:
Level 3 - Medium
Questions:
10
Generated:
October 27, 2025 at 10:52 AM
Generated by:
Guest User
Instructions: Select an answer for each question and click "Check Answer" to see if you're correct. Then view the explanation to learn more!
1 What is the purpose of Role-Based Access Control (RBAC) in Kubernetes?
Correct Answer:
C
Explanation: RBAC is used in Kubernetes to define permissions for users and groups, allowing for fine-grained access control to resources.
Explanation: RBAC is used in Kubernetes to define permissions for users and groups, allowing for fine-grained access control to resources.
2 Which Kubernetes component is responsible for managing the security of the API server?
Correct Answer:
A
Explanation: The API server manages its own security by handling authentication, authorization, and admission control to ensure that requests are secure.
Explanation: The API server manages its own security by handling authentication, authorization, and admission control to ensure that requests are secure.
3 What is the function of Network Policies in Kubernetes?
Correct Answer:
B
Explanation: Network Policies allow you to define rules that specify how groups of pods can communicate with each other and with other network endpoints.
Explanation: Network Policies allow you to define rules that specify how groups of pods can communicate with each other and with other network endpoints.
4 Which command can be used to list all the roles in a Kubernetes namespace?
Correct Answer:
B
Explanation: The command 'kubectl get roles' lists all the roles available in the specified namespace.
Explanation: The command 'kubectl get roles' lists all the roles available in the specified namespace.
5 What is a common security risk associated with using default service accounts in Kubernetes?
Correct Answer:
A
Explanation: Default service accounts often have broad permissions, which can lead to security vulnerabilities if not properly scoped.
Explanation: Default service accounts often have broad permissions, which can lead to security vulnerabilities if not properly scoped.
6 What is the best practice for storing sensitive data in Kubernetes?
Correct Answer:
A
Explanation: Kubernetes Secrets are specifically designed to store sensitive information, providing a more secure way to manage sensitive data than plain text or ConfigMaps.
Explanation: Kubernetes Secrets are specifically designed to store sensitive information, providing a more secure way to manage sensitive data than plain text or ConfigMaps.
7 Which of the following is NOT a method for securing the Kubernetes API server?
Correct Answer:
B
Explanation: Disabling RBAC would reduce security by allowing unrestricted access to the API server, which is not a secure practice.
Explanation: Disabling RBAC would reduce security by allowing unrestricted access to the API server, which is not a secure practice.
8 What type of attack can be mitigated by using Pod Security Policies?
Correct Answer:
B
Explanation: Pod Security Policies help prevent privilege escalation by enforcing rules that limit the capabilities of pods.
Explanation: Pod Security Policies help prevent privilege escalation by enforcing rules that limit the capabilities of pods.
9 What is the purpose of the Kubernetes Admission Controller?
Correct Answer:
A
Explanation: Admission Controllers are plugins that govern and enforce how the cluster is allowed to be modified, acting as a gatekeeper for resource requests.
Explanation: Admission Controllers are plugins that govern and enforce how the cluster is allowed to be modified, acting as a gatekeeper for resource requests.
10 Which tool can be used to scan container images for vulnerabilities before deployment in Kubernetes?
Correct Answer:
A
Explanation: Trivy is a widely used tool for scanning container images for known vulnerabilities, helping to improve security before deployment.
Explanation: Trivy is a widely used tool for scanning container images for known vulnerabilities, helping to improve security before deployment.