Linux Foundation KCSA - Kubernetes and Cloud Native Security Associate Exam
Page: 1 / 12
Total 60 questions
Question #1 (Topic: Exam A)
Review the following pod manifest and answer the question that follows.
Which OWASP Top 10 for Kubernetes risks does the following pod manifest introduce?
Which OWASP Top 10 for Kubernetes risks does the following pod manifest introduce?
A. Insecure Design
B. Outdated and Vulnerable Kubernetes Components
C. Insecure Workload Configurations
D. Broken Authentication Mechanisms
Answer: C
Question #2 (Topic: Exam A)
Which of the following Pod configurations would allow an attacker to eavesdrop on all traffic on the node?
A. Pod with hostPID set to true
B. Pod with hostNetwork set to true
C. Pod with hostPath volume defined
D. Pod with hostIPC set to true
Answer: B
Question #3 (Topic: Exam A)
Which of the following represents a baseline security measure for containers?
A. Implementing access control to restrict container access
B. Configuring persistent storage for containers.
C. Configuring a static IP for each container
D. Run containers as the root user.
Answer: A
Question #4 (Topic: Exam A)
Why is it important for security teams to maintain good relationships with developers?
A. To shift security responsibilities entirely to the development team
B. To ensure developers follow security best practices without question.
C. To establish trust and open communication between security and development teams.
D. To create a hierarchical relationship where security teams dictate all decisions.
Answer: C
Question #5 (Topic: Exam A)
Which of the following is a measure for data plane isolation in a Kubernetes multi-tenancy scenario?
A. Assign a dedicated set of workers to run Pods from each tenant.
B. Assign a dedicated namespace to Pods from each tenant.
C. Enforce Roles and RoleBindings tied to specific namespaces only, forbid cluster-wide roles.
D. Enforce Object Count Quotas via the ResourceQuota admission controller.
Answer: A
