Linux Foundation KCSA - Kubernetes and Cloud Native Security Associate Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
In the STRIDE threat modelling framework, what does the letter D stand for?
A. Disclosure
B. Deception
C. Data Tampering
D. Denial of Service
Answer: D
Question #7 (Topic: Exam A)
A malicious user is targeting the etcd key-value store of a Kubernetes cluster for data exfiltration.
Which option describes how an adversary can access sensitive data from etcd?
Which option describes how an adversary can access sensitive data from etcd?
A. By spoofing the IP address of a legitimate client to gain access to the etcd cluster
B. By exploiting a vulnerability in the kubelet to gain direct access to the etcd cluster.
C. By gaining physical access to the server hosting the etcd cluster and extracting the sensitive data.
D. By intercepting network traffic between the Kubernetes API server and the etcd cluster to capture sensitive data.
Answer: D
Question #8 (Topic: Exam A)
Is it a best practice to let an application Pod use the underlying node's identity and credentials to authenticate to a datastore?
A. Yes, it reduces the blast radius of a compromised pod by leveraging the node’s security measures.
B. Yes, it improves the cluster's security by simplifying the application Pod's credential handling and authentication process.
C. Yes, this is the Kubernetes default and thus has no impact on the security of the cluster.
D. No, it increases the blast radius of a compromised pod. as a Pod can utilised the node permissions.
Answer: D
Question #9 (Topic: Exam A)
A user needs to maintain the audit policy of a Kubernetes cluster and wants to make sure that they log the most information in regard to Pod changes.
Which level do they select for the Pod resource?
Which level do they select for the Pod resource?
A. Request
B. RequestResponse
C. RequestResponseMetadata
D. Metadata
Answer: B
Question #10 (Topic: Exam A)
Which of the following is a recommendation in the NSA and CISA Kubernetes Hardening Guidance on namespaces?
A. Assign a single and unique namespace to each tenant.
B. Use the default namespace for all workloads.
C. User Pods should not be placed in kube-system or kube-public.
D. Share the same namespace for all workloads to improve resource utilization.
Answer: C
