100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Secure Kubernetes Services. Exam Questions With 100% Correct Answers $11.49
Add to cart
Quickly navigate to
Preview
  2.  
  3. Secure Kubernetes Services
  4.  
  5. Secure Kubernetes Services

Exam (elaborations)

Secure Kubernetes Services. Exam Questions With 100% Correct Answers
 0 purchase
  • Course
  • Secure Kubernetes Services
  • Institution
  • Secure Kubernetes Services

Secure Kubernetes Services. Exam Questions With 100% Correct Answers A client asked for help with controlling the access mechanism to a set of IKS clusters across different environments. Besides controlling access via IBM Cloud IAM permissions to the IKS clusters, what other security configurat...

[Show more]

Preview 2 out of 7  pages

Document information

  • October 21, 2024
  • 7
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • secure kubernetes services exam questions with 10

Written for

  • Secure Kubernetes Services
  • Secure Kubernetes Services

Seller

avatar-seller
sirjoel

Reviews received

Content preview

©SIRJOEL EXAM SOLUTIONS
10/7/2024 11:03AM



Secure Kubernetes Services. Exam Questions
With 100% Correct Answers


A client asked for help with controlling the access mechanism to a set of IKS clusters across
different environments. Besides controlling access via IBM Cloud IAM permissions to the IKS
clusters, what other security configuration could be implemented to limit the risk of unauthorized
access? - answer✔Create an allowlist for the IKS API server.
What is the minimum permission required for a developer who wants to integrate the
application's CD pipeline to the IKS cluster? - answer✔Create a service account and role binding
for the namespace.
What pod security policy should be assigned so that the team has only the required level of
access and nothing extra when the application deployment team needs to deploy pods on the
IBM Cloud Kubernetes service that can create host path volumes and can run with any user ID
and group ID? - answer✔ibm-anyuid-hostpath-psp-user
How can it be verified if a resource configuration of a new IKS cluster is following security best
practices? - answer✔Integrate the IKS cluster with the Security and Compliance Center.

How do you isolate IKS clusters deployed on a public network? - answer✔Apply Calico public
network policies on top of the default policies.
A production IKS cluster in a VPC has three worker nodes without any public exposure. The
IKS cluster needs to access the IBM Cloud Container registry. Describe how this security control
can be implemented. - answer✔Apply the Calico private network policies to allow private
services.
Describe how the Calico network policy blocks traffic at the Kubernetes interfaces. -
answer✔Using Linux iptables
A client is running a firewall at their site and recently chose IKS in IBM Cloud but is unable to
access their IKS cluster. List the correct sequence of commands to get the service endpoint and
port number to add into the firewall in order to allow access. - answer✔(1) ibmcloud login [--

, ©SIRJOEL EXAM SOLUTIONS
10/7/2024 11:03AM


sso] (2) ibmcloud target -g <resource-group> (3) ibmcloud ks cluster get --cluster <cluster name
or id> (4) curl --insecure <endpoint>/version
Describe the significance of creating an allowlist for the private cloud service endpoint in a
multizone VPC Red Hat OpenShift cluster on IBM Cloud. - answer✔Only authorized requests to
the cluster masters that originate from subnets
What is the minimum IBM Cloud IAM platform access required for a new SRE who is
responsible for updating, adding/replacing worker nodes, and troubleshooting/reloading worker
nodes of Red Hat OpenShift on the IBM Cloud cluster? - answer✔Operator role
What security policy is applied to VPC subnets that control traffic to and from a VPC cluster in
Red Hat OpenShift on IBM Cloud? - answer✔Access Control Lists
What network security option on the worker node endpoint controls traffic to and from a VPC
cluster on Red Hat OpenShift on IBM Cloud? - answer✔Kubernetes network policies
Worker-to-Worker node communication on Red Hat OpenShift on IBM Cloud requires UDP,
TCP, VRRP, and IPEncap traffic to be allowed. Describe what is needed to allow pod-to-pod
traffic across subnets. - answer✔IPEncap
For Red Hat OpenShift on IBM Cloud Classic Infrastructure, which software-defined network
can be used to act as a cluster firewall? - answer✔Calico
What two endpoints allow clients running the IBM Cloud Satellite location to connect to a
service, server, or application that runs outside the location, or allows clients connected to the
IBM Cloud private network connect to a service, server, or application in the IBM Cloud
Satellite location? - answer✔Cloud endpoint / Location endpoint
By default, __________ is how data is transported over an IBM Cloud Satellite link secured
between source and destination resources. - answer✔Using TLS 1.3 encryption managed by IBM

How do we expose the private service endpoint? - answer✔We can expose Private Cloud Service
Endpoint of the Kubernetes master by using a private network load balancer (NLB)

When to use Public Cloud service endpoint? - answer✔Use a public Cloud service endpoint to
access services from the internet.
How to control who has access to the Private cloud service endpoint across different
environments in Kubernetes service clusters? - answer✔Users can create a Subnet Allowlist to
control access to the Private cloud service endpoint

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller sirjoel. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

69411 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 15 years now

Start selling
$11.49
  • (0)
Add to cart
Added