100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CKA - Security. £6.57
Add to cart

Exam (elaborations)

CKA - Security.

 9 views  0 purchase

Exam of 6 pages for the course A level Biology at A level Biology (CKA - Security.)

Preview 2 out of 6  pages

  • June 10, 2024
  • 6
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (483)
avatar-seller
Tutormodock
CKA - Security
___ lets you look at and possibly modify the requests that are coming in, and do a final
deny/accept the requests - correct answer-Admission Control.

Admission Controllers will check the actual content of the objects being created and validate
them before admitting the request

How can you secure your pods? - correct answer-Using secuity context and Pod Security
Policies (PSPs)

To perform ANY action in K8S cluster, you need to access the - correct answer-API Server

Each request to K8S API Server, goes through __ steps - correct answer-Three: AuthN,
AuthZ, Admission Control

The requests reaching the API Server are encrypted using ___ - correct answer-TLS.

AuthN in K8S is done via - correct answer-Basic: certificates, tokens or baisc authn
(username/passwd)

Adv: Webhooks, OpenID

(T/F) Users are created by the API Server - correct answer-False. Users should be managed
by external systems

___ are used by processes to access the API - correct answer-Service Accounts

AuthN mechanism in K8S is specified by ___ - correct answer-The type of authn is defined
in the kube-apiserver options.

API Server flag to specify Basic Authn - correct answer---basic-auth-file

Is the order of the configured authN modules evaluation guaranteed? - correct answer-No

Can Anonymous access be enabled ? - correct answer-Yes

Status code for unauthorized access - correct answer-401

Once a request is authenticated successfully, it will be ___ - correct answer-authorized

Different authZ modes - correct answer-ABAC, RBAC, Webhook

Flag to specify authorization mode to API Server - correct
answer---authorization-mode=ABAC,RBAC,Webhook,AlwaysDeny,AlwaysAllow

, How does authz plugins work? - correct answer-they implement policies to allow requests.
Attributes of the requests are checked against the policies (eg user, group, ns, verb)

All resources in K8S are .... - correct answer-modeled API objects

RBAC process - correct answer-1. Determine/create ns
2. create cert credentials for user
3. set the creds for the user to the ns using a context
4. create a role for the expected task set
5 Bind the user to the role
6. Verify the user has limited access

What happens in Webhook? - correct answer-A Webhook is an HTTP callback, an HTTP
POST that occurs when something happens; a simple event-notification via HTTP POST. A
web application implementing Webhooks will POST a message to a URL when certain
things happen.

What are Admission controllers? - correct answer-Pieces of software that can access the
content of the objects being created by the requests. They can modify the content or validate
it, and potentially deny the request.

Where are Admission Controllers present? - correct answer-Starting with 1.13.1, they are
compiled into the binary

specify admission controllers to APIServer - correct
answer---enable-admission-plugins=Initializers,NamespaceLifeCycle,LimitRanger

--disable-admission-plugins=PodNodeSelector

__ admission controller ensures that the object created does not violated any of the existing
quotas - correct answer-ResourceQuota

__ admission controller allows the dynamic modifications of the API requests - correct
answer-Initializers

the processes running in containers capabilities can be controlled by ... - correct
answer-security contexts

PSP(Pod Security Policies) are for? - correct answer-To automate the enforcement of
security contexts. These "policies" are cluster level rules that govern what a pod can do,
what they can access, what user they run as, etc

how do you prevent containers from being "privileged" - correct answer-define a PSP

how do you prevent containers from using the host network - correct answer-define a PSP

How are PSP's enabled? - correct answer-Need to configure the Admission Controller of the
controller-manger to contain PSP

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Tutormodock. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £6.57. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

53022 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£6.57
  • (0)
Add to cart
Added