Exam (elaborations)
CKA - Security.
- Course
- Institution
Exam of 6 pages for the course A level Biology at A level Biology (CKA - Security.)
[Show more]
Seller
Follow
modockochieng06
Content preview
CKA - Security___ lets you look at and possibly modify the requests that are coming in, and do a final
deny/accept the requests - correct answer-Admission Control.
Admission Controllers will check the actual content of the objects being created and validate
them before admitting the request
How can you secure your pods? - correct answer-Using secuity context and Pod Security
Policies (PSPs)
To perform ANY action in K8S cluster, you need to access the - correct answer-API Server
Each request to K8S API Server, goes through __ steps - correct answer-Three: AuthN,
AuthZ, Admission Control
The requests reaching the API Server are encrypted using ___ - correct answer-TLS.
AuthN in K8S is done via - correct answer-Basic: certificates, tokens or baisc authn
(username/passwd)
Adv: Webhooks, OpenID
(T/F) Users are created by the API Server - correct answer-False. Users should be managed
by external systems
___ are used by processes to access the API - correct answer-Service Accounts
AuthN mechanism in K8S is specified by ___ - correct answer-The type of authn is defined
in the kube-apiserver options.
API Server flag to specify Basic Authn - correct answer---basic-auth-file
Is the order of the configured authN modules evaluation guaranteed? - correct answer-No
Can Anonymous access be enabled ? - correct answer-Yes
Status code for unauthorized access - correct answer-401
Once a request is authenticated successfully, it will be ___ - correct answer-authorized
Different authZ modes - correct answer-ABAC, RBAC, Webhook
Flag to specify authorization mode to API Server - correct
answer---authorization-mode=ABAC,RBAC,Webhook,AlwaysDeny,AlwaysAllow
, How does authz plugins work? - correct answer-they implement policies to allow requests.
Attributes of the requests are checked against the policies (eg user, group, ns, verb)
All resources in K8S are .... - correct answer-modeled API objects
RBAC process - correct answer-1. Determine/create ns
2. create cert credentials for user
3. set the creds for the user to the ns using a context
4. create a role for the expected task set
5 Bind the user to the role
6. Verify the user has limited access
What happens in Webhook? - correct answer-A Webhook is an HTTP callback, an HTTP
POST that occurs when something happens; a simple event-notification via HTTP POST. A
web application implementing Webhooks will POST a message to a URL when certain
things happen.
What are Admission controllers? - correct answer-Pieces of software that can access the
content of the objects being created by the requests. They can modify the content or validate
it, and potentially deny the request.
Where are Admission Controllers present? - correct answer-Starting with 1.13.1, they are
compiled into the binary
specify admission controllers to APIServer - correct
answer---enable-admission-plugins=Initializers,NamespaceLifeCycle,LimitRanger
--disable-admission-plugins=PodNodeSelector
__ admission controller ensures that the object created does not violated any of the existing
quotas - correct answer-ResourceQuota
__ admission controller allows the dynamic modifications of the API requests - correct
answer-Initializers
the processes running in containers capabilities can be controlled by ... - correct
answer-security contexts
PSP(Pod Security Policies) are for? - correct answer-To automate the enforcement of
security contexts. These "policies" are cluster level rules that govern what a pod can do,
what they can access, what user they run as, etc
how do you prevent containers from being "privileged" - correct answer-define a PSP
how do you prevent containers from using the host network - correct answer-define a PSP
How are PSP's enabled? - correct answer-Need to configure the Admission Controller of the
controller-manger to contain PSP
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81113 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now