Linux Foundation
KCSA
Q1:
By default, in a Kubeadm cluster, which authentication methods are enabled?
○
A
OIDC, Bootstrap tokens, and Service Account Tokens○
B
X509 Client Certs, OIDC, and Service Account Tokens○
C
X509 Client Certs, Bootstrap Tokens, and Service Account Tokens○
D
X509 Client Certs, Webhook Authentication, and Service Account Tokens
Linux Foundation
KCSA
Q2:
What kind of organization would need to be compliant with PCI DSS?
○
A
Retail stores that only accept cash payments.○
B
Government agencies that collect personally identifiable information.○
C
Non-profit organizations that handle sensitive customer data.○
D
Merchants that process credit card payments.
Linux Foundation
KCSA
Q3:
A user runs a command with kubectl to apply a change to a deployment. What is the first Kubernetes component that the request reaches?
○
A
Kubernetes Controller Manager○
B
Kubernetes API Server○
C
Kubernetes Scheduler○
D
kubelet
Linux Foundation
KCSA
Q4:
A cluster is failing to pull more recent versions of images from k8s.gcr.io. Why may this be?
○
A
There is a network connectivity issue between the cluster and k8s.gcr.io.○
B
There is a bug in the container runtime or the image pull process.○
C
The authentication credentials for accessing k8s.gcr.io are incorrectly scoped.○
D
The container image registry k8s.gcr.io has been deprecated.
Linux Foundation
KCSA
Q5:
Why does the default base64 encoding that Kubernetes applies to the contents of Secret resources provide inadequate protection?
○
A
Base64 encoding is vulnerable to brute-force attacks.○
B
Base64 encoding relies on a shared key which can be easily compromised.○
C
Base64 encoding does not encrypt the contents of the Secret, only obfuscates it.○
D
Base64 encoding is not supported by all Secret Stores.