KCSA 시험 - The Linux Foundation실제시험문제와 답 - 60문항

Question No : 1

What kind of organization would need to be compliant with PCI DSS?

A.Retail stores that only accept cash payments.
B.Government agencies that collect personally identifiable information.
C.Non-profit organizations that handle sensitive customer data.
D.Merchants that process credit card payments.

정답:

Question No : 2

Which way of defining security policy brings consistency, minimizes toil, and reduces the probability of misconfiguration?

A.Using a declarative approach to define security policies as code.
B.Relying on manual audits and inspections for security policy enforcement.
C.Manually configuring security controls for each individual resource, regularly.
D.Implementing security policies through manual scripting on an ad-hoc basis.

정답:

Question No : 3

Which label should be added to the Namespace to block any privileged Pods from being created in that Namespace?

A.privileged: false
B.privileged: true
C.pod-security.kubernetes.io/enforce: baseline
D.pod.security.kubernetes.io/privileged: false

정답:

Question No : 4

In the event that kube-proxy is in a CrashLoopBackOff state, what impact does it have on the Pods running on the same worker node?

A.The Pods cannot communicate with other Pods in the cluster.
B.The Pod cannot mount persistent volumes through CSI drivers.
C.The Pod's security context restrictions cannot be enforced.
D.The Pod's resource utilization increases significantly.

정답:

Question No : 5

Which technology can be used to apply security policy for internal cluster traffic at the application layer of the network?

A.Network Policy
B.Ingress Controller
C.Container Runtime
D.Service Mesh

정답:

Question No : 6

Which of the following statements best describe container image signing and verification in the cloud environment?

A.Container image signatures and their verification ensure their authenticity and integrity against tampering.
B.Container image signatures are concerned with defining developer ownership of applications within multi-tenant environments.
C.Container image signatures are mandatory in cloud environments, as cloud providers would deny the execution of unsigned container images.
D.Container image signatures affect the performance of containerized applications, as they increase the size of images with additional metadata.

정답:

Question No : 7

What is Grafana?

A.A cloud-native distributed tracing system for monitoring microservices architectures.
B.A container orchestration platform for managing and scaling applications.
C.A platform for monitoring and visualizing time-series data.
D.A cloud-native security tool for scanning and detecting vulnerabilities in Kubernetes clusters.

정답:

Question No : 8

Which other controllers are part of the kube controller manager inside the Kubernetes cluster?

A.Job controller, CronJob controller, and DaemonSet controller
B.Pod, Service, and Ingress controller
C.Namespace controller, ConfigMap controller, and Secret controller
D.Replication controller, Endpoints controller, Namespace controller, and ServiceAccounts controller

정답:

Question No : 9

What is the main reason an organization would use a Cloud Workload Protection Platform (CWPP) solution?

A.To protect containerized workloads from known vulnerabilities and malware threats.
B.To automate the deployment and management of containerized workloads.
C.To manage networking between containerized workloads in the Kubernetes cluster.
D.To optimize resource utilization and scalability of containerized workloads.

정답:

Question No : 10

What mechanism can I use to block unsigned images from running in my cluster?

A.Enabling Admission Controllers to validate image signatures.
B.Using PodSecurityPolicy (PSP) to enforce image signing and validation.
C.Using Pod Security Standards (PSS) to enforce validation of signatures.
D.Configuring Container Runtime Interface (CRI) to enforce image signing and validation.

정답:

Question No : 11

What is the purpose of the Supplier Assessments and Reviews control in the NIST 800-53 Rev. 5 set of controls for Supply Chain Risk Management?

A.To evaluate and monitor existing suppliers for adherence to security requirements.
B.To conduct regular audits of suppliers' financial performance.
C.To establish contractual agreements with suppliers.
D.To identify potential suppliers for the organization.

정답:

Question No : 12

A container running in a Kubernetes cluster has permission to modify host processes on the underlying node.
What combination of privileges and capabilities is most likely to have led to this privilege escalation?

A.There is no combination of privileges and capabilities that permits this.
B.hostPID and SYS_PTRACE
C.hostPath and AUDIT_WRITE
D.hostNetwork and NET_RAW

정답:

Question No : 13

By default, in a Kubeadm cluster, which authentication methods are enabled?

A.OIDC, Bootstrap tokens, and Service Account Tokens
B.X509 Client Certs, OIDC, and Service Account Tokens
C.X509 Client Certs, Bootstrap Tokens, and Service Account Tokens
D.X509 Client Certs, Webhook Authentication, and Service Account Tokens

정답:

Question No : 14

In a Kubernetes environment, what kind of Admission Controller can modify resource manifests when applied to the Kubernetes API to fix misconfigurations automatically?

A.ValidatingAdmissionController
B.PodSecurityPolicy
C.MutatingAdmissionController
D.ResourceQuota

정답:

Question No : 15

Which of the following is a control for Supply Chain Risk Management according to NIST 800-53 Rev. 5?

A.Access Control
B.System and Communications Protection
C.Supply Chain Risk Management Plan
D.Incident Response

정답:

The Linux Foundation KCSA 시험