Expert Answers to Linux Foundation Exam CKS Questions

Page: 1 / 2

Kubernetes Security Specialist Certified Kubernetes Security Specialist (CKS)

Certified Kubernetes Security Specialist (CKS)

Last Update Sep 15, 2025
Total Questions : 48

To help you prepare for the CKS Linux Foundation exam, we are offering free CKS Linux Foundation exam questions. All you need to do is sign up, provide your details, and prepare with the free CKS practice questions. Once you have done that, you will have access to the entire pool of Certified Kubernetes Security Specialist (CKS) CKS test questions which will help you better prepare for the exam. Additionally, you can also find a range of Certified Kubernetes Security Specialist (CKS) resources online to help you better understand the topics covered on the exam, such as Certified Kubernetes Security Specialist (CKS) CKS video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic Linux Foundation CKS exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.

Questions 2

Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress traffic

Options:

Discussion 0

Questions 3

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Questions 3

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

Options:

Discussion 0

Questions 4

Task

Create a NetworkPolicy named pod-access to restrict access to Pod users-service running in namespace dev-team.

Only allow the following Pods to connect to Pod users-service:

Questions 4 Pods in the namespace qa

Questions 4 Pods with label environment: testing, in any namespace

Questions 4

Options:

Discussion 0

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka Aug 27, 2025

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Inaaya

Are these Dumps worth buying?

Fraser Aug 12, 2025

Yes, of course, they are necessary to pass the exam. They give you an insight into the types of questions that could come up and help you prepare effectively.

Ayesha

They are study materials that are designed to help students prepare for exams and certification tests. They are basically a collection of questions and answers that are likely to appear on the test.

Ayden Aug 3, 2025

That sounds interesting. Why are they useful? Planning this week, hopefully help me. Can you give me PDF if you have ?

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Aug 8, 2025

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Questions 5

You can switch the cluster/configuration context using the following command:

[desk@cli] $ kubectl config use-context test-account

Task: Enable audit logs in the cluster.

To do so, enable the log backend, and ensure that:

1. logs are stored at /var/log/Kubernetes/logs.txt

2. log files are retained for 5 days

3. at maximum, a number of 10 old audit log files are retained

A basic policy is provided at /etc/Kubernetes/logpolicy/audit-policy.yaml. It only specifies what not to log.

Note: The base policy is located on the cluster's master node.

Edit and extend the basic policy to log:

1. Nodes changes at RequestResponse level

2. The request body of persistentvolumes changes in the namespace frontend

3. ConfigMap and Secret changes in all namespaces at the Metadata level

Also, add a catch-all rule to log all other requests at the Metadata level

Note: Don't forget to apply the modified policy.

Options:

Discussion 0

Answer:

See the explanation below

Explanation:

$ vim /etc/kubernetes/log-policy/audit-policy.yaml

uk.co.certification.simulator.questionpool.PList@6c5d9e40

$ vim /etc/kubernetes/manifests/kube-apiserver.yamlAdd these

uk.co.certification.simulator.questionpool.PList@6c5da220

- --audit-log-maxbackup=10

Explanation[desk@cli] $ ssh master1[master1@cli] $ vim /etc/kubernetes/log-policy/audit-policy.yaml

apiVersion: audit.k8s.io/v1 # This is required.

kind: Policy

# Don't generate audit events for all requests in RequestReceived stage.

omitStages:

- "RequestReceived"

rules:

# Don't log watch requests by the "system:kube-proxy" on endpoints or services

- level: None

users: ["system:kube-proxy"]

verbs: ["watch"]

resources:

- group: "" # core API group

resources: ["endpoints", "services"]

# Don't log authenticated requests to certain non-resource URL paths.

- level: None

userGroups: ["system:authenticated"]

nonResourceURLs:

- "/api*" # Wildcard matching.

- "/version"

# Add your changes below

- level: RequestResponse

userGroups: ["system:nodes"] # Block for nodes

- level: Request

resources:

- group: "" # core API group

resources: ["persistentvolumes"] # Block for persistentvolumes

namespaces: ["frontend"] # Block for persistentvolumes of frontend ns

- level: Metadata

resources:

- group: "" # core API group

resources: ["configmaps", "secrets"] # Block for configmaps & secrets

- level: Metadata # Block for everything else

[master1@cli] $ vim /etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1

kind: Pod

metadata:

annotations:

kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 10.0.0.5:6443

labels:

component: kube-apiserver

tier: control-plane

name: kube-apiserver

namespace: kube-system

spec:

containers:

- command:

- kube-apiserver

- --advertise-address=10.0.0.5

- --allow-privileged=true

- --authorization-mode=Node,RBAC

- --audit-policy-file=/etc/kubernetes/log-policy/audit-policy.yaml #Add this

- --audit-log-path=/var/log/kubernetes/logs.txt #Add this

- --audit-log-maxage=5 #Add this

- --audit-log-maxbackup=10 #Add this

output truncated

Reference: [Reference: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/, ]

CKS Exam Syllabus CKS Free YouTube Course Get Premium Access

CKS
PDF

$42 ~~$104.99~~

Add to Cart

CKS Testing Engine

$50 ~~$124.99~~

Add to Cart

CKS PDF + Testing Engine

$66 ~~$164.99~~

Add to Cart

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: big60

cramkey logo

Exam Dumps:

Cramkey Website:

Kubernetes Security Specialist Certified Kubernetes Security Specialist (CKS)

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

CKS
PDF

CKS Testing Engine

CKS PDF + Testing Engine

Recently New Launched IT Exams

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: big60

cramkey logo

Exam Dumps:

Cramkey Website:

Certified Kubernetes Security Specialist (CKS) CKS Exam Questions with Experts Answers Updated Recently

Kubernetes Security Specialist Certified Kubernetes Security Specialist (CKS)

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

CKSPDF

CKS Testing Engine

CKS PDF + Testing Engine

Recently New Launched IT Exams

CKS
PDF