KCSA 무료 덤프문제 온라인 액세스

What mechanism can I use to block unsigned images from running in my cluster?

• A.Enabling Admission Controllers to validate image signatures.
• B.Configuring Container Runtime Interface (CRI) to enforce image signing and validation.
• C.Using Pod Security Standards (PSS) to enforce validation of signatures.
• D.Using PodSecurityPolicy (PSP) to enforce image signing and validation.

By default, in a Kubeadm cluster, which authentication methods are enabled?

• A.X509 Client Certs, Webhook Authentication, and Service Account Tokens
• B.X509 Client Certs, Bootstrap Tokens, and Service Account Tokens
• C.X509 Client Certs, OIDC, and Service Account Tokens
• D.OIDC, Bootstrap tokens, and Service Account Tokens

What kind of organization would need to be compliant with PCI DSS?

• A.Merchants that process credit card payments.
• B.Retail stores that only accept cash payments.
• C.Non-profit organizations that handle sensitive customer data.
• D.Government agencies that collect personally identifiable information.

Which of the following snippets from a RoleBinding correctly associates user bob with Role pod-reader ?

• A.subjects:
  - kind: User
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
  roleRef:
  kind: Role
  name: bob
  apiGroup: rbac.authorization.k8s.io
• B.subjects:
  - kind: User
  name: bob
  apiGroup: rbac.authorization.k8s.io
  roleRef:
  kind: ClusterRole
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
• C.subjects:
  - kind: User
  name: bob
  apiGroup: rbac.authorization.k8s.io
  roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
• D.subjects:
  - kind: Group
  name: bob
  apiGroup: rbac.authorization.k8s.io
  roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Which technology can be used to apply security policy for internal cluster traffic at the application layer of the network?

• A.Ingress Controller
• B.Network Policy
• C.Container Runtime
• D.Service Mesh