Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 25 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 25
Topic #: 1
[All CKS Questions]

You must complete this task on the following cluster/nodes:

Cluster:trace

Master node:master

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context trace

Given: You may use Sysdig or Falco documentation.

Task:

Use detection tools to detect anomalies like processes spawning and executing something weird frequently in the single container belonging to Podtomcat.

Two tools are available to use:

1. falco

2. sysdig

Tools are pre-installed on the worker1 node only.

Analyse the container's behaviour for at least 40 seconds, using filters that detect newly spawning and executing processes.

Store an incident file at/home/cert_masters/report, in the following format:

[timestamp],[uid],[processName]

Note:Make sure to store incident file on the cluster's worker node, don't move it to master node.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Nu at Jun 18, 2022, 08:54 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jaclyn
4 months ago
Don't forget to check the filters for newly spawning processes!
upvoted 0 times
...
Latanya
5 months ago
Wait, are we really storing the incident file on worker1? Seems risky!
upvoted 0 times
...
Keith
5 months ago
I think falco is better for detecting those anomalies.
upvoted 0 times
...
Reiko
5 months ago
Totally agree, that command is crucial for the task!
upvoted 0 times
...
Paris
5 months ago
Just a reminder, make sure to use the right context with `kubectl config use-context trace`.
upvoted 0 times
...
Willetta
5 months ago
I recall using Sysdig in a similar exercise, but I think Falco might be more suited for this task. I just need to remember how to analyze the container's behavior correctly.
upvoted 0 times
...
Ty
5 months ago
I feel a bit confused about where to store the incident file. I know it should be on the worker node, but I hope I don't mix it up with the master node.
upvoted 0 times
...
Theresia
5 months ago
I remember we practiced using Falco for detecting anomalies, but I'm not entirely sure about the exact command syntax for filtering processes.
upvoted 0 times
...
Billye
6 months ago
I think we need to set up the rules in Falco first, like we did in that practice question about container drift. I hope I can remember the right conditions to use.
upvoted 0 times
...
Hollis
6 months ago
The Expression Builder for if-then rules could be really helpful in crafting accurate condition expressions. I think that's a key advantage to keep in mind.
upvoted 0 times
...
Sabra
6 months ago
There was a practice question about the responsibilities outlined in contracts, and I thought the emphasis was on the provider's obligation being linked to receiving information from the health plan.
upvoted 0 times
...
Whitley
6 months ago
I'm a bit unsure about this one. I'll need to review my notes on troubleshooting SAN fabric issues.
upvoted 0 times
...
Brigette
6 months ago
I think this scenario might involve incidental teaching since it's a natural learning moment that wasn't planned.
upvoted 0 times
...
Guru Dayal Bhatt
3 years ago
How to get the container id
upvoted 1 times
...

Save Cancel