Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 1 Question 61 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 61
Topic #: 1
[All CKS Questions]

On the Cluster worker node, enforce the prepared AppArmor profile

#include

profile nginx-deny flags=(attach_disconnected) {

#include

file,

# Deny all file writes.

deny /** w,

}

EOF'

Edit the prepared manifest file to include the AppArmor profile.

apiVersion: v1

kind: Pod

metadata:

name: apparmor-pod

spec:

containers:

- name: apparmor-pod

image: nginx

Finally, apply the manifests files and create the Pod specified on it.

Verify: Try to make a file inside the directory which is restricted.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Aliza at Aug 04, 2024, 06:45 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Santos
1 months ago
This is great, I love a challenge! Time to put on my security superhero cape and see if I can outsmart this AppArmor profile.
upvoted 0 times
...
Isabelle
1 months ago
Ah, the joys of container security. Now I can't even create a file without getting the AppArmor police on my case. Where's the fun in that?
upvoted 0 times
Charlette
19 days ago
User1: It's all about keeping things secure, even in containers.
upvoted 0 times
...
...
Kris
2 months ago
Hmm, I wonder if the developers are feeling a bit defensive with this 'deny all file writes' policy. Guess they're not taking any chances!
upvoted 0 times
Terina
6 days ago
Definitely a strong defense mechanism in place.
upvoted 0 times
...
Caprice
7 days ago
I guess they want to make sure nothing unwanted gets through.
upvoted 0 times
...
Willow
25 days ago
Yeah, seems like they really want to lock down any file writes.
upvoted 0 times
...
Annita
2 months ago
That's a pretty strict policy they're enforcing.
upvoted 0 times
...
...
Shawnta
2 months ago
Exactly, it adds an extra layer of protection to the system. We should definitely include the profile in the manifest file.
upvoted 0 times
...
Lachelle
2 months ago
I agree, restricting file writes can prevent unauthorized access and potential attacks.
upvoted 0 times
...
Gretchen
2 months ago
The AppArmor profile is blocking all file writes, as expected. Looks like we're on the right track here.
upvoted 0 times
Ines
1 months ago
User 2: That's great news! We're making progress.
upvoted 0 times
...
Novella
2 months ago
User 1: The AppArmor profile is working well.
upvoted 0 times
...
...
Shawnta
3 months ago
I think enforcing the AppArmor profile on the Cluster worker node is important for security.
upvoted 0 times
...

Save Cancel