Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 3 Question 73 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 73
Topic #: 3
[All CKS Questions]

Context

A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.

Task

Given an existing Pod named web-pod running in the namespace security.

Edit the existing Role bound to the Pod's ServiceAccount sa-dev-1 to only allow performing watch operations, only on resources of type services.

Create a new Role named role-2 in the namespace security, which only allows performing update

operations, only on resources of type namespaces.

Create a new RoleBinding named role-2-binding binding the newly created Role to the Pod's ServiceAccount.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Adelina at Jan 28, 2025, 08:26 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Boris
7 days ago
Haha, I bet the person who wrote this question is a real stickler for security. Good thing we're taking it seriously!
upvoted 0 times
...
Gerardo
9 days ago
That makes sense, we should create the new RoleBinding to bind the new Role to the Pod's ServiceAccount.
upvoted 0 times
...
Silva
11 days ago
Hmm, I wonder if there's an easier way to do this. Maybe a tool or script could automate it?
upvoted 0 times
...
Jesusa
15 days ago
And the new Role should only allow update operations on namespaces.
upvoted 0 times
...
Tamar
20 days ago
I believe the existing Role needs to be limited to watch operations on services only.
upvoted 0 times
...
Bernardine
21 days ago
Hey, at least we're not dealing with any 'rm -rf /' commands, right? Small victories!
upvoted 0 times
Hailey
16 hours ago
User 1: Haha, yeah, small victories for sure!
upvoted 0 times
...
...
Gerardo
28 days ago
Yes, we need to edit the existing Role and create a new Role with specific permissions.
upvoted 0 times
...
Lajuana
1 months ago
Looks good, I think this should work. Reducing permissions is always a good idea.
upvoted 0 times
Detra
8 days ago
User 2: Yes, it's important to limit access to only what is necessary.
upvoted 0 times
...
Walton
11 days ago
User 1: I agree, reducing permissions is crucial for security.
upvoted 0 times
...
...
Tamar
1 months ago
I think the task is about reducing permissions for a Pod's ServiceAccount.
upvoted 0 times
...

Save Cancel