Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 6 Question 71 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 71
Topic #: 6
[All CKS Questions]

Context

A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.

Task

Given an existing Pod named web-pod running in the namespace security.

Edit the existing Role bound to the Pod's ServiceAccount sa-dev-1 to only allow performing watch operations, only on resources of type services.

Create a new Role named role-2 in the namespace security, which only allows performing update

operations, only on resources of type namespaces.

Create a new RoleBinding named role-2-binding binding the newly created Role to the Pod's ServiceAccount.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Veda at Dec 11, 2024, 04:20 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Loreta
6 days ago
Hmm, I'm not entirely convinced that the tasks are comprehensive enough. Maybe we should double-check the requirements.
upvoted 0 times
...
Nikita
9 days ago
This question is a piece of cake! I can handle this like a pro.
upvoted 0 times
...
Rutha
22 days ago
That's right. It's important to limit permissions to improve security.
upvoted 0 times
...
Larae
25 days ago
I wonder if the exam writers are trying to trick us with this one. Better be cautious!
upvoted 0 times
Vincent
7 days ago
Let's carefully review the tasks before making any changes.
upvoted 0 times
...
...
Rima
29 days ago
And we also need to create a new Role for update operations on namespaces.
upvoted 0 times
...
Kelvin
1 months ago
This is a great opportunity to showcase my kubernetes security skills. Time to shine!
upvoted 0 times
Brent
1 days ago
Great job! Your Kubernetes security skills are definitely shining through.
upvoted 0 times
...
Amber
10 days ago
After that, I will create a RoleBinding to bind role-2 to the Pod's ServiceAccount.
upvoted 0 times
...
Freeman
11 days ago
Next, I will create a new Role named role-2 to only allow update operations on namespaces.
upvoted 0 times
...
Dong
26 days ago
I will start by editing the existing Role to only allow watch operations on services.
upvoted 0 times
...
...
Rutha
1 months ago
Yes, we need to edit the existing Role to only allow watch operations on services.
upvoted 0 times
...
Rima
1 months ago
I think the task is about reducing permissions for a Pod's ServiceAccount.
upvoted 0 times
...

Save Cancel