Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 6 Question 71 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 71
Topic #: 6
[All CKS Questions]

Context

A Role bound to a Pod's ServiceAccount grants overly permissive permissions. Complete the following tasks to reduce the set of permissions.

Task

Given an existing Pod named web-pod running in the namespace security.

Edit the existing Role bound to the Pod's ServiceAccount sa-dev-1 to only allow performing watch operations, only on resources of type services.

Create a new Role named role-2 in the namespace security, which only allows performing update

operations, only on resources of type namespaces.

Create a new RoleBinding named role-2-binding binding the newly created Role to the Pod's ServiceAccount.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Veda at Dec 11, 2024, 04:20 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Loreta
3 months ago
Hmm, I'm not entirely convinced that the tasks are comprehensive enough. Maybe we should double-check the requirements.
upvoted 0 times
Herminia
2 months ago
Let's go over the tasks one more time to ensure we have the correct permissions set.
upvoted 0 times
...
Clorinda
2 months ago
Maybe we missed something in the initial assessment.
upvoted 0 times
...
Marica
2 months ago
I agree, we should double-check the permissions needed for each task.
upvoted 0 times
...
Allene
2 months ago
Let's review the requirements again to make sure we're on the right track.
upvoted 0 times
...
...
Nikita
3 months ago
This question is a piece of cake! I can handle this like a pro.
upvoted 0 times
Tamar
2 months ago
Don't forget to bind the new Role to the Pod's ServiceAccount with a RoleBinding.
upvoted 0 times
...
Paz
2 months ago
Yes, that's correct. We also need to create a new Role for update operations on namespaces.
upvoted 0 times
...
Troy
2 months ago
I think I need to edit the existing Role to only allow watch operations on services.
upvoted 0 times
...
...
Rutha
3 months ago
That's right. It's important to limit permissions to improve security.
upvoted 0 times
...
Larae
3 months ago
I wonder if the exam writers are trying to trick us with this one. Better be cautious!
upvoted 0 times
Melvin
2 months ago
I think we should start by editing the existing Role bound to the Pod's ServiceAccount.
upvoted 0 times
...
Sage
2 months ago
After that, we can create the new Role and RoleBinding to restrict permissions further.
upvoted 0 times
...
Lynelle
2 months ago
I agree, we need to ensure we are reducing permissions as required.
upvoted 0 times
...
Vincent
3 months ago
Let's carefully review the tasks before making any changes.
upvoted 0 times
...
...
Rima
4 months ago
And we also need to create a new Role for update operations on namespaces.
upvoted 0 times
...
Kelvin
4 months ago
This is a great opportunity to showcase my kubernetes security skills. Time to shine!
upvoted 0 times
Brent
3 months ago
Great job! Your Kubernetes security skills are definitely shining through.
upvoted 0 times
...
Amber
3 months ago
After that, I will create a RoleBinding to bind role-2 to the Pod's ServiceAccount.
upvoted 0 times
...
Freeman
3 months ago
Next, I will create a new Role named role-2 to only allow update operations on namespaces.
upvoted 0 times
...
Dong
3 months ago
I will start by editing the existing Role to only allow watch operations on services.
upvoted 0 times
...
...
Rutha
4 months ago
Yes, we need to edit the existing Role to only allow watch operations on services.
upvoted 0 times
...
Rima
4 months ago
I think the task is about reducing permissions for a Pod's ServiceAccount.
upvoted 0 times
...

Save Cancel