Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 1 Question 55 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 55
Topic #: 1
[All CKS Questions]

You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context dev Context: A CIS Benchmark tool was run against the kubeadm created cluster and found multiple issues that must be addressed. Task: Fix all issues via configuration and restart the affected components to ensure the new settings take effect. Fix all of the following violations that were found against the API server: 1.2.7authorization-modeargument is not set toAlwaysAllow FAIL 1.2.8authorization-modeargument includesNode FAIL 1.2.7authorization-modeargument includesRBAC FAIL Fix all of the following violations that were found against the Kubelet: 4.2.1 Ensure that theanonymous-auth argumentis set to false FAIL 4.2.2authorization-modeargument is not set to AlwaysAllow FAIL (UseWebhookautumn/authz where possible) Fix all of the following violations that were found against etcd: 2.2 Ensure that theclient-cert-authargument is set to true

Show Suggested Answer Hide Answer
Suggested Answer: A

by Arminda at May 23, 2024, 11:12 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bettyann
7 months ago
Wait, we have to fix issues for the API server, Kubelet, and etcd? This is going to be a long one, but I'm feeling confident.
upvoted 0 times
Dottie
6 months ago
User2
upvoted 0 times
...
Darrin
6 months ago
User1
upvoted 0 times
...
...
Krissy
7 months ago
Hmm, authorization modes and anonymous auth settings. Looks like a real brainteaser, but I'm up for the challenge.
upvoted 0 times
...
Leslie
7 months ago
Jokes on the exam writers, I've been waiting for a chance to show off my Kubernetes security chops!
upvoted 0 times
Goldie
6 months ago
A) Explanation
upvoted 0 times
...
Dominga
6 months ago
A) Explanation
upvoted 0 times
...
...
Lezlie
7 months ago
This question covers a lot of important security configurations for the Kubernetes cluster. I think I can handle this one.
upvoted 0 times
Merissa
6 months ago
Finally, I will ensure that the client-cert-auth argument is set to true for etcd to fix the violations found.
upvoted 0 times
...
Merissa
6 months ago
Next, I will address the violations for the Kubelet by setting anonymous-auth to false and changing the authorization-mode.
upvoted 0 times
...
Merissa
6 months ago
I will fix the authorization-mode violations for the API server and restart the affected components.
upvoted 0 times
...
Merissa
6 months ago
I see there are multiple issues that need to be fixed against the API server, Kubelet, and etcd. Let's address them step by step.
upvoted 0 times
...
Merissa
7 months ago
I will start by switching the cluster/configuration context to dev using the command provided.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77