Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Linux Foundation Exam CKS Topic 1 Question 70 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 70
Topic #: 1

[All CKS Questions]

A container image scanner is set up on the cluster.

Given an incomplete configuration in the directory

/etc/kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://test-server.local.8081/image_policy

1. Enable the admission plugin.

2. Validate the control configuration and change it to implicit deny.

Finally, test the configuration by deploying the pod having the image tag as latest.

AExplanation:
ssh-add ~/.ssh/tempprivate
eval '$(ssh-agent -s)'
cd contrib/terraform/aws
vi terraform.tfvars
terraform init
terraform apply -var-file=credentials.tfvars
ansible-playbook -i ./inventory/hosts ./cluster.yml -e ansible_ssh_user=core -e bootstrap_os=coreos -b --become-user=root --flush-cache -e ansible_user=core

Show Suggested Answer

Suggested Answer: A

by Charlette at Nov 19, 2024, 10:15 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lawanda

6 days ago

After that, we should validate the control configuration and change it to implicit deny.

upvoted 0 times

...

Annette

7 days ago

I agree, that's the first step to take.

upvoted 0 times

...

Man

9 days ago

Haha, looks like we're going on a wild goose chase here. Next thing you know, they'll ask us to juggle chainsaws while reciting the periodic table.

upvoted 0 times

...

Jenelle

14 days ago

Hold up, I'm a bit confused. Why do we need to do all that SSH and Terraform stuff? I thought this was about setting up a container image scanner, not deploying a whole cluster.

upvoted 0 times

...

Mollie

15 days ago

Hmm, I'm not sure about that. Shouldn't we just be able to deploy the pod with the latest image tag and see if the scanner picks it up? This seems a bit convoluted.

upvoted 0 times

...

Sommer

23 days ago

Wait, so we need to enable the admission plugin and change the control configuration to implicit deny? That's a lot of steps just to test a container image scanner. Are you sure there isn't an easier way to do this?

upvoted 0 times

Catarina

7 days ago

Yes, we need to enable the admission plugin and change the control configuration to implicit deny to test the container image scanner.

upvoted 0 times

...

Xuan

7 days ago

I understand, but following these steps will help us test the configuration effectively.

upvoted 0 times

...

Vivienne

12 days ago

It may seem like a lot of steps, but it's necessary to ensure the security of the cluster.

upvoted 0 times

...

Rebeca

17 days ago

Yes, we need to enable the admission plugin and change the control configuration to implicit deny for the container image scanner.

upvoted 0 times

...

...

Nickolas

24 days ago

I think we need to enable the admission plugin first.

upvoted 0 times

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77