The Linux Foundation CKS Practice Exams
Last updated on Mar 31,2025- Exam Code: CKS
- Exam Name: Certified Kubernetes Security Specialist (CKS)
- Certification Provider: The Linux Foundation
- Latest update: Mar 31,2025
What are the benefits of implementing SPF in FortiMail? (Choose all that apply)
- A . Prevents email spoofing
- B . Increases email delivery speed
- C . Ensures email authentication
- D . Improves email encryption
What are the benefits of implementing SPF in FortiMail? (Choose all that apply)
- A . Prevents email spoofing
- B . Increases email delivery speed
- C . Ensures email authentication
- D . Improves email encryption
CORRECT TEXT
Create a RuntimeClass named untrusted using the prepared runtime handler named runsc.
Create a Pods of image alpine:3.13.2 in the Namespace default to run on the gVisor runtime class.
Verify: Exec the pods and run the dmesg, you will see output like this:-
CORRECT TEXT
Create a RuntimeClass named untrusted using the prepared runtime handler named runsc.
Create a Pods of image alpine:3.13.2 in the Namespace default to run on the gVisor runtime class.
Verify: Exec the pods and run the dmesg, you will see output like this:-
CORRECT TEXT
Create a new ServiceAccount named backend-sa in the existing namespace default, which has the capability to list the pods inside thenamespace default.
Create a new Pod named backend-pod in the namespace default, mount the newly created sa backend-sa to the pod, and Verify that the pod is able to list pods.
Ensure that the Pod is running.
sysdig
Tools are pre-installed on the worker1 node only.
Analyse the container’s behaviour for at least 40 seconds, using filters that detect newly spawning and executing processes.
Store an incident file at /home/cert_masters/report, in the following format:
[timestamp],[uid],[processName]
Note: Make sure to store incident file on the cluster’s worker node, don’t move it to master node.
CORRECT TEXT
On the Cluster worker node, enforce the prepared AppArmor profile
✑ #include<tunables/global>
✑
✑ profilenginx-deny flags=(attach_disconnected) {
✑ #include<abstractions/base>
✑
✑ file,
✑
✑ # Deny all file writes.
✑ deny/** w,
✑ }
✑ EOF’
Edit the prepared manifest file to include the AppArmor profile.
✑ apiVersion: v1
✑ kind: Pod
✑ metadata:
✑ name:apparmor-pod
✑ spec:
✑ containers:
✑ – name: apparmor-pod
✑ image: nginx
Finally, apply the manifests files and create the Pod specified on it.
Verify: Try to make a file inside the directory which is restricted.
CORRECT TEXT
a. Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace.
Store the value of the token in thetoken.txt
b. Create a new secret named test-db-secret in the DB namespace with the following content:
username: mysql
password: password@123
Create the Pod name test-db-pod of image nginx in the namespace db that can accesstest-db-secret via a volume at path /etc/mysql-credentials
CORRECT TEXT
a. Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace.
Store the value of the token in thetoken.txt
b. Create a new secret named test-db-secret in the DB namespace with the following content:
username: mysql
password: password@123
Create the Pod name test-db-pod of image nginx in the namespace db that can accesstest-db-secret via a volume at path /etc/mysql-credentials
CORRECT TEXT
a. Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace.
Store the value of the token in thetoken.txt
b. Create a new secret named test-db-secret in the DB namespace with the following content:
username: mysql
password: password@123
Create the Pod name test-db-pod of image nginx in the namespace db that can accesstest-db-secret via a volume at path /etc/mysql-credentials