Kubernetes MCQs – Kubernetes Security

Security in Kubernetes is critical to ensuring safe and compliant cluster operations. It covers aspects such as authentication, authorization, RBAC, secrets management, pod security policies, and network policies.

This set of multiple-choice questions (MCQs) is designed to test and improve your understanding of Kubernetes security concepts from both a theoretical and practical perspective. These MCQs are particularly useful for preparing for certification exams and job interviews in the cloud-native ecosystem.

1.) What does RBAC stand for in Kubernetes?

A) Role-Based Access Control
B) Remote-Based Access Control
C) Role-Balanced Access Control
D) Resource-Based Authorization Control

Answer: Option A

Explanation: RBAC is a method of regulating access to resources based on user roles.

2.) Which of the following components enforces RBAC rules in Kubernetes?

A) kubelet
B) etcd
C) API Server
D) Scheduler

Answer: Option C

Explanation: The Kubernetes API server checks RBAC policies before granting access to resources.

3.) What command lists all cluster roles in the current Kubernetes cluster?

A) kubectl get roles
B) kubectl get rolebindings
C) kubectl list roles
D) kubectl get clusterroles

Answer: Option D

Explanation: This command lists all roles that apply across the cluster.

4.) What is the purpose of Kubernetes Secrets?

A) Store sensitive information like passwords
B) Manage user access
C) Encrypt traffic between pods
D) Log pod activity

Answer: Option A

Explanation: Secrets are used to store sensitive data such as tokens and passwords.

5.) What is the default namespace for Kubernetes secrets and config maps?

A) kube-config
B) kube-system
C) default
D) admin

Answer: Option C

Explanation: If not specified, resources like secrets are stored in the default namespace.

6.) What command is used to create a secret from a literal value?

A) kubectl create secret literal
B) kubectl create secret generic
C) kubectl add secret
D) kubectl define secret

Answer: Option B

Explanation: This is used with flags like –from-literal to create a secret from a literal key-value pair.

7.) What does a Kubernetes service account provide?

A) Persistent storage for pods
B) A network identity for a pod
C) Access to the kubelet logs
D) Network load balancing

Answer: Option B

Explanation: Service accounts assign an identity to processes in pods for API communication.

8.) Which of the following is NOT a valid Kubernetes security context field?

A) runAsUser
B) allowPrivilegeEscalation
C) readOnlyRootFilesystem
D) disableTLS

Answer: Option D

Explanation: disableTLS is not a valid field in the Kubernetes securityContext.

9.) Which resource limits what a pod can do (like running as root)?

A) ResourceQuota
B) NetworkPolicy
C) PodSecurityPolicy
D) LimitRange

Answer: Option C

Explanation: PodSecurityPolicy defines a set of conditions that a pod must meet to be accepted by the cluster.

10.) Which of the following tools helps scan Kubernetes clusters for security issues?

A) Prometheus
B) kube-hunter
C) Flannel
D) Istio

Answer: Option B

Explanation: kube-hunter is an open-source tool used to discover security issues in Kubernetes clusters.

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *