Kubernetes MCQs – Kubernetes Security

21.) Which of these commands is used to decode a base64-encoded secret?

A) kubectl decode secret
B) echo <value> | base64 –decode
C) kubectl view secret
D) openssl decode secret

Answer: Option B

Explanation: Secrets are base64 encoded; this command decodes them.

22.) Which Kubernetes resource can prevent containers from running in privileged mode?

A) RoleBinding
B) LimitRange
C) ConfigMap
D) PodSecurityPolicy

Answer: Option D

Explanation PSP can define whether privileged mode is allowed or not.

23.) Which field disables privilege escalation in containers?

A) allowPrivileged
B) denyPrivilege
C) allowPrivilegeEscalation
D) escalate

Answer: Option C

Explanation: Setting allowPrivilegeEscalation: false improves container security.

24.) What flag would you use with kubectl to impersonate a user?

A) –as
B) –run-as
C) –impersonate
D) –user

Answer: Option A

Explanation: This flag allows you to test RBAC rules by impersonating another user.

25.) Which command displays the currently authenticated user in the cluster?

A) kubectl auth whoami
B) kubectl get user
C) kubectl auth can-i
D) kubectl config view

Answer: Option A

Explanation: This command shows the identity of the current Kubernetes user.

26.) What is the maximum number of secrets a pod can mount?

A) 500
B) 100
C) 256
D) Unlimited

Answer: Option D

Explanation: There is no hard limit, but practical constraints may arise based on system limits.

27.) What mechanism does Kubernetes use to authenticate external users?

A) kube-proxy
B) kube-scheduler
C) Certificates and tokens
D) Prometheus

Answer: Option C

Explanation: Users are authenticated via certificates, bearer tokens, or external identity providers.

28.) Which plugin system enables fine-grained authorization checks?

A) CSI
B) CSI
C) ABAC
D) OPA

Answer: Option D

Explanation: OPA (Open Policy Agent) can enforce complex policies in Kubernetes.

29.) What does the command kubectl auth can-i get pods check?

A) Whether the user can access the API server
B) If the current user can perform the get action on pods
C) If pods are running
D) If the user has read-only access to the cluster

Answer: Option B

Explanation: Useful command for testing permissions.

30.) Which security feature is responsible for encrypting etcd data at rest?

A) TLS
B) RBAC
C) EncryptionConfig
D) PSP

Answer: Option C

Explanation: EncryptionConfig is used to encrypt sensitive Kubernetes data in etcd.

Kubernetes MCQs, Kubernetes Security

Leave a Reply

Your email address will not be published. Required fields are marked *