Pod Security — Certified Kubernetes Administrator (CKA) Practice Questions
Pod security in Kubernetes controls the privileges and capabilities that containers are permitted to use at runtime, reducing the risk that a compromised container can affect the host or other workloads. The current mechanism is the Pod Security Admission controller, which enforces one of three built-in policy levels (privileged, baseline, or restricted) at the namespace level, replacing the deprecated PodSecurityPolicy. CKA candidates need to understand how to label namespaces to enforce these standards, how security contexts set per-container and per-pod settings such as runAsUser and allowPrivilegeEscalation, and the implications of each policy level.
Free questions on pod security
What is the purpose of a NetworkPolicy in Kubernetes?
Free question · medium · full answer + explanation
More pod security questions in the full bank
- A pod using a HostPath volume cannot write to the host directory. What is the likely cause? Unlock answer & explanation →
- A pod needs to access the Kubernetes API from within. How would you authenticate? Unlock answer & explanation →
- What is network policy? Unlock answer & explanation →