Question 10 - Linux Foundation KCSA Real Exam Questions [March 2026 Update]s

Q: 10

You want to minimize security issues in running Kubernetes Pods. Which of the following actions can help achieve this goal?

Options

Correct Answer:

Explanation

Implementing Pod Security Standards (PSS) is a critical action for minimizing security issues in Kubernetes. This is achieved by defining security policies within the Pod's YAML configuration, specifically using the securityContext field. This allows administrators to enforce the principle of least privilege by restricting a Pod's capabilities, such as preventing it from running as the root user (runAsNonRoot: true), disallowing privilege escalation (allowPrivilegeEscalation: false), and applying specific seccomp or AppArmor profiles. These controls directly harden the Pod's runtime environment, reducing its attack surface and mitigating potential vulnerabilities.

Why Incorrect

A. Sharing sensitive data broadly increases the risk of exposure and violates the principle of need-to-know, directly contradicting security best practices.

B. Running Pods with elevated privileges is a major security anti-pattern that breaks container isolation and can lead to host compromise.

D. Obfuscating Pod names through randomization is not a security control; an attacker with cluster access can easily list and identify all Pods.

References

1. Kubernetes Documentation

"Pod Security Standards": This document outlines the three standard policies (Privileged

Baseline

and Restricted) designed to cover a broad spectrum of security requirements. The 'Restricted' policy

for example

enforces current Pod hardening best practices. (Source: kubernetes.io/docs/concepts/security/pod-security-standards/)

2. Kubernetes Documentation

"Configure a Security Context for a Pod or Container": This guide provides specific examples of how to use the securityContext field in a Pod's specification to set security parameters like runAsUser

runAsNonRoot

and allowPrivilegeEscalation. (Source: kubernetes.io/docs/tasks/configure-pod-container/security-context/

Section: "Set the security context for a Pod")

3. The Linux Foundation

"Introduction to Kubernetes (LFS158x)" Courseware: This official course

often used as a basis for KCSA

emphasizes the principle of least privilege. Module 11

"Security

" discusses using Security Contexts to limit container permissions as a fundamental security measure. (Source: edX

LFS158x

Module 11: Security)

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE