Linux Foundation Exam CKS Topic 1 Question 61 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 61
Topic #: 1

[All CKS Questions]

On the Cluster worker node, enforce the prepared AppArmor profile

#include

profile nginx-deny flags=(attach_disconnected) {

#include

file,

# Deny all file writes.

deny /** w,

}

EOF'

Edit the prepared manifest file to include the AppArmor profile.

apiVersion: v1

kind: Pod

metadata:

name: apparmor-pod

spec:

containers:

- name: apparmor-pod

image: nginx

Finally, apply the manifests files and create the Pod specified on it.

Verify: Try to make a file inside the directory which is restricted.

AExplanation:

Show Suggested Answer

Suggested Answer: A

by Aliza at Aug 04, 2024, 06:45 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kris

3 days ago

Hmm, I wonder if the developers are feeling a bit defensive with this 'deny all file writes' policy. Guess they're not taking any chances!

upvoted 0 times

...

Shawnta

9 days ago

Exactly, it adds an extra layer of protection to the system. We should definitely include the profile in the manifest file.

upvoted 0 times

...

Lachelle

11 days ago

I agree, restricting file writes can prevent unauthorized access and potential attacks.

upvoted 0 times

...

Gretchen

15 days ago

The AppArmor profile is blocking all file writes, as expected. Looks like we're on the right track here.

upvoted 0 times

...

Shawnta

26 days ago

I think enforcing the AppArmor profile on the Cluster worker node is important for security.

upvoted 0 times

...