CCCS-203B · Question #293
CCCS-203B Question #293: Real Exam Question with Answer & Explanation
The correct answer is B. Intercepting pod creation requests to ensure they comply with configured security policies.. Option A: Kernel-level protections are managed by the CrowdStrike Falcon Container Sensor, not the Admission Controller. The Admission Controller focuses on admission-time security policies rather than runtime protections. Option B: The Kubernetes Admission Controller intercepts
Question
Options
- AAutomatically applying kernel-level protections to all running containers.
- BIntercepting pod creation requests to ensure they comply with configured security policies.
- CScanning all container images for vulnerabilities during runtime.
- DMonitoring inter-container network traffic and blocking suspicious connections.
Explanation
Option A: Kernel-level protections are managed by the CrowdStrike Falcon Container Sensor, not the Admission Controller. The Admission Controller focuses on admission-time security policies rather than runtime protections. Option B: The Kubernetes Admission Controller intercepts pod creation requests submitted to the Kubernetes API server. It verifies these requests against security policies configured by the CrowdStrike platform, such as ensuring containers include the CrowdStrike Falcon sensor or restricting the use of insecure configurations (e.g., running containers as root). This functionality enforces security at the earliest stage of workload deployment. Option C: Vulnerability scanning is typically performed by image scanning tools or registry integrations. The Admission Controller does not scan images but ensures security compliance during pod admission. Option D: Network monitoring and blocking are functions of network security solutions, not the Kubernetes Admission Controller. The Admission Controller focuses solely on admission control.
Community Discussion
No community discussion yet for this question.