Linux_Foundation
CKS · Question #21
CKS Question #21: Real Exam Question with Answer & Explanation
Sign in or unlock CKS to reveal the answer and full explanation for question #21. The question stem and answer options stay visible for context.
Submitted by mike_84· May 4, 2026Cluster Hardening
Question
Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted.
Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim.
Create a new ServiceAccount named psp-sa in the namespace restricted.
Create a new ClusterRole named psp-role, which uses the newly created Pod Security Policy prevent-volume-policy
Create a new ClusterRoleBinding named psp-role-binding, which binds the created ClusterRole psp-role to the created SA psp-sa.
Hint:
Also, Check the Configuration is working or not by trying to Mount a Secret in the pod maifest, it should get failed.
Unlock CKS to see the answer
You've previewed enough free CKS questions. Unlock CKS for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#PodSecurityPolicy#RBAC#Volume restrictions#Cluster hardening