CKS · Question #51
CKS Question #51: Real Exam Question with Answer & Explanation
Sign in or unlock CKS to reveal the answer and full explanation for question #51. The question stem and answer options stay visible for context.
Question
You must complete this task on the `kscs002` cluster, with master node `kscs00201-master` and worker node `kscs00201-worker1`. You can switch the cluster/configuration context using the following command: `kubectl config use-context KSCS00201`. A CIS Benchmark tool was run against the kubeadm-created cluster and found multiple issues that must be addressed immediately. Fix all issues via configuration and restart the affected components to ensure the new settings take effect. Specifically, fix all of the following violations: **Violations against the API server:** - Ensure that the `--authorization-mode` argument is not set to `AlwaysAllow`. - Ensure that the `--authorization-mode` argument includes `Node`. - Ensure that the `--authorization-mode` argument includes `RBAC`. **Violations against the Kubelet:** - Ensure that the `anonymous-auth` argument is set to `false`. - Ensure that the `--authorization-mode` argument is not set to `AlwaysAllow`. **Violations against etcd:** - Ensure that the `--client-cert-auth` argument is set to `true`. Note: Use Webhook authentication/authorization where possible.
Unlock CKS to see the answer
You've previewed enough free CKS questions. Unlock CKS for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.