CKS Question #74: Real Exam Question with Answer & Explanation

Sign in or unlock CKS to reveal the answer and full explanation for question #74. The question stem and answer options stay visible for context.

Submitted by kim_seoul· May 4, 2026Minimize Microservice Vulnerabilities

Question

A security audit has identified a Deployment improperly handling service account tokens, which could lead to security vulnerabilities. First, modify the existing ServiceAccount stats-monitor-sa in the namespace monitoring to turn off automounting of API credentials. Next, modify the existing Deployment stats-monitor in the namespace monitoring to inject a ServiceAccount token mounted at /var/run/secrets/kubernetes.io/serviceaccount/token. Use a Projected Volume named token to inject the ServiceAccount token and ensure that it is mounted read-only. The Deployment's manifest file can be found at /home/candidate/stats-monitor/deployment.yaml

Unlock CKS to see the answer

You've previewed enough free CKS questions. Unlock CKS for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CKS - $49.99 / 30 days Sign in

Topics

#ServiceAccount Security#API Credentials Management#Projected Volumes#Deployment Hardening

Full CKS Practice Browse All CKS Questions