nerdexam
ExamsSC-100Questions#172
MicrosoftMicrosoft

SC-100 · Question #172

SC-100 Question #172: Real Exam Question with Answer & Explanation

The correct answer is B: The updates must first be applied to the image used to provision the nodes.. For AKS worker nodes to receive the latest kernel updates with minimal administrative effort, updates should be incorporated into the node image and applied via AKS node image upgrades. This avoids in-place patching and manual restart orchestration.

Design security solutions for infrastructure

Question

You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes. You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort. What should you recommend?

Options

  • AThe nodes must restart after the updates are applied.
  • BThe updates must first be applied to the image used to provision the nodes.
  • CThe AKS cluster version must be upgraded.

Explanation

For AKS worker nodes to receive the latest kernel updates with minimal administrative effort, updates should be incorporated into the node image and applied via AKS node image upgrades. This avoids in-place patching and manual restart orchestration.

Common mistakes.

  • A. Restarting nodes after in-place kernel updates (a pattern used with tools like kured) requires additional tooling and management overhead, which does not minimize administrative effort.
  • C. Upgrading the AKS cluster version updates the Kubernetes control plane and node Kubernetes components but does not specifically target Linux kernel updates contained in the node OS image.

Concept tested. AKS node image upgrades for OS kernel patching

Reference. https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade

Topics

#AKS#Node Updates#Kernel Updates#Security Patching

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-100 PracticeBrowse All SC-100 Questions