先試後買

A. Defense-in-Depth

B. Zero Trust

C. Secure-by-Design

D. Least Privilege

A. The authentication credentials for accessing k8s.gcr.io are incorrectly scoped.

B. There is a bug in the container runtime or the image pull process.

C. The container image registry k8s.gcr.io has been deprecated.

D. There is a network connectivity issue between the cluster and k8s.gcr.io.

A. kubelet

B. Kubernetes Scheduler

C. Kubernetes Controller Manager

D. Kubernetes API Server

A. A container breakout is the process of escaping the container and gaining access to the host operating system.

B. A container breakout is the process of escaping a container when it reaches its resource limits.

C. A container breakout is the process of escaping the container and gaining access to the Pod's network traffic.

D. A container breakout is the process of escaping the container and gaining access to the cloud provider's infrastructure.

A. Validating admission controllers run before mutating admission controllers.

B. Mutating admission controllers run before validating admission controllers.

C. The order of execution varies and is determined by the cluster configuration.

D. Validating and mutating admission controllers run simultaneously.

A. System and Communications Protection

B. Incident Response

C. Access Control

D. Supply Chain Risk Management Plan

A. The compromised Pod is allowed to connect to the API server without any restrictions.

B. The compromised Pod connects to the API server and is granted elevated privileges by default.

C. The compromised Pod attempts to connect to the API server, but its requests may be blocked due to network policies.

D. The compromised Pod is automatically isolated from the network to prevent any connections to the API server.