ExamTopics Logo
Mail Us[email protected]
Menu
Linux-Foundation Discussions
exam questions

Exam KCNA All Questions

View all questions & answers for the KCNA exam
Go to Exam

Exam KCNA topic 1 question 86 discussion

Actual exam question from Linux Foundation's KCNA
Question #: 86
Topic #: 1
[All KCNA Questions]

Which of the following capabilities are you allowed to add to a container using the Restricted policy?

  • A. CHOWN
  • B. SYS_CHROOT
  • C. SETUID
  • D. NET_BIND_SERVICE
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by pulsefire at March 7, 2024, 4:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
abitwrong
1 month ago
Selected Answer: D
Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=add%20back%20the-,NET_BIND_SERVICE,-capability.%20This
upvoted 1 times
...
Andrei_Z
3 months, 2 weeks ago
Selected Answer: D
https://kubernetes.io/docs/concepts/security/pod-security-standards/ Capabilities (v1.22+) Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability. This is Linux only policy in v1.25+ (.spec.os.name != "windows")
upvoted 2 times
...
alex78
8 months ago
Selected Answer: D
https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html
upvoted 3 times
...
fabianvera19822
8 months, 1 week ago
Option : A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago