ITGSS Certified DevOps Engineer Practice Test

What is the recommended cluster-level resource to enhance security in Kubernetes?

• A. NetworkPolicies
• B. PodSecurityPolicy
• C. ServiceAccount
• D. Ingress

The correct answer is: PodSecurityPolicy

The recommended cluster-level resource to enhance security in Kubernetes is PodSecurityPolicy. This resource allows cluster administrators to control the security aspects of pod creation and configuration through the enforcement of security constraints. By defining policies that specify what pod specifications are allowed, such as restrictions on running as privileged, avoiding the use of certain volumes, and mandating the use of specific capabilities, PodSecurityPolicies can significantly limit the attack surface of applications running in the cluster. PodSecurityPolicies serve as a governance tool that helps ensure compliance with security best practices across the entire cluster. They can help prevent potential vulnerabilities related to pod configurations, thereby bolstering security at the cluster level. This capability is particularly important in complex environments where multiple teams may deploy applications with varying security postures. In contrast, while NetworkPolicies, ServiceAccounts, and Ingress are valuable security mechanisms in their respective contexts, they do not operate at the same level as PodSecurityPolicies regarding controlling pod-level security configurations cluster-wide. NetworkPolicies focus on controlling traffic flow between pods, ServiceAccounts manage access to the Kubernetes API, and Ingress provides a way to expose services to external traffic. Each of these plays a role in the security framework of Kubernetes but does not provide the direct level of control over pod security that