Skip to main content
Cybersecurity ⭐ Premium

CNCF Kubernetes and Cloud Native Security Associate (KCSA) - 340 Questions

By Webmaster Certland ❤️ 0 likes

Practice exam for the CNCF Kubernetes and Cloud Native Security Associate (KCSA) certification. Covers Cloud Native Security, Kubernetes Cluster Component Security, Security Fundamentals, Threat Model, Platform Security, and Compliance Frameworks.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A security architect is explaining the 4Cs of Cloud Native Security to a new team. Which layer of the 4Cs model is considered the outermost layer and serves as the foundation that all inner layers depend upon?

A Cloud
B Cluster
C Container
D Code

2. A company is deploying a Kubernetes workload on a managed cloud provider. A developer argues that because they are using containers, they do not need to worry about the underlying cloud infrastructure security. Which statement best explains why this reasoning is flawed according to the 4Cs model?

A Containers are isolated by default and do not communicate with the underlying cloud infrastructure
B A weakness in the Cloud layer cannot be fully compensated by securing inner layers such as Container or Code
C Managed Kubernetes services assume full responsibility for all four layers including Cloud infrastructure
D Only the Code layer matters because application vulnerabilities are the most common attack vector

3. In the context of cloud native security, which security control is the primary responsibility of the cloud provider — not the customer — when using an Infrastructure as a Service (IaaS) model?

A Configuring IAM policies for cloud resources
B Enabling encryption at rest for stored data
C Defining network security group rules for virtual machines
D Physical security of the data center hardware and facilities

4. A platform team is hardening the host operating systems running Kubernetes nodes. Which practice is considered a fundamental host hardening control for Kubernetes worker nodes?

A Remove unnecessary packages and services from the node operating system
B Enable SSH password authentication for easier administrative access
C Run all containers as root to simplify permission management
D Disable audit logging on worker nodes to reduce disk I/O overhead

5. A company wants to prevent hardcoded secrets from entering their container images. Which Code layer security control directly addresses this risk?

A Implement network segmentation between namespaces
B Scan container images for known CVE vulnerabilities
C Use secret scanning tools in the CI/CD pipeline to detect hardcoded credentials in source code
D Configure Kubernetes RBAC to restrict pod deployment permissions

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium 7-day trial
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Start 7-day free trial

Information

Questions 340
Time 1h 30min
Difficulty Medium
Minimum Score 75.00%
🤍 Like

Related Exams

⭐ Premium

Microsoft Azure Security Technologies (AZ-500) - 340 Questions

340 questions · 0 attempts
⭐ Premium

Microsoft Cybersecurity Architect (SC-100) - 340 Questions

340 questions · 0 attempts
⭐ Premium

Microsoft Identity and Access Administrator (SC-300) - 340 Questions

340 questions · 0 attempts
⭐ Premium

AWS Certified Security Specialty (SCS-C03) - 340 Questions

340 questions · 0 attempts

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.