MCQs on Security in AKS | Securing AKS Clusters and Applications
Security in Azure Kubernetes Service (AKS) is critical to maintaining the integrity of your cloud applications. This chapter focuses on key topics such as identity management, role-based access control, network security, and securing containers and pods within AKS.
Identity and Access Management with Azure Active Directory (AAD)
- What is Azure Active Directory (AAD) primarily used for in AKS?
a) Container registry management
b) Authentication and identity management
c) Network policy enforcement
d) Application monitoring - Which of the following is a key benefit of integrating Azure AD with AKS?
a) Multi-tenant access management
b) Automated scaling of nodes
c) Container vulnerability scanning
d) Simplified networking - What is required to use Azure AD integration with AKS?
a) Azure Active Directory Premium
b) A Service Principal
c) A Kubernetes Operator
d) A public IP address - How does Azure AD integration improve security in AKS?
a) Through role-based access control
b) By providing node scaling
c) By scanning images
d) By encrypting data at rest - Which Azure AD authentication method is used by AKS to authenticate API requests?
a) Managed identity
b) Service principal
c) Personal Access Tokens (PATs)
d) OAuth tokens
Role-based Access Control (RBAC) in AKS
- What is the purpose of Role-Based Access Control (RBAC) in AKS?
a) To scale the Kubernetes nodes automatically
b) To define user permissions to resources
c) To monitor the health of pods
d) To configure network policies - In RBAC, what does a “Role” define?
a) The resource that users can access
b) A set of permissions within a specific namespace
c) The type of container image to be deployed
d) The cloud storage used by the service - What is the default RBAC role for a user in AKS?
a) Reader
b) Contributor
c) Owner
d) No access - What does the “ClusterRole” in AKS apply to?
a) A specific pod within a namespace
b) A set of permissions across all namespaces in the cluster
c) Permissions for Azure Active Directory users
d) Only the control plane resources - How can a user be granted access to an AKS cluster?
a) By using a personal authentication key
b) By associating them with an Azure AD group
c) By assigning them a Service Principal
d) Through automatic encryption
Network Security and Policies (Azure Network Policies, Network Security Groups)
- What is the primary role of Azure Network Security Groups (NSGs) in AKS?
a) To manage container images
b) To control inbound and outbound traffic
c) To scale Kubernetes pods
d) To monitor application performance - Which of the following is a feature of Azure Network Policies in AKS?
a) Limits the number of nodes
b) Defines network traffic rules for pods
c) Assigns roles to users
d) Automatically updates container versions - How do Azure Network Security Groups (NSGs) improve security in AKS?
a) By filtering traffic based on IP and port
b) By automatically scaling AKS nodes
c) By encrypting container communication
d) By monitoring user logins - Which of the following can be defined by Azure Network Policies?
a) IP address range and port filtering
b) Access control roles for users
c) Encryption keys for containers
d) Metrics for container health - What feature does an Azure Network Policy allow to be set for pods?
a) Image version management
b) Pod-to-pod communication control
c) Cluster node scaling
d) Resource allocation for services
Securing Containers and Images (Azure Container Registry)
- What is the function of Azure Container Registry (ACR) in AKS security?
a) To store encrypted keys
b) To manage container images and secrets
c) To monitor network traffic
d) To assign RBAC roles - Which feature of Azure Container Registry helps secure container images?
a) Automated scaling
b) Image scanning for vulnerabilities
c) Kubernetes orchestration
d) Auto-patching of containers - How can Azure Container Registry (ACR) ensure that only secure images are used?
a) By scanning for known vulnerabilities
b) By managing container logs
c) By controlling user permissions
d) By limiting IP addresses - Which action must be taken before using private container images from ACR in AKS?
a) Enable TLS encryption
b) Configure network policies
c) Authenticate AKS with ACR
d) Set up Service Principals - What does Azure Container Registry support to improve image security?
a) Role-based access control for images
b) SSL termination for containers
c) Automated patch management
d) Network segmentation
Pod Security and Network Policies
- What is the purpose of Pod Security Policies (PSP) in AKS?
a) To manage container registry settings
b) To define security controls for running pods
c) To encrypt pod traffic
d) To control container scaling - Which action is restricted by a Pod Security Policy (PSP) in AKS?
a) Pod-to-pod communication
b) Access to Kubernetes control plane
c) Usage of privileged containers
d) Network traffic monitoring - Which of the following can be controlled by network policies in AKS?
a) Pod communication within a namespace
b) Cluster-wide access to the control plane
c) Container registry access
d) Pod resource limits - How can network policies in AKS improve security?
a) By preventing unauthorized pod-to-pod communication
b) By automatically scaling the application
c) By updating the image versions
d) By encrypting network traffic - What is the default behavior for pod-to-pod communication in AKS if no network policy is applied?
a) Blocked
b) Restricted to specific namespaces
c) Open (unrestricted)
d) Secured by default - Which Azure service can enforce network policies on Kubernetes workloads?
a) Azure Firewall
b) Azure DDoS Protection
c) Azure Network Policies
d) Azure Key Vault - What is the primary use of Kubernetes Network Policies in AKS?
a) To manage container scaling
b) To define how pods interact with each other
c) To monitor container health
d) To configure Azure Active Directory - How are pod security controls typically implemented in AKS?
a) By using Kubernetes namespaces
b) Through Network Security Groups
c) With Pod Security Policies
d) By integrating with Azure AD - Which protocol is commonly used in securing pod-to-pod communications in AKS?
a) HTTPS
b) TCP
c) SSH
d) IPSec - What is a common method for enforcing security policies for containers in AKS?
a) Regular patch updates
b) Using Azure Security Center for image scanning
c) Limiting access to control plane resources
d) Scaling pods automatically
Answer Key
| Qno | Answer |
|---|---|
| 1 | b) Authentication and identity management |
| 2 | a) Multi-tenant access management |
| 3 | b) A Service Principal |
| 4 | a) Through role-based access control |
| 5 | b) Service principal |
| 6 | b) To define user permissions to resources |
| 7 | b) A set of permissions within a specific namespace |
| 8 | d) No access |
| 9 | b) A set of permissions across all namespaces in the cluster |
| 10 | b) By associating them with an Azure AD group |
| 11 | b) To control inbound and outbound traffic |
| 12 | b) Defines network traffic rules for pods |
| 13 | a) By filtering traffic based on IP and port |
| 14 | a) IP address range and port filtering |
| 15 | b) Pod-to-pod communication control |
| 16 | b) To manage container images and secrets |
| 17 | b) Image scanning for vulnerabilities |
| 18 | a) By scanning for known vulnerabilities |
| 19 | c) Authenticate AKS with ACR |
| 20 | a) Role-based access control for images |
| 21 | b) To define security controls for running pods |
| 22 | c) Usage of privileged containers |
| 23 | a) Pod communication within a namespace |
| 24 | a) By preventing unauthorized pod-to-pod communication |
| 25 | c) Open (unrestricted) |
| 26 | c) Azure Network Policies |
| 27 | b) To define how pods interact with each other |
| 28 | c) With Pod Security Policies |
| 29 | d) IPSec |
| 30 | b) Using Azure Security Center for image scanning |