ITGSS Certified DevOps Engineer Practice Test

In Kubernetes, what security measure assigns security labels to objects such as files?

• A. AppArmor
• B. SELinux
• C. RBAC
• D. Seccomp

The correct answer is: SELinux

In Kubernetes, the correct answer is that SELinux (Security-Enhanced Linux) is the security measure that assigns security labels to objects, including files. SELinux operates on the principle of mandatory access control, which means that it enforces policies that define how processes can interact with each other and with system resources based on security labels. By assigning specific security labels to files and processes, SELinux restricts access based on the policies in place, rather than relying on traditional discretionary access control. This adds an additional layer of security, ensuring that even if a process is compromised, it may still be limited in what system resources it can access. The approach taken by SELinux allows Kubernetes to enhance its overall security posture when running containerized applications, safeguarding against unauthorized access and ensuring that applications operate within their designated security domains. In contrast, AppArmor is an alternative mandatory access control system that enhances security by restricting program capabilities with profiles but does so in a different manner compared to SELinux. RBAC (Role-Based Access Control) is focused on managing user permissions and access to resources within Kubernetes itself rather than assigning labels to files. Seccomp (Secure Computing Mode) applies a filter to restrict the system calls that a process can make, which is unrelated to file