ITGSS Certified DevOps Engineer Practice Test

What aspect of pods can be controlled through Pod Security Policies?

• A. Privilege levels
• B. Resource allocation
• C. Networking capabilities
• D. Deployment strategies

The correct answer is: Privilege levels

Pod Security Policies (PSP) are a critical feature in Kubernetes that enable administrators to control various security aspects of pods at the time of their creation. The correct aspect that can be controlled through Pod Security Policies is the privilege levels assigned to pods. Privilege levels refer to the capabilities that pods can request or the permissions they can operate under. By using Pod Security Policies, administrators can enforce rules regarding whether pods may run as privileged, what user they can run as, and whether they can use host networking or volumes. This feature helps to ensure that workloads do not have excessive permissions, thus minimizing potential security vulnerabilities. Other options such as resource allocation, networking capabilities, and deployment strategies pertain to different aspects of Kubernetes management. Resource allocation deals with how much CPU and memory a pod can use, which is defined through resource requests and limits, but it is not managed through Pod Security Policies. Networking capabilities refer to how pods communicate with each other and the outside world, typically handled by network policies or service configurations. Deployment strategies involve how updates to pods are managed and rolled out, such as canary releases or blue-green deployments, which are part of the deployment configurations rather than security settings.