Certified Kubernetes Security Specialist (CKS) Practice Test

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Thames
T
Thames
Community Contributor
Quizzes Created: 7097 | Total Attempts: 80,150
| Questions: 15 | Updated: Jul 15, 2026
Please wait...
Question 1 / 16
🏆 Rank #--
0 %
0/100
Score 0/100

1. Which Kubernetes API server flag enables audit logging to track API requests?

Submit
Please wait...
About This Quiz
Certified Kubernetes Security Specialist (Cks) Practice Test - Quiz

This practice test covers essential Kubernetes security concepts required for the CKS certification exam. It evaluates your understanding of cluster hardening, pod security, network policies, RBAC, admission controllers, and runtime security. Ideal for professionals preparing to demonstrate advanced Kubernetes security expertise in production environments.

2.

What first name or nickname would you like us to use?

You may optionally provide this to label your report, leaderboard, or certificate.

2. What is the purpose of Pod Security Policies (or Pod Security Standards in newer versions)?

Submit

3. In Kubernetes RBAC, which resource defines a set of permissions within a namespace?

Submit

4. Which admission controller automatically injects sidecar containers for security purposes?

Submit

5. What does the '--authorization-mode=RBAC' flag enable on the API server?

Submit

6. Which Kubernetes object restricts traffic between pods based on labels?

Submit

7. True or False: By default, Kubernetes allows all traffic between pods in different namespaces.

Submit

8. Which tool can scan container images for known vulnerabilities before deployment?

Submit

9. The securityContext field in a pod specification controls which aspect of pod security?

Submit

10. Which Kubernetes component is responsible for enforcing admission control policies?

Submit

11. To restrict containers from running as root, you would set which securityContext field?

Submit

12. True or False: RBAC permissions are additive and deny-by-default.

Submit

13. Which API group defines NetworkPolicy resources?

Submit

14. A Kubernetes secret is stored unencrypted by default in etcd. To encrypt secrets at rest, you configure which API server parameter?

Submit

15. Which of the following is a best practice for securing the kubelet?

Submit
×
Saved
Thank you for your feedback!
View My Results
Cancel
  • All
    All (15)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Which Kubernetes API server flag enables audit logging to track API...
What is the purpose of Pod Security Policies (or Pod Security...
In Kubernetes RBAC, which resource defines a set of permissions within...
Which admission controller automatically injects sidecar containers...
What does the '--authorization-mode=RBAC' flag enable on the API...
Which Kubernetes object restricts traffic between pods based on...
True or False: By default, Kubernetes allows all traffic between pods...
Which tool can scan container images for known vulnerabilities before...
The securityContext field in a pod specification controls which aspect...
Which Kubernetes component is responsible for enforcing admission...
To restrict containers from running as root, you would set which...
True or False: RBAC permissions are additive and deny-by-default.
Which API group defines NetworkPolicy resources?
A Kubernetes secret is stored unencrypted by default in etcd. To...
Which of the following is a best practice for securing the kubelet?
play-Mute sad happy unanswered_answer up-hover down-hover success oval cancel Check box square blue
Alert!