Practice Kubernetes policy vocabulary: Pod Security Admission, pod security standards, admission controllers, Kyverno policies, and network policy generation.
0 / 5 completed
1 / 5
What does PSA stand for in Kubernetes policy?
PSA (Pod Security Admission) replaced PodSecurityPolicy in Kubernetes 1.25+. It enforces built-in security standards (privileged, baseline, restricted) at the namespace level.
2 / 5
What is the 'restricted' pod security standard?
The 'restricted' pod security standard is the most hardened PSA level. It enforces: non-root containers, read-only root filesystem, no privilege escalation, no hostPath volumes, and limited capabilities.
3 / 5
'The admission controller ___ the pod.' Which verb fits a blocking action?
'Rejected' is the standard term: the admission controller rejected the pod because it violates a policy (e.g., runs as root under the restricted standard). The pod is not created.
4 / 5
What is Kyverno used for in Kubernetes?
Kyverno is a Kubernetes-native policy engine. Unlike OPA/Rego, policies are written in YAML. It can validate resources (block non-compliant), mutate them (add defaults), and generate related resources.
5 / 5
'The policy ___ default network policies.' Which verb describes Kyverno creating resources automatically?
Kyverno's 'generate' rule automatically creates companion resources — e.g., when a new namespace is created, Kyverno can generate a default NetworkPolicy that denies all ingress/egress by default.