1. Hi, in Mock exam 1, question 1) point#2 says -> _"There are several servic . . .

Vinod Kumar Nair:

1. Hi, in Mock exam 1, question 1) point#2 says -> “There are several service accounts created in the omni namespace. Apply the principle of least privilege and use the service account with the minimum privileges (excluding default).”
   I literally do not understand this statement. I checked in omni namespace, there are 3 service accounts, how can I check which one is following least principle so that I can use that in the pod? please assist, thanks @Vijin Palazhi @Rahul Kumar

Vijin Palazhi:
So for this question, you are expected to identify the service account (besides the “default” service account created for this namespace) which has the least priveleges assigned. Check the roles and rolebindings assigned to all the service accounts.

Vijin Palazhi:
on the controlplane node, check /var/answers/answer1.md

Vinod Kumar Nair:
cool, thanks

Vinod Kumar Nair:
@Vijin Palazhi by the way, there is no audit.json (seccomp profile) at this location /root/CKS (as per the question) which I can move to its default location (/var/lib/kubelet/seccomp/profiles/) …this is related to Question# 4 Mock exam 1…just FYI only…thanks

Screenshot 2021-06-23 at 8.53.52 PM.jpg2320×1266 275 KB

Vijin Palazhi:
this should be on node01?

Vijin Palazhi:
can you check on the node01 node, instead of controlplane?

Vinod Kumar Nair:
yes, it is there, sorry about that

Vijin Palazhi:
no worries… Let me know should you face any other issue. Thanks

Vinod Kumar Nair:
sure, thank you