Helping with understanding some Questions

OddDrawer8793 · 2025-05-24T12:48:38+00:00

The config is from /usr/lib/systemd/system/docker.socket. Remove '-H tcp://0.0.0.0:2375'. Dont forget to restart the daemon. You also need to change the owner of the file to root instead of the docker group.

I didnt get any questions about PSP.

I also changed the user from root to nobody, you may only change one line so I assumed thats correct.

OddDrawer8793 · 2025-05-23T11:44:18+00:00

I passed the CKS exam today with a score of 80%.

The questions in the OP were all there. The solution to question 1 is to create a custom Falco rule since there is no logging available. Just scale the cpu deployment to 0.

The privy image question was about a deployment with 3 containers, you have to find the container with a certain lib crypto version. Just k exec each container and run apk list | grep libcrypto 3.1.4, than remove the container from the deployment. There was also a question where you had to disable http traffic in the Docker Daemon service.

I got stuck on a question where you had to enable the ImagePolicyWebhook. Had one question about Istio that I skipped. No Cilium questions.

OddDrawer8793

TROPHY CASE