Question 10
Domain 6: Monitoring, Logging and Runtime SecurityA security engineer is defining Kubernetes API server audit rules and wants to capture the full request body and the full response body for selected events. Which audit-policy.yaml level should be configured?
Correct answer: D
Explanation
In Kubernetes audit-policy.yaml, audit levels increase in detail from None to Metadata to Request to RequestResponse, with RequestResponse providing the most complete event content. — audit-policy.yaml configuration levels: None, Metadata, Request, RequestResponse.
Why each option is right or wrong
A. None
None disables audit event logging for matching requests.
B. Metadata
Metadata records request metadata only, not request or response bodies.
C. Request
Request includes the request body but not the response body.
D. RequestResponse
In audit-policy.yaml, RequestResponse is the level that logs both the full request body and the full response body, matching the requirement to capture complete request and response content for those events.