Question 26
Domain 4: Minimize Microservice VulnerabilitiesWhat is the main security benefit of rotating credentials stored in Secrets?
Correct answer: A
Explanation
Rotating credentials limits how long a compromised Secret remains usable, so a stolen value expires sooner. This follows the security goal of minimizing exposure and reducing the impact of secret leakage by shortening the credential’s useful life.
Why each option is right or wrong
A. It shortens the useful life of a stolen credential
Kubernetes Secrets are just API objects, so the security gain comes from reducing the window in which a leaked value remains valid; once the credential is rotated, any copied copy stops working after the old secret is revoked. This aligns with the Secrets guidance in the CKS curriculum (Domain 4.2) and the general least-exposure principle: the shorter the credential’s lifetime, the less time an attacker has to reuse it if it is exfiltrated.
B. It prevents kubelet from syncing volumes
kubelet syncs volumes independently of credential rotation; secret rotation does not stop volume syncing.
C. It disables network policies
NetworkPolicy controls ingress and egress access; rotating Secrets does not disable it.
D. It guarantees the application will never crash
Secret rotation improves security, not application availability; crashes are not guaranteed either way.