Question 8
Domain 1: Cluster SetupA cluster administrator is reviewing edge security for applications exposed through Kubernetes Ingress. Which configuration area is most directly related to securing an Ingress controller such as Nginx, Traefik, or Contour?
Correct answer: A
Explanation
Ingress controller security focuses on the controller’s own security-related configuration for handling inbound traffic, rather than on unrelated workload, storage, or scheduling settings. — cks_syllabus.txt
Why each option is right or wrong
A. Hardening the Ingress controller’s security configuration for managing external HTTP/HTTPS access
The syllabus topic explicitly identifies "Ingress Controllers (Nginx, Traefik, Contour) security configuration," so the security-relevant area is the controller configuration that governs inbound application exposure through Ingress.
B. Adjusting PersistentVolume access modes used by backend application storage
PersistentVolume access modes govern storage behavior, not Ingress controller security configuration.
C. Changing container image tags for workloads behind the Ingress resources
Container image selection affects workloads, not the controller settings that secure Ingress traffic handling.
D. Modifying node scheduling labels for the namespaces hosting exposed services
Node labels and scheduling placement do not define the security configuration of an Ingress controller.