Question 33
Domain 3: Application Environment, Configuration, and SecurityWhich Kubernetes object is used to grant a user or service account permission to perform specific actions on resources within a namespace?
Correct answer: A
Explanation
A Role defines the allowed actions on resources within a namespace, and a RoleBinding attaches that Role to a user or service account. Kubernetes RBAC uses these two objects together to grant namespace-scoped permissions for specific verbs on specific resources.
Why each option is right or wrong
A. Role and RoleBinding
Under Kubernetes RBAC, namespace-scoped authorization is implemented with a `Role` plus a `RoleBinding` in the same namespace. Per the Kubernetes RBAC API (`rbac.authorization.k8s.io/v1`), a `Role` contains the permitted verbs and resources for that namespace, and a `RoleBinding` assigns that role to a subject such as a user, group, or service account; cluster-wide access would instead require `ClusterRole`/`ClusterRoleBinding`.
B. ConfigMap and Secret
C. Pod and Service
D. PersistentVolume and PersistentVolumeClaim