Bird
0
0

Why does the 'restricted' Pod Security Standard forbid running containers as root user by default?

hard📝 Conceptual Q10 of 15
Kubernetes - RBAC and Security
Why does the 'restricted' Pod Security Standard forbid running containers as root user by default?
ARoot user containers cannot access network resources
BRoot user containers consume more CPU resources
CRunning as root is required only for privileged pods
DRunning as root increases the risk of privilege escalation attacks
Step-by-Step Solution
Solution:

  1. Step 1: Understand security risks of root user containers

    Containers running as root have elevated privileges, increasing risk of attacks.

  2. Step 2: Explain why restricted forbids root

    Restricted policy forbids root to reduce privilege escalation and improve security.

  3. Final Answer:

    Running as root increases the risk of privilege escalation attacks -> Option D

  4. Quick Check:

    Restricted forbids root to prevent privilege escalation [OK]
Quick Trick: Root user containers risk privilege escalation, so restricted forbids them [OK]
Common Mistakes:
  • Thinking root containers use more CPU
  • Believing root containers lack network access
  • Assuming root is only for privileged pods

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Helm Package Manager - Adding chart repositories - Quiz 6medium Helm Package Manager - Upgrading and rolling back releases - Quiz 12easy Helm Package Manager - Chart templates and values.yaml - Quiz 12easy Helm Package Manager - Installing Helm - Quiz 8hard Operators and Custom Resources - Custom Resource Definitions (CRDs) - Quiz 14medium Production Best Practices - Why production readiness matters - Quiz 12easy Service Mesh - Why service mesh matters - Quiz 12easy Service Mesh - Mutual TLS for service communication - Quiz 13medium Service Mesh - Service mesh vs library-based approach - Quiz 8hard Troubleshooting - Node troubleshooting - Quiz 5medium