Bird
0
0

Why does Kubernetes automatically mount a ServiceAccount token into Pods by default, and what security implication does this have?

hard📝 Conceptual Q10 of 15
Kubernetes - RBAC and Security
Why does Kubernetes automatically mount a ServiceAccount token into Pods by default, and what security implication does this have?
ATo assign IP addresses; risk is IP conflicts
BTo allow API access; risk is Pods can access cluster if compromised
CTo store logs; risk is log tampering
DTo provide network credentials; risk is network leaks
Step-by-Step Solution
Solution:

  1. Step 1: Understand default token mounting

    Kubernetes mounts a ServiceAccount token in Pods to allow them to authenticate to the API server.

  2. Step 2: Recognize security implications

    If a Pod is compromised, the token can be used to access cluster resources, posing a security risk.

  3. Final Answer:

    To allow API access; risk is Pods can access cluster if compromised -> Option B

  4. Quick Check:

    Default token mount = API access with security risk [OK]
Quick Trick: Default token mount enables API access but risks cluster security [OK]
Common Mistakes:
  • Thinking token is for network or IP management
  • Ignoring security risks of token exposure
  • Confusing token purpose with logging

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Advanced Deployment Patterns - Why advanced patterns matter - Quiz 12easy Advanced Deployment Patterns - GitOps with ArgoCD - Quiz 9hard Advanced Deployment Patterns - Blue-green deployments - Quiz 12easy Advanced Deployment Patterns - Why advanced patterns matter - Quiz 10hard Helm Package Manager - Upgrading and rolling back releases - Quiz 4medium Monitoring and Logging - Container logging architecture - Quiz 7medium Monitoring and Logging - Alerting with Prometheus Alertmanager - Quiz 4medium Production Best Practices - Pod Disruption Budgets - Quiz 14medium RBAC and Security - Why RBAC matters in Kubernetes - Quiz 5medium Service Mesh - Linkerd as lightweight alternative - Quiz 6medium