View all questions & answers for the KCSA exam
Which way of defining security policy brings consistency, minimizes toil, and reduces the probability of misconfiguration?
Using a declarative approach to define security policies as code.
Relying on manual audits and inspections for security policy enforcement.
Manually configuring security controls for each individual resource, regularly.
Implementing security policies through manual scripting on an ad-hoc basis.
Defining policiesas code (declarative)is a best practice in Kubernetes and cloud-native security.
This is aligned withGitOpsandPolicy-as-Codeprinciples (OPA Gatekeeper, Kyverno, etc.).
Exact extract (CNCF Security Whitepaper):
“Policy-as-Code enables declarative definition and enforcement of security policies, bringing consistency, automation, and reducing misconfiguration risk.”
Manual audits, ad-hoc scripting, or individual configurations are error-prone and inconsistent.
Submit