Linux Foundation Kubernetes and Cloud Native KCSA Question # 7 Topic 1 Discussion

Pod Security Admission (PSA)enforces policies by applyinglabels on namespaces, not globally across the cluster.

Exact extract (Kubernetes Docs – Pod Security Admission):

“You can apply Pod Security Standards to namespaces by adding labels such as pod-security.kubernetes.io/enforce. Different namespaces can enforce different policies.”

Clarifications:

A: Incorrect, namespaces are the unit of enforcement.

C: Misleading — a namespace can have multiple enforcement modes (enforce, audit, warn).

D: Default namespace doesnotenforce strict policies unless labeled.