Kubernetes and Cloud Native Associate (KCNA) — Question 46

Which of the following capabilities are you allowed to add to a container using the Restricted policy?

Answer options

• A. CHOWN
• B. SYS_CHROOT
• C. SETUID
• D. NET_BIND_SERVICE

Correct answer: D

Explanation

The correct answer is D, NET_BIND_SERVICE, as this capability is typically permitted in a Restricted policy for containers to allow binding to lower-numbered ports. Options A (CHOWN), B (SYS_CHROOT), and C (SETUID) are generally restricted to maintain security and minimize the risk of privilege escalation.