VMware Carbon Black Cloud Enterprise EDR (2020) — Question 55

The application development team is pushing a Kubernetes application into production. It consists of an application server and a database. The team wants to ensure that only the production application server can access the production database.
Can the development team meet this requirement using Kubernetes Network Policy?

Answer options

• A. Yes, by using kubectl to create a Network Policy that only allows pods on the same network segment to talk to each other.
• B. Yes, by logging in to NSX Manager and creating a firewall rules to only allow the production application server pod to talk to the database.
• C. Yes, by using kubectl to create a policy that disables pod to pod communication in the Namespace.
• D. No, Kubernetes Network Policy does not support this action.

Correct answer: A

Explanation

The correct answer is A, as Kubernetes Network Policies allow you to control the traffic between pods based on labels and selectors. Option B is incorrect because NSX Manager is not part of Kubernetes native features. Option C does not fulfill the requirement since disabling all pod-to-pod communication would prevent the production application server from accessing the database. Option D is wrong because Kubernetes Network Policies can indeed restrict access between pods.