ITGSS Certified DevOps Engineer Practice Test

What type of network policy is key for preventing lateral movement in Kubernetes?

• A. Data policies
• B. Access control policies
• C. Network segmentation policies
• D. Traffic regulation policies

The correct answer is: Network segmentation policies

Network segmentation policies are essential for preventing lateral movement in Kubernetes environments. These policies help to isolate different parts of the network, ensuring that even if one node is compromised, the attacker cannot easily move laterally to access other nodes or services. By enforcing strict communication rules between different segments or namespaces, segmentation policies limit the pathways available for unauthorized access or malicious activity. In a Kubernetes cluster, these policies can be implemented through network policies, which define how groups of pods can communicate with each other and with other network endpoints. This creates a barrier that prevents potential attackers who gain access to one part of the system from easily navigating to other parts, thereby enhancing the overall security posture of the environment. Other types of policies mentioned may contribute to security but do not specifically target the control of intra-network communication like network segmentation does. For instance, access control policies manage permissions for users and services but do not necessarily restrict traffic flow between different parts of the network. Traffic regulation policies might control the rate or type of traffic but won't inherently provide isolation against lateral movements. Data policies typically involve protection and management of data rather than networking aspects.