Question 1
Domain 1: Cluster SetupWhen reviewing a Kubernetes cluster against the CIS Benchmark, which set of components is directly in scope for hardening under this topic area?
Correct answer: B
Explanation
For this CIS review topic, focus on the core control plane and node components explicitly named for hardening rather than unrelated Kubernetes resources or add-ons. — cks_syllabus.txt
Why each option is right or wrong
A. CoreDNS, kube-proxy, Ingress controller, and Metrics Server
The topic names etcd, kubelet, kube-apiserver, kube-controller-manager, and kube-scheduler.
B. etcd, kubelet, kube-apiserver, kube-controller-manager, and kube-scheduler
The source material for this CIS Benchmark review topic explicitly lists these five components for hardening: etcd, kubelet, kube-apiserver, kube-controller-manager, and kube-scheduler. That exact set matches this option.
C. Pods, Services, Deployments, and ReplicaSets across all namespaces
The topic is limited to named Kubernetes components, not workload resources.
D. Container runtime, CNI plugin, CSI driver, and admission webhooks
Only the listed control plane and node components are included in this topic scope.