Question 13
Domain 3: System HardeningA platform team wants to reduce the attack surface of Kubernetes worker nodes by choosing an operating system designed specifically to run containers with a minimal host footprint. Which option best fits this goal?
Correct answer: B
Explanation
To minimize host OS footprint on Kubernetes nodes, choose a container-optimized operating system built specifically for running containers rather than a general-purpose OS. — cks_syllabus.txt
Why each option is right or wrong
A. A general-purpose server operating system with broad package support for mixed workloads
Container-optimized OS choices are Bottlerocket, Flatcar, and COS, not general-purpose server platforms.
B. A minimal container-optimized operating system such as Bottlerocket, Flatcar, or COS
The source material for minimizing host OS footprint explicitly identifies minimal container-optimized OS options as Bottlerocket, Flatcar, and COS. In this scenario, selecting one of those platforms directly aligns with the goal of reducing the worker node attack surface.
C. A full desktop-oriented operating system configured with container tools after installation
Bottlerocket, Flatcar, and COS are the named minimal container-focused OS options, not desktop-oriented systems.
D. A standard Linux distribution kept secure mainly by adding more host-based utilities
Minimizing footprint relies on using a minimal container-optimized OS, not expanding the host with additional utilities.