Question 34
Domain 5: Supply Chain SecurityA Kubernetes security team wants to ensure that only approved container images are admitted to the cluster by validating image trust before workloads run. Which tool is specifically used as an admission controller for image verification in this context?
Correct answer: B
Explanation
Connaisseur is used at admission time to verify container images before they are allowed to run, while Notary is the related image trust/signing technology. — cks_syllabus.txt
Why each option is right or wrong
A. Notary
Notary is the image trust technology, not the Kubernetes admission controller named for enforcing verification.
B. Connaisseur
The topic explicitly identifies Connaisseur for image verification in Kubernetes admission workflows, making it the tool used to validate images before admission to the cluster.
C. etcd
etcd stores cluster state and is not identified here as an image verification admission controller.
D. CoreDNS
CoreDNS provides cluster DNS services and is not used for image trust validation before workload admission.