Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Vmware Discussions

Exam 5V0-23.20 topic 1 question 58 discussion

Actual exam question from VMware's 5V0-23.20
Question #: 58
Topic #: 1
[All 5V0-23.20 Questions]

The application development team is pushing a Kubernetes application into production. It consists of an application server and a database. The team wants to ensure that only the production application server can access the production database.
Can the development team meet this requirement using Kubernetes Network Policy?

  • A. Yes, by using kubectl to create a Network Policy that only allows pods on the same network segment to talk to each other.
  • B. Yes, by logging in to NSX Manager and creating a firewall rules to only allow the production application server pod to talk to the database.
  • C. Yes, by using kubectl to create a policy that disables pod to pod communication in the Namespace.
  • D. No, Kubernetes Network Policy does not support this action.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by redtop at Dec. 7, 2022, 5:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
obeythefist
1 year, 1 month ago
Selected Answer: C
I'm going with C, I do not understand why other comments voted for A, because it will not satisfy the requirements of the question. Let's go over the answers. A - Wrong. Creating a network policy that allows pods on the same segment to talk to each other won't work. The question says only the prod app server can access the DB. Well, if you use this rule, then anything on that segment can talk access the DB. Fail! B - No, this is wrong, we won't use NSX to do this. What if it's not an NSX based solution? Tanzu does not always use NSX! C - Yes, this will work. The app server and DB reside in the same pod. If we prevent other pods talking to it, then the DB server can only talk to the app server and we satisfy the question requirement. D - This is the "joke" answer that is silly on purpose. Of course we can achieve this with a network policy.
upvoted 2 times
obeythefist
1 year ago
I also want to point out this is a "bad" question because we don't know the architecture of the application. For "C" to work, the application and database must be in the same pod. This is a configuration that is used when applications are tightly coupled, and not always best practice because it inhibits scaling. However, whether the app and DB are in the same or different pod is irrelevant when considering answer A, because that answer still allows ANYTHING in the same segment to talk to the database. "A" is more wrong than "C".
upvoted 2 times
...
...
yushee81
1 year, 4 months ago
Selected Answer: A
A https://blogs.vmware.com/cloudnative/2018/09/11/simplifying-kubernetes-networking-and-security-with-nsx-t-data-center/
upvoted 2 times
obeythefist
1 year ago
But then any VMs or applications on the same segment can talk to the DB. Is that what the question wants?
upvoted 1 times
...
...
redtop
1 year, 4 months ago
Selected Answer: A
Answer is "A"
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel