🔥 3-day streak
Certified Kubernetes Administrator (CKA)81 / 125
Question 81 of 125

An application team runs Pods labeled app=payments in the checkout namespace. A cluster-wide default-deny egress policy is already in place. The Pods must be able to connect to an external payment gateway at IP 203.0.113.50 on TCP port 443, but must not be able to reach any other external destination. DNS resolution via CoreDNS (kube-system) is already permitted by a separate policy. Which NetworkPolicy correctly grants only the required egress?

Reviewed for accuracy · Report an issueNext question