매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
Red Hat Certified Specialist in OpenShift Advanced Cluster Management 온라인 연습
최종 업데이트 시간: 2026년05월15일
당신은 온라인 연습 문제를 통해 RedHat EX432 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 EX432 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 45개의 시험 문제와 답을 포함하십시오.
정답: Open the RHACS (Central) console (typically via a route created by Central).
Navigate to: Platform Configuration → System Policies.
Click Create Policy.
Set the policy criteria:
Add a rule/condition such as Image OS = debian:10 (as required by the lab)
Set enforcement to apply at Build & Deploy stages.
Build prevents images from being admitted into pipeline/registries depending on integration.
Deploy prevents or flags deployments that violate policy.
Save the policy.
(Optional validation) Trigger a test deployment/image that matches debian:10 to confirm alerts/enforcement behavior.
Why this matters:
Enforcing at build+deploy catches risky images earlier and prevents policy violations from reaching runtime.
정답: In OpenShift Web Console, go to Operators → OperatorHub.
Search for Advanced Cluster Security.
Select Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Click Install and follow the wizard (namespace/channel per lab).
After operator installation, create RHACS components (as the hint indicates):
Install/Deploy Central (the management plane)
Install/Deploy SecuredCluster (sensor/collector on clusters)
Confirm operator and pods are running:
Operators → Installed Operators
oc get pods -n <rhacs-namespace>
Why this matters:
RHACS adds container security posture management, vulnerability management, and runtime policy enforcement.
정답: Create an empty kustomization file:
touch overlays/production/kustomization.yaml
Validate it exists:
ls -l overlays/production
Why this matters:
kustomization.yaml is the entrypoint file Kustomize uses to build overlays.
정답: Create overlay structure:
mkdir -p overlays/production
Confirm:
ls -R overlays
Why this matters:
Kustomize overlays let you maintain base manifests and environment-specific patches (production vs dev, etc.).
정답: In ACM console go to Applications.
Select the application you deployed.
Open the Editor view (YAML editor) for the Subscription object.
Under spec, add a timeWindow section similar to what the lab requests:
windowtype: active
day: Friday
hours: 09:00-17:00
Save/apply the changes.
Verify the Subscription YAML now contains the time window and observe that deployment actions respect the scheduling window.
Why this matters:
Time windows let you control when changes roll out (useful for change-management, business hours, and maintenance windows).
정답: Apply the subscription/application manifest:
oc apply -f application-subscription.yaml
Confirm resources were created:
oc get applications.app.k8s.io -A
oc get subscriptions.apps.open-cluster-management.io -A oc describe application.app.k8s.io my-app -n <namespace>
Watch placement/propagation (varies by model used in the lab):
oc get placement -A
oc get placementrule -A
Why this matters:
ACM “application” deployment commonly uses Subscription/Placement (legacy model) or newer Placement resources, enabling multi-cluster rollout from Git sources.
정답: Open the ACM console on the hub.
Navigate to Governance → Policies.
Click Create policy.
Set Name: policy-etcd.
Choose the policy template/type ETCD Encryption.
Set Remediation action to enforce.
inform = report only
enforce = attempt to automatically remediate to desired state Select clusters/ClusterSets to apply (depends on the wizard). Click Submit.
Verify compliance once applied:
In console, check policy status: Compliant/NonCompliant
Or via CLI:
oc get policy -A
oc describe policy policy-etcd -n <policy-namespace>
Why this matters:
Governance policies are a core ACM feature for enforcing security baselines across multiple clusters.
정답: Grant view role:
oc adm policy add-cluster-role-to-user open-cluster-management:managedclusterset:view:development user-b
Validate:
oc get clusterrolebinding | grep -i development | grep -i user-b
Why this matters:
Provides read-only access to development ClusterSet resources, improving separation of duties.
Questions and Answers PDF
정답: Grant the role:
oc adm policy add-cluster-role-to-user open-cluster-management:managedclusterset:admin:production user-a
Confirm the binding:
oc get clusterrolebinding | grep -i production | grep -i user-a
Why this matters:
ACM provides ClusterSet-scoped roles. This grants admin permissions limited to the production ClusterSet (instead of full cluster-admin).
정답: Confirm the cluster is present on the hub:
oc get managedcluster
Bind cluster-dev to development:
clusteradm clusterset bind --clusterset development --cluster cluster-dev
Verify membership (common checks):
oc get managedclustersetbindings -A
oc get managedclusterset development -o yaml
oc get managedcluster cluster-dev -o yaml | grep -i clusterset -n
Why this matters:
ClusterSet binding is what allows RBAC/users/apps/policies scoped to that ClusterSet to target the cluster.
정답: In the hub cluster Web Console, go to Infrastructure → Clusters (ACM console navigation).
Click Import cluster.
Provide a name (the UI may request details like distribution/credentials depending on flow).
The wizard will provide a command to run on the managed cluster you want to import.
Copy that import command.
Log into the managed cluster (spoke) using oc and run the copied command. Back on the hub, wait until the cluster status becomes Ready / Managed.
Why these steps matter:
Import registers the managed cluster, installs the klusterlet/agent components, and enables policy/app placement management.
정답: Create the ManagedClusterSet:
oc create managedclusterset production
Validate:
oc get managedclusterset
oc describe managedclusterset production
Why this matters:
Separating development and production clusters is common for governance/RBAC isolation.
정답: Create the ManagedClusterSet:
oc create managedclusterset development
Confirm it exists:
oc get managedclusterset
oc describe managedclusterset development
Why these steps matter:
ClusterSets are an ACM grouping primitive used for RBAC scoping, governance targeting, and multi-cluster app placement.
정답: Ensure you are logged into the hub cluster:
oc whoami
oc project open-cluster-management
Create/apply the MultiClusterHub CR:
oc apply -f multiclusterhub.yaml
Verify it was created:
oc get multiclusterhub -A
oc describe multiclusterhub -n open-cluster-management
Watch pods come up (typical namespaces include open-cluster-management, open-cluster-management-hub, etc. depending on ACM version/config):
oc get pods -n open-cluster-management -w
Why these steps matter:
The MultiClusterHub CR is the “hub installation” object. The operator reconciles it and installs/maintains hub services.
정답: Log in to the OpenShift Web Console as a cluster-admin user.
Go to Operators → OperatorHub.
OperatorHub is the catalog of available operators.
In the search box, type: Advanced Cluster Management.
Click Advanced Cluster Management for Kubernetes (Red Hat ACM).
Click Install.
In the install wizard:
Update channel: choose the recommended/stable channel for your lab.
Installation mode: typically “All namespaces on the cluster” (default).
Installed Namespace: select or create open-cluster-management. Click Install and wait for the operator to show Succeeded in: Operators → Installed Operators.
Why these steps matter:
Installing the ACM operator creates the CRDs/controllers required to run the Hub components (MultiClusterHub) that manage/import other clusters