Policies are one of the features of Tanzu Mission Control that allow you to manage the operation and security posture of your Kubernetes clusters and other organizational objects. Policies allow you to provide a set of rules that govern your organization and all the objects it contains. The policy types available in Tanzu Mission Control include access policy, image registry policy, network policy, quota policy, security policy, and custom policy. Policies can be applied at the individual, group, or organizational level to control access, image registries, networking, resource consumption, security context, and more18.
The other options are incorrect because:
Policies can be configured using a tag selector to restrict the scope of the policy is false. Policies can be configured using a label selector, not a tag selector, to include or exclude certain objects from the policy. A label is a key/value pairattached to a Kubernetes object that allows you to specify identifying attributes for that object. A selector provides the means to identify the objects that have a given label18.
Policies can only be applied to clustergroups is false. Policies can be applied to various levels of the Tanzu Mission Control resource hierarchy, such as organization, cluster group, workspace, cluster, and namespace18.
Policies can be enforced using Kubernetes resources (NetworkPolicy, ResourceQuota etc) or using the Kyverno admission controller is false. Policies are enforced by Tanzu Mission Control using its own admission controller and webhook server. Kyverno is an open-source policy engine for Kubernetes that is not related to Tanzu Mission Control.
References: Policy-Driven Cluster Management, [Kyverno]
