Audit Policy catch-all rule None?


During training for CKS I stumpled upon a catch-all rule which just doesn’t fit in my brain. This was in a training simulator which gave me a minus for leaving out the rule.

apiVersion: # This is required.
kind: Policy
# Don't generate audit events for all requests in RequestReceived stage.
  - "RequestReceived"
  # Log pod changes at RequestResponse level
  - level: RequestResponse
    - group: ""
      # Resource "pods" doesn't match requests to any subresource of pods,
      # which is consistent with the RBAC policy.
      resources: ["pods"]

# A catch-all rule to prevent logging anything else
  - level: None

I mean, what’s the point of having this rule, since the default is already “None”.