DevOps

Runtime & Cluster Security

Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement

24 domande da colloquio·
Senior
1

What are the three Pod Security Standards levels defined by Kubernetes?

Risposta

Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.

2

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

Risposta

Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.

3

What is the main difference between Baseline and Restricted Pod Security Standards levels?

Risposta

The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.

4

What is the main role of Falco in Kubernetes runtime security?

5

What technology enables Falco to monitor system events without modifying the Linux kernel?

+21 domande da colloquio

Altri argomenti di colloquio DevOps

Version Control & Git

Junior
20 domande

Linux Fundamentals

Junior
22 domande

Shell Scripting & Bash

Mid-Level
20 domande

Networking Basics

Junior
22 domande

Docker Fundamentals

Junior
24 domande

CI/CD Fundamentals

Junior
18 domande

GitHub Actions

Mid-Level
22 domande

GitLab CI/CD

Mid-Level
22 domande

Jenkins

Mid-Level
22 domande

Kubernetes Basics

Mid-Level
26 domande

Kubernetes Networking

Mid-Level
24 domande

Kubernetes Advanced

Mid-Level
24 domande

Ingress & API Gateway

Mid-Level
20 domande

Terraform Basics

Mid-Level
22 domande

Terraform Advanced

Mid-Level
22 domande

Ansible & Configuration Management

Mid-Level
20 domande

AWS Essentials

Mid-Level
26 domande

Azure Fundamentals

Mid-Level
22 domande

GCP Fundamentals

Mid-Level
22 domande

Monitoring & Prometheus

Mid-Level
22 domande

Logging & ELK Stack

Mid-Level
20 domande

Alerting & Incident Response

Mid-Level
20 domande

Cloud Identity & Secrets

Mid-Level
22 domande

CI/CD Pipeline Security

Mid-Level
20 domande

Helm & Kubernetes

Mid-Level
20 domande

Container Supply Chain Security

Senior
22 domande

Service Mesh & Istio

Senior
24 domande

GitOps & ArgoCD

Senior
22 domande

Progressive Delivery

Senior
20 domande

Distributed Observability

Senior
22 domande

Disaster Recovery & Backup

Senior
20 domande

Performance Optimization

Senior
22 domande

Cloud Cost Optimization

Senior
20 domande

SRE Principles

Senior
24 domande

Chaos Engineering

Senior
20 domande

Platform Engineering

Senior
22 domande

Padroneggia DevOps per il tuo prossimo colloquio

Accedi a tutte le domande, flashcards, test tecnici, esercizi di code review e simulatori di colloquio.

Inizia gratis