DevOps

Runtime & Cluster Security

Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement

24 pytań z rozmów·
Senior
1

What are the three Pod Security Standards levels defined by Kubernetes?

Odpowiedź

Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.

2

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

Odpowiedź

Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.

3

What is the main difference between Baseline and Restricted Pod Security Standards levels?

Odpowiedź

The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.

4

What is the main role of Falco in Kubernetes runtime security?

5

What technology enables Falco to monitor system events without modifying the Linux kernel?

+21 pytań z rozmów

Inne tematy rekrutacyjne DevOps

Version Control & Git

Junior
20 pytań

Linux Fundamentals

Junior
22 pytań

Shell Scripting & Bash

Mid-Level
20 pytań

Networking Basics

Junior
22 pytań

Docker Fundamentals

Junior
24 pytań

CI/CD Fundamentals

Junior
18 pytań

GitHub Actions

Mid-Level
22 pytań

GitLab CI/CD

Mid-Level
22 pytań

Jenkins

Mid-Level
22 pytań

Kubernetes Basics

Mid-Level
26 pytań

Kubernetes Networking

Mid-Level
24 pytań

Kubernetes Advanced

Mid-Level
24 pytań

Ingress & API Gateway

Mid-Level
20 pytań

Terraform Basics

Mid-Level
22 pytań

Terraform Advanced

Mid-Level
22 pytań

Ansible & Configuration Management

Mid-Level
20 pytań

AWS Essentials

Mid-Level
26 pytań

Azure Fundamentals

Mid-Level
22 pytań

GCP Fundamentals

Mid-Level
22 pytań

Monitoring & Prometheus

Mid-Level
22 pytań

Logging & ELK Stack

Mid-Level
20 pytań

Alerting & Incident Response

Mid-Level
20 pytań

Cloud Identity & Secrets

Mid-Level
22 pytań

CI/CD Pipeline Security

Mid-Level
20 pytań

Helm & Kubernetes

Mid-Level
20 pytań

Container Supply Chain Security

Senior
22 pytań

Service Mesh & Istio

Senior
24 pytań

GitOps & ArgoCD

Senior
22 pytań

Progressive Delivery

Senior
20 pytań

Distributed Observability

Senior
22 pytań

Disaster Recovery & Backup

Senior
20 pytań

Performance Optimization

Senior
22 pytań

Cloud Cost Optimization

Senior
20 pytań

SRE Principles

Senior
24 pytań

Chaos Engineering

Senior
20 pytań

Platform Engineering

Senior
22 pytań

Opanuj DevOps na następną rozmowę

Uzyskaj dostęp do wszystkich pytań, flashcards, testów technicznych, ćwiczeń code review i symulatorów rozmów.

Zacznij za darmo