DevOps

Runtime & Cluster Security

Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement

24 perguntas de entrevista·
Senior
1

What are the three Pod Security Standards levels defined by Kubernetes?

Resposta

Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.

2

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

Resposta

Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.

3

What is the main difference between Baseline and Restricted Pod Security Standards levels?

Resposta

The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.

4

What is the main role of Falco in Kubernetes runtime security?

5

What technology enables Falco to monitor system events without modifying the Linux kernel?

+21 perguntas de entrevista

Outros temas de entrevista DevOps

Version Control & Git

Junior
20 perguntas

Linux Fundamentals

Junior
22 perguntas

Shell Scripting & Bash

Mid-Level
20 perguntas

Networking Basics

Junior
22 perguntas

Docker Fundamentals

Junior
24 perguntas

CI/CD Fundamentals

Junior
18 perguntas

GitHub Actions

Mid-Level
22 perguntas

GitLab CI/CD

Mid-Level
22 perguntas

Jenkins

Mid-Level
22 perguntas

Kubernetes Basics

Mid-Level
26 perguntas

Kubernetes Networking

Mid-Level
24 perguntas

Kubernetes Advanced

Mid-Level
24 perguntas

Ingress & API Gateway

Mid-Level
20 perguntas

Terraform Basics

Mid-Level
22 perguntas

Terraform Advanced

Mid-Level
22 perguntas

Ansible & Configuration Management

Mid-Level
20 perguntas

AWS Essentials

Mid-Level
26 perguntas

Azure Fundamentals

Mid-Level
22 perguntas

GCP Fundamentals

Mid-Level
22 perguntas

Monitoring & Prometheus

Mid-Level
22 perguntas

Logging & ELK Stack

Mid-Level
20 perguntas

Alerting & Incident Response

Mid-Level
20 perguntas

Cloud Identity & Secrets

Mid-Level
22 perguntas

CI/CD Pipeline Security

Mid-Level
20 perguntas

Helm & Kubernetes

Mid-Level
20 perguntas

Container Supply Chain Security

Senior
22 perguntas

Service Mesh & Istio

Senior
24 perguntas

GitOps & ArgoCD

Senior
22 perguntas

Progressive Delivery

Senior
20 perguntas

Distributed Observability

Senior
22 perguntas

Disaster Recovery & Backup

Senior
20 perguntas

Performance Optimization

Senior
22 perguntas

Cloud Cost Optimization

Senior
20 perguntas

SRE Principles

Senior
24 perguntas

Chaos Engineering

Senior
20 perguntas

Platform Engineering

Senior
22 perguntas

Domine DevOps para sua proxima entrevista

Acesse todas as perguntas, flashcards, testes tecnicos, exercicios de code review e simuladores de entrevista.

Comece gratis