DevOps

Runtime & Cluster Security

Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement

24 câu hỏi phỏng vấn·
Senior
1

What are the three Pod Security Standards levels defined by Kubernetes?

Câu trả lời

Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.

2

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

Câu trả lời

Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.

3

What is the main difference between Baseline and Restricted Pod Security Standards levels?

Câu trả lời

The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.

4

What is the main role of Falco in Kubernetes runtime security?

5

What technology enables Falco to monitor system events without modifying the Linux kernel?

+21 câu hỏi phỏng vấn

Các chủ đề phỏng vấn DevOps khác

Version Control & Git

Junior
20 câu hỏi

Linux Fundamentals

Junior
22 câu hỏi

Shell Scripting & Bash

Mid-Level
20 câu hỏi

Networking Basics

Junior
22 câu hỏi

Docker Fundamentals

Junior
24 câu hỏi

CI/CD Fundamentals

Junior
18 câu hỏi

GitHub Actions

Mid-Level
22 câu hỏi

GitLab CI/CD

Mid-Level
22 câu hỏi

Jenkins

Mid-Level
22 câu hỏi

Kubernetes Basics

Mid-Level
26 câu hỏi

Kubernetes Networking

Mid-Level
24 câu hỏi

Kubernetes Advanced

Mid-Level
24 câu hỏi

Ingress & API Gateway

Mid-Level
20 câu hỏi

Terraform Basics

Mid-Level
22 câu hỏi

Terraform Advanced

Mid-Level
22 câu hỏi

Ansible & Configuration Management

Mid-Level
20 câu hỏi

AWS Essentials

Mid-Level
26 câu hỏi

Azure Fundamentals

Mid-Level
22 câu hỏi

GCP Fundamentals

Mid-Level
22 câu hỏi

Monitoring & Prometheus

Mid-Level
22 câu hỏi

Logging & ELK Stack

Mid-Level
20 câu hỏi

Alerting & Incident Response

Mid-Level
20 câu hỏi

Cloud Identity & Secrets

Mid-Level
22 câu hỏi

CI/CD Pipeline Security

Mid-Level
20 câu hỏi

Helm & Kubernetes

Mid-Level
20 câu hỏi

Container Supply Chain Security

Senior
22 câu hỏi

Service Mesh & Istio

Senior
24 câu hỏi

GitOps & ArgoCD

Senior
22 câu hỏi

Progressive Delivery

Senior
20 câu hỏi

Distributed Observability

Senior
22 câu hỏi

Disaster Recovery & Backup

Senior
20 câu hỏi

Performance Optimization

Senior
22 câu hỏi

Cloud Cost Optimization

Senior
20 câu hỏi

SRE Principles

Senior
24 câu hỏi

Chaos Engineering

Senior
20 câu hỏi

Platform Engineering

Senior
22 câu hỏi

Nắm vững DevOps cho lần phỏng vấn tiếp theo

Truy cập tất cả câu hỏi, flashcards, bài kiểm tra kỹ thuật, bài tập code review và mô phỏng phỏng vấn.

Bắt đầu miễn phí