Security Engineering

Container & Kubernetes Security

8 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • How would you reduce the attack surface of a container image you're shipping to production? Junior level
  • You want a guarantee that only trusted, untampered container images can run in your cluster. Walk me through how you'd build that, end to end.Go Pro Senior level
  • What is RBAC in Kubernetes, and why shouldn't a pod's service account have cluster-admin permissions?Go Pro Junior level
  • A team is about to deploy their first workloads to your shared Kubernetes cluster. At the pod level, what hardening do you insist on by default, and how do you enforce it so it's not optional?Go Pro Senior level
  • Why is running a container as the root user a security risk, and how would you harden a container so it doesn't?Go Pro Junior level
  • Walk me through how you'd harden a Kubernetes pod so a compromised container can't escalate to the node, and what Pod Security Standards give you out of the box.Go Pro Mid level
  • By default, pods in a Kubernetes cluster can talk to each other freely. How would you use NetworkPolicies to limit lateral movement, and what does a default-deny posture look like?Go Pro Mid level
  • You sign and scan images before they run, but you still want to catch a workload that gets compromised at runtime. Why isn't admission-time scanning enough, and what would you add?Go Pro Senior level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.