Frequently asked questions and answers of Kubernetes Security Features in Cloud Computing of Computer Science to enhance your skills, knowledge on the selected topic. We have compiled the best Kubernetes Security Features Interview question and answer, trivia quiz, mcq questions, viva question, quizzes to prepare. Download Kubernetes Security Features FAQs in PDF form online for academic course, jobs preparations and for certification exams .
Intervew Quizz is an online portal with frequently asked interview, viva and trivia questions and answers on various subjects, topics of kids, school, engineering students, medical aspirants, business management academics and software professionals.
Question-1. What is Kubernetes security?
Answer-1: Kubernetes security refers to securing the infrastructure, workloads, and configurations running within a Kubernetes cluster.
Question-2. What is RBAC in Kubernetes?
Answer-2: Role-Based Access Control (RBAC) is a method of regulating access to Kubernetes resources based on user roles.
Question-3. How does Kubernetes authenticate users?
Answer-3: Kubernetes uses certificates, bearer tokens, or external authentication providers (like OIDC) for authentication.
Question-4. What is a Kubernetes service account?
Answer-4: A service account is an identity for processes running in a Pod that allows access to the Kubernetes API.
Question-5. What are Kubernetes Secrets?
Answer-5: Secrets store sensitive information, like passwords and tokens, encrypted and separate from application code.
Question-6. How are Secrets secured in Kubernetes?
Answer-6: Secrets are base64-encoded and can be encrypted at rest using KMS or envelope encryption.
Question-7. What is a Pod Security Admission (PSA) controller?
Answer-7: It enforces predefined security profiles on Pods (restricted, baseline, privileged) to harden workloads.
Question-8. What are Pod Security Policies (PSP)?
Answer-8: PSPs are deprecated mechanisms that define security conditions a Pod must meet to be admitted into the cluster.
Question-9. How does Kubernetes handle network security?
Answer-9: Network policies control the traffic between Pods and namespaces, acting like firewalls.
Question-10. What is a Kubernetes NetworkPolicy?
Answer-10: A NetworkPolicy defines rules for how groups of Pods can communicate with each other and other network endpoints.
Question-11. How do you restrict container capabilities?
Answer-11: Use the `securityContext` field in Pod specs to limit or drop Linux capabilities.
Question-12. What is a security context?
Answer-12: A security context defines privilege and access control settings for a Pod or container.
Question-13. Can you run a container as non-root in Kubernetes?
Answer-13: Yes, by setting `runAsUser` and `runAsNonRoot` in the Pod?s security context.
Question-14. What is mutual TLS (mTLS) in Kubernetes?
Answer-14: mTLS ensures encrypted communication and identity verification between Kubernetes services.
Question-15. How does Istio improve Kubernetes security?
Answer-15: Istio adds mTLS, policy enforcement, and observability to Kubernetes for secure service-to-service communication.
Question-16. What are Kubernetes audit logs?
Answer-16: Audit logs track access and changes to the Kubernetes API, useful for security auditing.
Question-17. How do you enable Kubernetes audit logging?
Answer-17: Configure the API server with audit policy and log file destination parameters.
Question-18. What is etcd in Kubernetes?
Answer-18: etcd is the key-value store used by Kubernetes to store cluster state and configurations.
Question-19. How do you secure etcd?
Answer-19: Use TLS encryption, authentication, firewalling, and restrict direct access to etcd.
Question-20. What are Admission Controllers?
Answer-20: Admission Controllers intercept and validate or mutate API requests before persisting them in etcd.
Question-21. Name some security-related Admission Controllers.
Answer-21: Examples include `NamespaceLifecycle`, `SecurityContextDeny`, and `PodSecurity`.
Question-22. How do you prevent container escape?
Answer-22: Use securityContext, seccomp, AppArmor, SELinux, and run containers with least privilege.
Question-23. What is seccomp?
Answer-23: Seccomp (Secure Computing Mode) filters system calls and restricts what a container can do on the host.
Question-24. What is AppArmor?
Answer-24: AppArmor is a Linux kernel security module that restricts program capabilities using profiles.
Question-25. What is SELinux?
Answer-25: SELinux is a security module that provides mandatory access controls for processes and files.
Question-26. What are Kubernetes Volumes?
Answer-26: Volumes provide persistent storage for Pods, and securing them ensures data is protected.
Question-27. How do you secure persistent storage in Kubernetes?
Answer-27: Use encryption at rest, access control policies, and storage class-level configurations.
Question-28. What is namespace isolation?
Answer-28: It segments cluster resources, network traffic, and permissions to reduce the blast radius of a breach.
Question-29. What are Kubernetes Labels and Annotations?
Answer-29: Labels help organize and select resources; annotations store non-identifying metadata.
Question-30. Why is image security important?
Answer-30: Running unverified images can lead to malware injection or vulnerabilities inside containers.
Question-31. How do you ensure image security?
Answer-31: Use trusted registries, image signing, and vulnerability scanners like Trivy or Clair.
Question-32. What is a Pod disruption budget?
Answer-32: It limits how many Pods can be taken down during voluntary disruptions, useful for availability rather than security.
Question-33. What is a Kubernetes DaemonSet?
Answer-33: A DaemonSet ensures that a copy of a Pod runs on all (or some) nodes, useful for security agents.
Question-34. What are runtime security tools in Kubernetes?
Answer-34: Tools like Falco and AppArmor monitor live activity for suspicious behavior in containers.
Question-35. What is Falco?
Answer-35: Falco is a CNCF project that detects unexpected behavior in containerized workloads using runtime rules.
Question-36. What is the Kubernetes API server?
Answer-36: It is the front-end for the Kubernetes control plane and must be secured with authentication and authorization.
Question-37. What is kubelet security?
Answer-37: Kubelet security refers to protecting the agent on each node responsible for running Pods.
Question-38. How do you secure kubelet?
Answer-38: Use authentication, authorization, TLS encryption, and disable anonymous access.
Question-39. What is cluster-wide role vs namespaced role?
Answer-39: ClusterRole applies to all namespaces; Role is limited to one namespace.
Question-40. What is a PSP replacement in Kubernetes?
Answer-40: Pod Security Admission (PSA) is the new built-in mechanism for enforcing Pod security standards.
Question-41. How do you manage TLS certificates in Kubernetes?
Answer-41: Use Kubernetes Certificate Signing Requests (CSRs), cert-manager, or external CAs.
Question-42. What is cert-manager?
Answer-42: Cert-manager is a Kubernetes add-on that automates management and issuance of TLS certificates.
Question-43. How can you detect misconfigurations in Kubernetes?
Answer-43: Use security scanners like kube-bench, kube-hunter, and configuration validators.
Question-44. What is kube-bench?
Answer-44: Kube-bench checks whether Kubernetes is deployed securely by running CIS benchmark tests.
Question-45. What is kube-hunter?
Answer-45: Kube-hunter probes Kubernetes clusters for security issues to help identify vulnerabilities.
Question-46. How do you control API access in Kubernetes?
Answer-46: Use RBAC, authentication plugins, API server flags, and audit logging.
Question-47. Why is Pod security hardening important?
Answer-47: It prevents privilege escalation, container breakout, and protects cluster integrity.
Question-48. How do you isolate workloads in a cluster?
Answer-48: Use namespaces, network policies, RBAC, and limit resource access per team or app.
Question-49. How can you secure container images in CI/CD?
Answer-49: Use image scanning, enforce security policies, and integrate with admission controllers.
Question-50. What are some Kubernetes security best practices?
Answer-50: Use RBAC, scan images, limit privileges, enable audit logs, and use network policies.
Frequently Asked Question and Answer on Kubernetes Security Features
Kubernetes Security Features Interview Questions and Answers in PDF form Online
Kubernetes Security Features Questions with Answers
Kubernetes Security Features Trivia MCQ Quiz
