InterviewStack.io LogoInterviewStack.io

Container and Kubernetes Security Questions

Security for containerized applications and Kubernetes platforms across the full lifecycle: secure image creation and supply chain, image scanning and vulnerability management, secure base images, image signing, runtime protection and intrusion detection, container isolation and least privilege at the container level, secrets management, pod security policies and admission controllers, network policies and microsegmentation, role based access control for cluster access, cluster hardening and configuration management, secure cluster bootstrapping and upgrades, and compliance considerations and audit logging for container environments. Candidates should be able to discuss tooling, threat models specific to cloud native workloads, and operational practices for preventing and responding to container and orchestration security incidents.

EasyTechnical
81 practiced
Describe the role of the container runtime (containerd, CRI-O, Docker shim) in the security chain. What are three specific hardening measures you would apply to the runtime and the host to reduce risk?
HardTechnical
85 practiced
How would you instrument deep audit logging and distributed tracing specifically for security investigations across container runtimes, kubelet, and host kernel events? Explain trade-offs between log volume, performance and privacy, and how to index logs for fast investigations.
EasyTechnical
99 practiced
What is a Kubernetes NetworkPolicy and how does it implement microsegmentation? Given the following Pod label selector app: frontend, explain how a NetworkPolicy could restrict ingress to only requests from a backend service in namespace backend.
MediumTechnical
74 practiced
Explain secure node bootstrapping for Kubernetes. Compare kubeadm join using pre-shared tokens, cloud-init approaches, and cloud-provider autoscaling group methods. What steps would you take to make bootstrapping resistant to token leakage and impersonation?
MediumTechnical
77 practiced
Write a Kubernetes NetworkPolicy YAML that allows inbound traffic to pods with label app: frontend only from pods in namespace 'backend' with label role: api on TCP port 8080, and denies all other ingress. Explain each field briefly.

Unlock Full Question Bank

Get access to hundreds of Container and Kubernetes Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.