InterviewStack.io LogoInterviewStack.io

Container and Kubernetes Security Questions

Security for containerized applications and Kubernetes platforms across the full lifecycle: secure image creation and supply chain, image scanning and vulnerability management, secure base images, image signing, runtime protection and intrusion detection, container isolation and least privilege at the container level, secrets management, pod security policies and admission controllers, network policies and microsegmentation, role based access control for cluster access, cluster hardening and configuration management, secure cluster bootstrapping and upgrades, and compliance considerations and audit logging for container environments. Candidates should be able to discuss tooling, threat models specific to cloud native workloads, and operational practices for preventing and responding to container and orchestration security incidents.

HardTechnical
97 practiced
A CI/CD system was compromised and an attacker pushed a malicious image signed with stolen signing keys. Describe how you would revoke trust in the compromised keys, identify which clusters pulled the malicious image, and safely roll back/remediate across an environment of many clusters.
MediumSystem Design
72 practiced
Design a CI/CD pipeline step that enforces image scanning and image signing before an image is pushed to the production registry. Include tools, failure criteria, where SBoMs and signatures are stored, and how to handle legacy images without SBOMs.
HardTechnical
74 practiced
Compare the security benefits and operational costs of using a service mesh (e.g., Istio) to enforce mTLS and policies versus relying on Kubernetes NetworkPolicies and mTLS at application level. When is a service mesh justified for security?
EasyTechnical
89 practiced
List common runtime threats specific to containerized workloads (e.g., container escapes, malicious images, lateral movement). For each threat provide a short mitigation(s) that an SRE can implement in production.
MediumTechnical
93 practiced
Write a script (Bash or Python) that lists Kubernetes Secret objects that have not been modified in the last 180 days and outputs their namespace/name and creationTimestamp. Explain how you would safely test this script in a production-like environment.

Unlock Full Question Bank

Get access to hundreds of Container and Kubernetes Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.