Kubernetes Objective Questions with Answers & Explanations

This Kubernetes Security quiz contains carefully curated objective questions with correct answers and clear explanations. It is designed for DevOps engineers, platform teams, SREs, and cloud security learners to test your skills across cluster hardening, workload security, identity & access, network policies, secrets management, and modern supply chain security best practices.

Practice Kubernetes MCQs with Detailed Explanations

Answer at least 12 questions to submit.

1.

Which Kubernetes feature enforces fine-grained access control to API resources using roles and bindings?

Easy

Admission Controllers

RBAC

NetworkPolicy

PodSecurity

2.

Which Pod Security Standard replaces PodSecurityPolicy in newer Kubernetes versions?

Medium

Privileged / Baseline / Restricted

Default / Secure / Hardened

Open / Limited / Locked

None / Basic / Advanced

3.

Which component is responsible for authenticating requests to the Kubernetes API server?

Medium

kube-proxy

kube-scheduler

API server authentication modules

etcd

4.

What is the primary security risk of running containers with the --privileged flag?

Medium

Higher memory usage

Reduced network performance

Container gains near-host-level access

Slower startup time

5.

Which Kubernetes object is used to limit east-west traffic between pods?

Medium

Ingress

Service

NetworkPolicy

EndpointSlice

6.

Which practice best protects secrets at rest in Kubernetes?

Medium

Base64 encoding secrets

Encrypting etcd with KMS provider

Storing secrets in ConfigMaps

Mounting secrets as environment variables only

7.

Which control helps prevent privilege escalation inside a container?

Medium

Running as root

AllowPrivilegeEscalation=false

HostPath volumes

Privileged mode

8.

What is the security benefit of using readOnlyRootFilesystem in a Pod spec?

Medium

Faster container startup

Prevents runtime file tampering

Improves CPU scheduling

Allows dynamic package installs

9.

Which supply chain security measure verifies container image integrity before deployment?

Medium

Image signing and verification

Using latest tags

Disabling image pull secrets

Pulling images over HTTP

10.

Which Kubernetes feature can block images with critical vulnerabilities from being deployed?

Medium

NetworkPolicy

Admission Controller / Policy Engine

ServiceAccount

EndpointSlice

11.

Which configuration reduces the blast radius of a compromised pod?

Medium

Single namespace for all apps

Least-privilege RBAC and namespaces

Privileged containers

Cluster-admin for service accounts

12.

What is the main risk of mounting the Docker socket into a container?

High

Increased latency

Allows container to control the host

Breaks service discovery

Limits logging

13.

Which runtime security approach detects anomalous behavior inside running containers?

Medium

Static image scanning

Runtime behavioral monitoring

RBAC enforcement

Namespace isolation only

14.

Which Kubernetes resource limits resource exhaustion attacks from a noisy neighbor pod?

Medium

Ingress

Resource requests and limits

NetworkPolicy

EndpointSlice

15.

Which component should be secured with mutual TLS in a production cluster?

High

kubelet ↔ API server communication

Pod ↔ Pod traffic only

Service ↔ Ingress only

Ingress ↔ Client only

Practice Kubernetes MCQs with Detailed Explanations

1.

Which Kubernetes feature enforces fine-grained access control to API resources using roles and bindings?

2.

Which Pod Security Standard replaces PodSecurityPolicy in newer Kubernetes versions?

3.

Which component is responsible for authenticating requests to the Kubernetes API server?

4.

What is the primary security risk of running containers with the --privileged flag?

5.

Which Kubernetes object is used to limit east-west traffic between pods?

6.

Which practice best protects secrets at rest in Kubernetes?

7.

Which control helps prevent privilege escalation inside a container?

8.

What is the security benefit of using readOnlyRootFilesystem in a Pod spec?

9.

Which supply chain security measure verifies container image integrity before deployment?

10.

Which Kubernetes feature can block images with critical vulnerabilities from being deployed?

11.

Which configuration reduces the blast radius of a compromised pod?

12.

What is the main risk of mounting the Docker socket into a container?

13.

Which runtime security approach detects anomalous behavior inside running containers?

14.

Which Kubernetes resource limits resource exhaustion attacks from a noisy neighbor pod?

15.

Which component should be secured with mutual TLS in a production cluster?

Other Objective Questions

Contact Us

Quick Links

Quick Links

Newsletter

Kubernetes Objective Questions and Answers

Practice Kubernetes MCQs with Detailed Explanations

1.

Which Kubernetes feature enforces fine-grained access control to API resources using roles and bindings?

2.

Which Pod Security Standard replaces PodSecurityPolicy in newer Kubernetes versions?

3.

Which component is responsible for authenticating requests to the Kubernetes API server?

4.

What is the primary security risk of running containers with the --privileged flag?

5.

Which Kubernetes object is used to limit east-west traffic between pods?

6.

Which practice best protects secrets at rest in Kubernetes?

7.

Which control helps prevent privilege escalation inside a container?

8.

What is the security benefit of using readOnlyRootFilesystem in a Pod spec?

9.

Which supply chain security measure verifies container image integrity before deployment?

10.

Which Kubernetes feature can block images with critical vulnerabilities from being deployed?

11.

Which configuration reduces the blast radius of a compromised pod?

12.

What is the main risk of mounting the Docker socket into a container?

13.

Which runtime security approach detects anomalous behavior inside running containers?

14.

Which Kubernetes resource limits resource exhaustion attacks from a noisy neighbor pod?

15.

Which component should be secured with mutual TLS in a production cluster?

Other Objective Questions