diff --git a/_docs/tasks/security/faq.md b/_docs/tasks/security/faq.md
index 34fd0dcf94..d1fe7157ba 100644
--- a/_docs/tasks/security/faq.md
+++ b/_docs/tasks/security/faq.md
@@ -43,9 +43,22 @@ type: markdown
 
   If Istio Auth is enabled, http and tcp health check from kubelet will not
   work since they do not have Istio Auth issued certs. A workaround is to
-  use command option for health check, e.g., one can install curl in the
-  service pod and curl itself within the pod. The Istio team is actively
-  working on a solution.
+  use a [liveness command](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-a-liveness-command)
+  for health check, e.g., one can install curl in the service pod and curl itself
+  within the pod. The Istio team is actively working on a solution.
+
+  An example of readinessProbe:
+
+  ```
+  livenessProbe:
+    exec:
+      command:
+      - curl
+      - -f
+      - http://localhost:8080/healthz # Replace port and URI by your actual health check
+    initialDelaySeconds: 10
+    periodSeconds: 5
+  ```
 
 * _Can I access the Kubernetes API Server with Auth enabled?_