Prepare for the CKS Kubernetes Exam
Preparing for the CKS Certified Kubernetes Security Specialist exam? Don’t know where to start? This post is the CKS Kubernetes Security Specialist Certification Exam Preparation Study Guide (with links to each exam objective).
I have curated a list of articles from the Kubernetes documentation and other blogs on the web for each objective of the CKS Certification exam. Please share the post within your circles so it helps them to prepare for the exam.
CKS Kubernetes Security Exam Coupon
Coupon: Use Code SUMMER25
CKS Kubernetes Security Specialist Course
|Kubernetes Security Course and Simulator
|Configuring & Managing Kubernetes Security
CKS Kubernetes Security Specialist Materials
|Kubernetes Security Essentials
|Amazon e-book (PDF)
|Learn everything about Kubernetes Security
CKS Kubernetes Security Exam Prerequisites
You should have attempted & cleared the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam.
Check out all the other DevOps/Kubernetes certificate study guides
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Cluster Setup – 10%
Use Network security policies to restrict cluster level access
Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
Properly set up Ingress objects with security control
Protect node metadata and endpoints
Minimize use of, and access to, GUI elements
Verify platform binaries before deploying
Cluster Hardening – 15%
Restrict access to Kubernetes API
Use Role-Based Access Controls to minimize exposure
Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
Update Kubernetes frequently
System Hardening – 15%
Minimize host OS footprint (reduce attack surface)
Minimize IAM roles
Minimize external access to the network
Appropriately use kernel hardening tools such as AppArmor, seccomp
Minimize Microservice Vulerabilities – 20%
Setup appropriate OS-level security domains e.g. using PSP, OPA, security contexts
Manage Kubernetes secrets
Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
Implement pod to pod encryption by use of mTLS
Amazon link (affiliate)
Supply Chain Security – 20%
Minimize base image footprint
Secure your supply chain: whitelist allowed registries, sign and validate images
Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
Scan images for known vulnerabilities
Monitoring, Logging and Runtime Security – 20%
Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
Detect threats within the physical infrastructure, apps, networks, data, users, and workloads
Detect all phases of attack regardless of where it occurs and how it spreads
Perform deep analytical investigation and identification of bad actors within the environment
Ensure immutability of containers at runtime
Use Audit Logs to monitor access
This brings us to the end of the Certified Kubernetes Security Specialist (CKS) Exam Preparation Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other DevOps / Kubernetes certification exams, check out the Kubernetes study guides for those exams.
Follow Me to Receive Updates on CKS Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.