/cks-preparation-guide

Certified Kubernetes Security Specialist (CKS) Preparation Guide - Curriculum v1.23

Check Kubernetes documentation links

Certified Kubernetes Security Specialist (CKS) - V1.23

The objective of this repository is help you for taking the Certified Kubernetes Security Specialist (CKS) exam using online resources, especially using resources from Kubernetes Official Documentation.

The references were selected for the Exam Curriculum 1.23, and there are exclusive information for API objects and annotations. For more information, please see CNCF Curriculum.

Please, feel free to place a pull request whether something is not up-to-date, should be added or contains wrong information/reference.

There are other Kubernetes certification exam preparation guides available:

Exam

The exam is kind of "put your hands on", where you have some problems to fix within 120 minutes.

My tip: Spend your time wisely. Use the Notebook feature (provided in exam's UI) to keep track of your progress, where you might take notes of each question, put some annotations in order to help you. Additionally, don't get stuck, move to the next problem, and take it back when you finish all the other problems.

Exam Cost: $375 and includes one free retake.

It's important to mention that you have access to Kubernetes Official Documentation during the exam. So get yourself familiar with Kubernetes online documentation, and know where to find all specific topics listed below. It might be helpful for you during the exam.

For information about the exam, please refer Certified Kubernetes Security Specialist (CKS) Program.

CKS Curriculum

Exam objectives that outline of the knowledge, skills and abilities that a Certified Kubernetes Security Specialist (CKS) can be expected to demonstrate.

Cluster Setup (10%)

Cluster Hardening (15%)

System Hardening (15%)

Minimize Microservice Vulnerabilities (20%)

Supply Chain Security (20%)

  • Minimize base image footprint

    • Remove exploitable and non-sssential software
    • Use multi-stage Dockerfiles to keep software compilation out of runtime images
    • Never bake any secrets into your images
    • Image scanning
  • Secure your supply chain: whitelist allowed image registries, sign and validate images

  • Use static analysis of user workloads (e.g. kubernetes resources, docker files)

    • Secure base images
    • Remove unnecessary packages
    • Stop containers from using elevated privileges
  • Scan images for known vulnerabilities

Monitoring, Logging and Runtime Security (20%)

CKS Preparation Courses

kubectl Ninja

Tip: Use kubectl Cheatsheet during the exam. You don't need to decorate everything.

Practice

Practice a lot with Kubernetes:

CKS Tips

Some links that contain tips that might help you from different perspectives of the CKS exam.