Training The Linux Foundation

Exam goals

code: CKS

The Certified Kubernetes Security Specialist (CKS) program provides assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. CKA certification is required to sit for this exam.

Who Is It For:

A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.

About This Certification:

CKS is a performance-based certification exam that tests candidates' knowledge of Kubernetes and cloud security in a simulated, real world environment. Candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam. CKS may be purchased but not scheduled until CKA certification has been achieved.

CKA Certification must be active (non-expired) on the date the CKS exam (including Retakes) is scheduled.

What It Demonstrates:

Obtaining a CKS demonstrates a candidate possesses the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.

Conspect Show list

Domains & Competencies:

  • Cluster Setup10%
    • Use Network security policies to restrict cluster level access
    • Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
    • Properly set up Ingress objects with security control
    • Protect node metadata and endpoints
    • Minimize use of, and access to, GUI elements
    • Verify platform binaries before deploying
  •  Cluster Hardening15%
    • Restrict access to Kubernetes API
    • Use Role Based Access Controls to minimize exposure
    • Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
    • Update Kubernetes frequently
  • System Hardening15%
    • Minimize host OS footprint (reduce attack surface)
    • Minimize IAM roles
    • Minimize external access to the network
    • Appropriately use kernel hardening tools such as AppArmor, seccomp
  •  Minimize Microservice Vulnerabilities20%
    • Setup appropriate OS level security domains e.g. using PSP, OPA, security contexts
    • Manage Kubernetes secrets
    • Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
    • Implement pod to pod encryption by use of mTLS
  •  Supply Chain Security20%
    • Minimize base image footprint
    • Secure your supply chain: whitelist allowed registries, sign and validate images
    • Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
    • Scan images for known vulnerabilities
  • Monitoring, Logging and Runtime Security20%
    • Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
    • Detect threats within physical infrastructure, apps, networks, data, users and workloads
    • Detect all phases of attack regardless where it occurs and how it spreads
    • Perform deep analytical investigation and identification of bad actors within environment
    • Ensure immutability of containers at runtime
    • Use Audit Logs to monitor access

This exam is an online, proctored, performance-based test that requires implementing multiple solutions within a Remote Desktop Linux environment. Visual Studio Code, Vim and Webstorm (kindly sponsored by JetBrains) are included as editors in this environment.

The exam includes tasks simulating on-the-job scenarios, and Candidates have 2 hours to complete the tasks

Download conspect training as PDF

Additional information

Prerequisites
  • Active (non-expired) CKA certification is a prerequisite for this exam.
Difficulty level
Duration 1 day

Other training The Linux Foundation | Exam

The Linux Foundation show more courses
Training thematically related

Security

Security | Aruba

Network Security | Broadcom

Java Programming | Capstone Courseware

Java EE | Capstone Courseware

Open-Source Frameworks | Capstone Courseware

XML and Web Services | Capstone Courseware

Core Training | Check Point

Infinity Specializations | Check Point

ICS/OT security | Compendium CE

Security+ | CompTIA

CySA+ | CompTIA

PenTest+ | CompTIA

SecurityX (formerly CASP+) | CompTIA

Certified Ethical Hacker | EC-Council

Advanced WAF (AWAF) | F5

Access Policy Manager (APM) | F5

Advanced Firewall Manager (AFM) | F5

Fortinet Certified Professional (FCP) | Fortinet

Fortinet Certified Solution Specialist (FCSS) | Fortinet

Cyber security | ISC2

Microsoft 365 | Microsoft

Security | Microsoft

Pen Testing & Ethical Hacking | Mile2

Information Systems Management | Mile2

Incident Handling | Mile2

Web Application Security | Mile2

Cloud Security | Mile2

Forensics | Mile2

Disaster Recovery | Mile2

Healthcare | Mile2

Risk Management | Mile2

Auditing | Mile2

Cyber Range | Mile2

Security Awareness | Mile2

Cyber Threat Analyst | Mile2

Network Security | Palo Alto Networks

SASE | Palo Alto Networks

Security Operations | Palo Alto Networks

ISO/IEC 27001 Information Security Management Systems | PECB®

LinkProof | Radware

DefensePro | Radware

AppDirector | Radware

Alteon | Radware

Fundamentals | SCADEMY

C# | SCADEMY

C/C++ | SCADEMY

Java | SCADEMY

PHP | SCADEMY

Python | SCADEMY

WEB | SCADEMY

Cloud | SCADEMY

Cryptography | SCADEMY

Finance | SCADEMY

Healthcare | SCADEMY

Telecome | SCADEMY

Software design | SCADEMY

Software testing | SCADEMY

Dark Web | SECO-Institute

Cyber Defence | SECO-Institute

Crisis Management | SECO-Institute

Data Protection | SECO-Institute

Kubernetes | SUSE

Linux | The Linux Foundation

E-learning | The Linux Foundation

Cloud

Infinity Specializations | Check Point

Cloud-Native (Kubernetes) | Component Soft

OpenStack | Component Soft

Cloud Essentials | CompTIA

Cloud+ | CompTIA

Google Business and Management | Google Cloud

Fundamentals Courses | Google Cloud

Cloud Infrastructure | Google Cloud

Networking and Security | Google Cloud

Application modernization | Google Cloud

Data Analysis | Google Cloud

Data Engineering | Google Cloud

AI and Machine Learning | Google Cloud

Contact Center Engineer | Google Cloud

Azure | Microsoft

Windows Server Technologies | Microsoft

Cloud Workshop | Microsoft

Microsoft AI | Microsoft

Data Platform | Microsoft

Security | Microsoft

Cloud Security | Mile2

Cloud | SCADEMY

Kubernetes | SUSE

Kubernetes | The Linux Foundation

E-learning | The Linux Foundation

Exam | The Linux Foundation

Bundle (e-learning + exam) | The Linux Foundation

DevOps

Cloudera Administrator | Cloudera

Cloudera Data Analyst | Cloudera

Cloudera Data Developer | Cloudera

Cloud-Native (Kubernetes) | Component Soft

OpenStack | Component Soft

Foundation | DevOps Institute

Engineering | DevOps Institute

Leader | DevOps Institute

Site Reliability Engineering | DevOps Institute

Observability | DevOps Institute

AIOps | DevOps Institute

DevSecOps | DevOps Institute

Agile Service Manager | DevOps Institute

Continuous Testing | DevOps Institute

Value Stream Management | DevOps Institute

Fundamentals Courses | Google Cloud

Cloud Infrastructure | Google Cloud

Networking and Security | Google Cloud

Application modernization | Google Cloud

Data Analysis | Google Cloud

Data Engineering | Google Cloud

Contact Center Engineer | Google Cloud

Azure | Microsoft

Cloud Workshop | Microsoft

Kubernetes | SUSE

Kubernetes | The Linux Foundation

E-learning | The Linux Foundation

Exam | The Linux Foundation

Bundle (e-learning + exam) | The Linux Foundation

Open Source

Cloud-Native (Kubernetes) | Component Soft

OpenStack | Component Soft

Enterprise Linux | SUSE

SAP Solutions | SUSE

SUSE Manager | SUSE

Kubernetes | SUSE

Linux | The Linux Foundation

Embedded Linux | The Linux Foundation

Kubernetes | The Linux Foundation

E-learning | The Linux Foundation

Exam | The Linux Foundation

Bundle (e-learning + exam) | The Linux Foundation

Contact form

Please fill form below to obtain more info about this training.






* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

PRICE 445 USD

FORM OF EXAM ?

 
Sign up for exam
close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit dlearning.eu site

close

Paper materials

Traditional materials: The price includes standard materials issued in the form of paper books, printed or other, depending on the arrangements with the manufacturer.

Electronic materials

Electronic materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

Upcoming The Linux Foundation training

Training schedule
The Linux Foundation