IT CertificationsTrending Courses

Certified Kubernetes Security Specialist (CKS) Exams – 2022


Notice – 1 : Prior data of CKA is required earlier than enrollment.

Notice – 2 : These “examination-type” questions usually are not precisely like the true examination, nor are they examination dumps or do not anticipate them to be the case.

Part – 1:

There aren’t any follow questions in first part. This part is designed to assist college students for set up of gcp-k8s-cluster and cluster-setup.

Part – 2:

Check your data of Trivy, RBAC & Service Accounts, AppArmor, Secrets and techniques & Pod, Seccomp profiles, RuntimeClass. Kube-bench.

Part – 3:

Check your data of Audit, Falco, ImagePolicyWebhooks, Pod Security Coverage, Community Coverage (Deny), Community Coverage (Prohibit pod), Dockerfile Security difficulty

You need to cowl beneath curriculum earlier than trying CKS Examination:

10% – Cluster Setup

  1. Use Community safety insurance policies to limit cluster stage entry

  2. Use CIS benchmark to assessment the safety configuration of Kubernetes parts (etcd, kubelet, kubedns, kubeapi)

  3. Correctly arrange Ingress objects with safety management

  4. Defend node metadata and endpoints

  5. Decrease use of, and entry to, GUI parts

  6. Confirm platform binaries earlier than deploying

15% – Cluster Hardening

  1. Prohibit entry to Kubernetes API

  2. Use Function Based mostly Entry Controls to attenuate publicity

    • helpful website collects collectively articles, instruments and the official documentation multi functional place

  3. Train warning in utilizing service accounts e.g. disable defaults, reduce permissions on newly created ones

  4. Replace Kubernetes steadily

  5. Decrease host OS footprint (scale back assault floor)

  6. Decrease IAM roles

  7. Decrease exterior entry to the community

  8. Appropriately use kernel hardening instruments corresponding to AppArmor, seccomp

15% System Hardening

  1. Decrease host OS footprint (scale back assault floor)

  2. Decrease IAM roles

  3. Decrease exterior entry to the community

  4. Appropriately use kernel hardening instruments corresponding to AppArmor, seccomp

    !? the place is selinux? assume examination methods are ubuntu

20% – Decrease Microservice Vulnerabilities

  1. Setup applicable OS stage safety domains e.g. utilizing PSP, OPA, safety contexts

  2. Handle kubernetes secrets and techniques

  3. Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)

  4. Implement pod to pod encryption by use of mTLS

20% – Provide Chain Security

  1. Decrease base picture footprint

  2. Safe your provide chain: whitelist allowed picture registries, signal and validate photographs

  3. Use static evaluation of person workloads (e.g. kubernetes sources, docker information)

  4. Scan photographs for identified vulnerabilities

20% – Monitoring, Logging and Runtime Security

  1. Carry out behavioral analytics of syscall course of and file actions on the host and container stage to detect malicious actions

  2. Detect threats inside bodily infrastructure, apps, networks, knowledge, customers and workloads

  3. Detect all phases of assault regardless the place it happens and the way it spreads

  4. Carry out deep analytical investigation and identification of unhealthy actors inside surroundings

  5. Guarantee immutability of containers at runtime

  6. Use Audit Logs to observe entry

Enroll with 30 days a reimbursement assure.



Get Coupon

Join us on telegram for Course Updates

Join Whatsapp Group for Daily Free Courses

Leave a Reply

Your email address will not be published. Required fields are marked *