IT CertificationsTrending Courses

Certified Kubernetes Security Specialist (CKS) Exams – 2022


Word – 1 : Prior information of CKA is required earlier than enrollment.

Word – 2 : These “examination-fashion” questions will not be precisely like the true examination, nor are they examination dumps or do not count on them to be the case.

Part – 1:

There are not any apply questions in first part. This part is designed to assist college students for set up of gcp-k8s-cluster and cluster-setup.

Part – 2:

Check your information of Trivy, RBAC & Service Accounts, AppArmor, Secrets and techniques & Pod, Seccomp profiles, RuntimeClass. Kube-bench.

Part – 3:

Check your information of Audit, Falco, ImagePolicyWebhooks, Pod Security Coverage, Community Coverage (Deny), Community Coverage (Prohibit pod), Dockerfile Security concern

You will need to cowl beneath curriculum earlier than trying CKS Examination:

10% – Cluster Setup

  1. Use Community safety insurance policies to limit cluster stage entry

  2. Use CIS benchmark to evaluation the safety configuration of Kubernetes parts (etcd, kubelet, kubedns, kubeapi)

  3. Correctly arrange Ingress objects with safety management

  4. Defend node metadata and endpoints

  5. Decrease use of, and entry to, GUI parts

  6. Confirm platform binaries earlier than deploying

15% – Cluster Hardening

  1. Prohibit entry to Kubernetes API

  2. Use Function Based mostly Entry Controls to reduce publicity

    • useful web site collects collectively articles, instruments and the official documentation multi functional place

  3. Train warning in utilizing service accounts e.g. disable defaults, decrease permissions on newly created ones

  4. Replace Kubernetes steadily

  5. Decrease host OS footprint (cut back assault floor)

  6. Decrease IAM roles

  7. Decrease exterior entry to the community

  8. Appropriately use kernel hardening instruments reminiscent of AppArmor, seccomp

15% System Hardening

  1. Decrease host OS footprint (cut back assault floor)

  2. Decrease IAM roles

  3. Decrease exterior entry to the community

  4. Appropriately use kernel hardening instruments reminiscent of AppArmor, seccomp

    !? the place is selinux? assume examination programs are ubuntu

20% – Decrease Microservice Vulnerabilities

  1. Setup acceptable OS stage safety domains e.g. utilizing PSP, OPA, safety contexts

  2. Handle kubernetes secrets and techniques

  3. Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)

  4. Implement pod to pod encryption by use of mTLS

20% – Provide Chain Security

  1. Decrease base picture footprint

  2. Safe your provide chain: whitelist allowed picture registries, signal and validate pictures

  3. Use static evaluation of consumer workloads (e.g. kubernetes assets, docker recordsdata)

  4. Scan pictures for identified vulnerabilities

20% – Monitoring, Logging and Runtime Security

  1. Carry out behavioral analytics of syscall course of and file actions on the host and container stage to detect malicious actions

  2. Detect threats inside bodily infrastructure, apps, networks, information, customers and workloads

  3. Detect all phases of assault regardless the place it happens and the way it spreads

  4. Carry out deep analytical investigation and identification of dangerous actors inside setting

  5. Guarantee immutability of containers at runtime

  6. Use Audit Logs to observe entry

Enroll with 30 days a reimbursement assure.



Get Coupon

Join us on telegram for Course Updates

Join Whatsapp Group for Daily Free Courses

Leave a Reply

Your email address will not be published. Required fields are marked *