Certification · September 4, 2021 0

Certified Kubernetes Security Specialist (CKS) Exam Guide

"The Certified Kubernetes Security Specialist (CKS) program provides assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. "
 
Prerequisites-
  • You must have active CKA certification to appear for CKS.
  • The syllabus can be found here.
  • From me- Bash, VIM, be fast.

Personally, I felt like the syllabus was less, as I had already worked on app-armour, secomp, Falco, and Security contexts in my day-to-day job. The exam format is such that only those candidates who are good with time management and quick at solving questions can clear it. You will get 15-18 questions to solve within 120 minutes. You have to score 67% to clear the exam. The exam is easy; had it been 3 hours long, everyone could score full marks.

TIPS-
  • Control C/P will not work. Instead, ctrl insert and shift insert. Replace your insert key near your ctrl key. I replaced it with f1 so my left hand can be busy with copy-paste and my right hand for navigation.
  • Remember to search/replace strings using vim.
  • :se nu and move to a specific line in vim.
  • Most of the time in the exam, you might have to modify the Kube-apiserver configuration. Please keep a copy of that before modifying it.
  • There is a total of 3 clusters; in one cluster, there may be multiple questions. If you mess up the configuration file without backup, the whole cluster will disappear, and you won't be able to attempt many questions.
  • First, solve questions that can fetch you maximum marks within less timeā€”for example, questions involving applying app-armor or seccomp profile, applying runtime class or Image policy webhook will help you score more marks quickly.
  • Remember the configuration files instead of searching one-by-one in kubeadm setup, /etc/kubernetes/manifest/ for control-plane components, /var/lib/kubelet/config.yaml for kubelet config.
  • Try to create RBAC in an imperative way, For ex-

  • Remember app-armour, seccomp and falco config paths. /etc/apparmor.d , /var/lib/kubelet/seccomp/ ,/etc/falco/ respectively.
  • Don't try to fix many errors in the yaml file; instead, create a new yaml template that can help save a few minutes.
  • You can use any course from either killer.sh or kodecloud to prepare for the exam. Both have almost identical content.
  • Bonus tip: As you know, in the exam, you can refer to certain allowed links. Hence, I am sharing my bookmarks here.

Soon I am going to write a blog series on Kubernetes security. So, stay tuned.

 
Spread the love