CKS Kubernetes Certification Security Specialist Study Course

CKS Self-Study Course

These self-study modules contain all of the topics outlined in the CNCF CKS Exam Curriculum. If you are not already familiar with the curriculum, take a moment to familiarize yourself as you will need to demonstrate knowledge of each topic in order to pass the CKS exam.

Talk to Team
Enrollment Schedule

Module 1 - Cluster Setup

  1. Using Network Security Policies to restrict cluster level access
  2. Use CIS benchmark to review the security configuration of Kubernetes components
  3. Properly set up Ingress objects with security control
  4. Protect Node Metadata and endpoint
  5. Minimize the use of, and access to GUI elements
  6. Verifying platform binaries before deploying
  7. Practice Drill
Go to CKS Self-Study Module 1

Module 2 - Cluster Hardening

  1. Restrict access to Kubernetes API
  2. Use Role Based Access Controls to minimize exposure
  3. Exercise caution in using service accounts
  4. Update Kubernetes frequently
  5. Practice Drill
Go to CKS Self-Study Module 2

Module 3 - System Hardening

  1. Minimize Host OS Footprint
  2. Minimize IAM roles
  3. Minimize external access to the network
  4. Appropriately use kernel hardening tools such as AppArmor, seccomp
  5. Practice Drill
Go to CKS Self-Study Module 3

Module 4 - Minimize Microservice Vulnerabilities

  1. Setup appropriate OS-level security domains
  2. Managing Kubernetes Secrets
  3. Use Container Runtime Sandboxes in Multi-tenant environments
  4. Implement pod-to-pod encryption by use of mTLS
  5.  Practice Drill
Go to CKS Self-Study Module 4

Module 5 - Supply Chain Security

  1. Minimize Base Image Footprint
  2. Secure Supply Chain: Allowing image registries, sign and validate images
  3. Use Static Analysis of User Workloads
  4. Scan Images for Known Vulnerabilities
  5. Practice Drill
Go to CKS Self-Study Module 5

Module 6 - Monitoring, Logging, and Runtime Security

  1. Perform behavior analytics of syscall process and file activities at the host and container level to detect malicious activities
  2. Detect threats within the physical infrastructure, apps, networks, data, users, and workloads
  3. Detect all phases of attack regardless of where it occurs and how it spreads
  4. Perform deep analytical investigation and identification of bad actors within an environment
  5. Ensure immutability of containers at runtime
  6. Use Audit Logs to monitor access
  7. Practice Drill
Go to CKS Self-Study Module 6

RX-M offers comprehensive CKS Boot Camps to help you secure your Certified Kubernetes Security Specialist certification

See All Upcoming CKS Boot Camps

Training

Course Catalog

Custom Course Builder

All Open Enrollments

Consulting

Managed Service+™

Kubernetes Consulting Services

Resources

Blog & News

CKA Self-Study Course

CKAD Self-Study Course

CKS Self-Study Course

Kubernetes Resources

Company

About Us

Contact Us

Careers

Partners

Privacy Policy

Sitemap