Welcome to Scribd!

CKS Curriculum v1.28

Uploaded by

m.asif.muzammil

0% found this document useful (0 votes)

36 views4 pages

The document outlines the curriculum for the Certified Kubernetes Security Specialist (CKS) exam, which covers: securing cluster setup (10%), hardening the cluster (15%) and systems (15%), minimizing microservice vulnerabilities (20%), supply chain security (20%), and monitoring, logging, and runtime security (20%). Key areas include using network policies, role-based access controls, updating Kubernetes frequently, minimizing host OS footprints, managing secrets, whitelisting registries, and performing behavioral analytics to detect threats.

Original Description:

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

36 views4 pages

CKS Curriculum v1.28

Uploaded by

m.asif.muzammil

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 4

Search inside document

Certified Kubernetes

Security Specialist (CKS)

Exam Curriculum
A Cloud Native Computing Foundation (CNCF) Publication
cncf.io
Certified Kubernetes Security Specialist (CKS) Exam Curriculum

This document provides the curriculum outline of the Knowledge, Skills and Abilities
that a Certified Kubernetes Security Specialist (CKS) can be expected to demonstrate.

CKS Curriculum

10% - Cluster Setup

• Use Network security policies to restrict cluster level access

• Use CIS benchmark to review the security configuration of Kubernetes components

(etcd, kubelet, kubedns, kubeapi)

• Properly set up Ingress objects with security control

• Protect node metadata and endpoints

• Minimize use of, and access to, GUI elements

• Verify platform binaries before deploying

15% - Cluster Hardening

• Restrict access to Kubernetes API

• Use Role Based Access Controls to minimize exposure

• Exercise caution in using service accounts e.g. disable defaults, minimize permissions on
newly created ones

• Update Kubernetes frequently

15% - System Hardening

• Minimize host OS footprint (reduce attack surface)

• Minimize IAM roles

• Minimize external access to the network

• Appropriately use kernel hardening tools such as AppArmor, seccomp

2
Certified Kubernetes Security Specialist (CKS) Exam Curriculum

This document provides the curriculum outline of the Knowledge, Skills and Abilities
that a Certified Kubernetes Security Specialist (CKS) can be expected to demonstrate.

CKS Curriculum

20% - Minimize Microservice Vulnerabilities

• Setup appropriate OS level security domains

• Manage kubernetes secrets

• Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
• Implement pod to pod encryption by use of mTLS

20% - Supply Chain Security

• Minimize base image footprint

• Secure your supply chain: whitelist allowed image registries, sign and validate images

• Use static analysis of user workloads (e.g. kubernetes resources, docker files)

• Scan images for known vulnerabilities

20% - Monitoring, Logging and Runtime Security

• Perform behavioral analytics of syscall process and file activities at the host and container
level to detect malicious activities

• Detect threats within physical infrastructure, apps, networks, data, users and workloads

• Detect all phases of attack regardless where it occurs and how it spreads

• Perform deep analytical investigation and identification of bad actors within environment

• Ensure immutability of containers at runtime

• Use Audit Logs to monitor access

3
Cloud native computing uses an open source software stack to
deploy applications as microservices, packaging each part into its
own container, and dynamically orchestrating those containers to
optimize resource utilization. The Cloud Native Computing Foundation
(CNCF) hosts critical components of those software stacks including
Kubernetes, Fluentd, Linkerd, Prometheus, OpenTracing and gRPC;
brings together the industry’s top developers, end users, and vendors;
and serves as a neutral home for collaboration. CNCF is part of The
Linux Foundation, a nonprofit organization. For more information
about CNCF, please visit: https://cncf.io/.

CKS - Curriculum - v1.24
Document4 pages
CKS - Curriculum - v1.24
Seong-Jin Kim
No ratings yet
About Kubernetes and Security Practices - Short Edition: First Edition, #1
From Everand
About Kubernetes and Security Practices - Short Edition: First Edition, #1
Ami Adi
No ratings yet
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
Document4 pages
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
mohammed
No ratings yet
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
Document4 pages
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
Mostafa Hamouda
No ratings yet
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
Document4 pages
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
vishu146
No ratings yet
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
Document4 pages
Certified Kubernetes Administrator (CKA) Exam Curriculum: A Cloud Native Computing Foundation (CNCF) Publication CNCF - Io
read29926285
No ratings yet
Securing Kubernetes Checklist
Document10 pages
Securing Kubernetes Checklist
Sandro Melo
No ratings yet
Securing Kubernetes and Your Cloud-Native Applications: Datasheet
Document2 pages
Securing Kubernetes and Your Cloud-Native Applications: Datasheet
T
No ratings yet
Securing Containers On The High Seas: Jack Mannino & Abdullah Munawar
Document38 pages
Securing Containers On The High Seas: Jack Mannino & Abdullah Munawar
Binyam Asfaw
No ratings yet
CKAD Curriculum v1.25
Document3 pages
CKAD Curriculum v1.25
Xiaotian Cheng
No ratings yet
Kubernetes Security Guide
Document64 pages
Kubernetes Security Guide
sunnyj25
No ratings yet
Kubernetes Security Cheat Sheet
Document30 pages
Kubernetes Security Cheat Sheet
Azeddien Sllame
No ratings yet
Ramu Devops Resume
Document6 pages
Ramu Devops Resume
kk72783
No ratings yet
Certified Kubernetes Administrator Exam v1.15
Document5 pages
Certified Kubernetes Administrator Exam v1.15
sebihi yacine
No ratings yet
Attacking Kubernetes: A Guide For Administrators and Penetration Testers
Document46 pages
Attacking Kubernetes: A Guide For Administrators and Penetration Testers
Tung
No ratings yet
Bitdefender Practical Container Security PDF
Document8 pages
Bitdefender Practical Container Security PDF
Diego Orjuela
No ratings yet
Kubernetes Security Essentials: The Kubernetes Attack Surface
Document6 pages
Kubernetes Security Essentials: The Kubernetes Attack Surface
Venkatraman Krishnamoorthy
No ratings yet
Dzone Refcard 275 k8s Security Essentials 2022
Document6 pages
Dzone Refcard 275 k8s Security Essentials 2022
KP S
No ratings yet
CKA Curriculum V1.17
Document5 pages
CKA Curriculum V1.17
for muthu
No ratings yet
StackRox WhitePaper Top Kubernetes Security Settings
Document6 pages
StackRox WhitePaper Top Kubernetes Security Settings
Rpl Marseille
No ratings yet
Top 10 Use Cases For The Sysdig Cloud-Native Visibility and Security Platform
Document26 pages
Top 10 Use Cases For The Sysdig Cloud-Native Visibility and Security Platform
jumpstartsdmit
No ratings yet
Securing Managed Kubernetes With Prisma Cloud
Document4 pages
Securing Managed Kubernetes With Prisma Cloud
Yuen-Sien HUY
No ratings yet
RaghavendraY - Devops
Document5 pages
RaghavendraY - Devops
Mohan Raj Mohan
No ratings yet
Security
Document66 pages
Security
Husseni Muzkkir
No ratings yet
Ultimate Kubernetes Security Guide
Document30 pages
Ultimate Kubernetes Security Guide
cap.rohit550
No ratings yet
Pavan Cloud&devops
Document5 pages
Pavan Cloud&devops
pavan kumar tungala
No ratings yet
Kubernetes
Document42 pages
Kubernetes
Murtaza Abbas
No ratings yet
Rancher 2 4 Architecture WP
Document11 pages
Rancher 2 4 Architecture WP
Pardha Saradhi
100% (1)
Prisma Cloud Complete Guide Kubernetes
Document14 pages
Prisma Cloud Complete Guide Kubernetes
mcskumar
No ratings yet
Devops Implementation For Ruah Technologies and Solutions
Document6 pages
Devops Implementation For Ruah Technologies and Solutions
Ankit
No ratings yet
Nash Hirwa
Document3 pages
Nash Hirwa
RAJINIKNTH REDDY
No ratings yet
KCNA Curriculum
Document3 pages
KCNA Curriculum
m.asif.muzammil
No ratings yet
Certified Kubernetes Application Developer (CKAD) Exam Curriculum
Document3 pages
Certified Kubernetes Application Developer (CKAD) Exam Curriculum
Mangesh Abnave
100% (1)
Anusha SRE Devops Lead
Document6 pages
Anusha SRE Devops Lead
mohankrishnaroyal86
No ratings yet
Container Security Best Practices Cheat Sheet
Document9 pages
Container Security Best Practices Cheat Sheet
mcskumar
No ratings yet
Design of Highly Available DevOps & Microservice Architecture From Shawon
Document12 pages
Design of Highly Available DevOps & Microservice Architecture From Shawon
shawon
No ratings yet
Kubernetes For MLOps Engineers
Document7 pages
Kubernetes For MLOps Engineers
Miro
No ratings yet
Kubernetes Setup
Document81 pages
Kubernetes Setup
cduran1983
No ratings yet
Karthik AwsDevops 4yrs Resume
Document4 pages
Karthik AwsDevops 4yrs Resume
kbrpuram
No ratings yet
A Kubernetes-Based Monitoring Platform For Dynamic Cloud Resource Provisioning
Document6 pages
A Kubernetes-Based Monitoring Platform For Dynamic Cloud Resource Provisioning
aden darge
No ratings yet
Anantha Sriman - Resume
Document3 pages
Anantha Sriman - Resume
Raj Pedapalli
No ratings yet
Extending Kubernetes: Elevate Kubernetes with Extension Patterns, Operators, and Plugins
From Everand
Extending Kubernetes: Elevate Kubernetes with Extension Patterns, Operators, and Plugins
Onur Yilmaz
No ratings yet
DevOps Resume 52
Document4 pages
DevOps Resume 52
junaid
No ratings yet
Applications Natives Du Cloud.
Document105 pages
Applications Natives Du Cloud.
abdelwahed
No ratings yet
Naukri RAMESHGODAVARTHI (6y 0m)
Document4 pages
Naukri RAMESHGODAVARTHI (6y 0m)
arpita.jsr98ak
No ratings yet
Cloud As IaaS
Document38 pages
Cloud As IaaS
sayeekumar
No ratings yet
Importance of k8s - 95+9
Document1 page
Importance of k8s - 95+9
vaibhavwani008
No ratings yet
Top 10 Use Cases For Sysdig
Document14 pages
Top 10 Use Cases For Sysdig
pantopita
No ratings yet
Certified Kubernetes Application Developer (CKAD) Exam Curriculum
Document3 pages
Certified Kubernetes Application Developer (CKAD) Exam Curriculum
Install
No ratings yet
CKAD Curriculum V1.21
Document3 pages
CKAD Curriculum V1.21
tc5664
No ratings yet
Ajay Devops Resume
Document4 pages
Ajay Devops Resume
faizan soudagar
No ratings yet
Module 9 Homework
Document5 pages
Module 9 Homework
Shiva Singh
No ratings yet
Devsecops 211021 Containers
Document58 pages
Devsecops 211021 Containers
dsolis
No ratings yet
Kuber Net Es
Document33 pages
Kuber Net Es
RAGHAV SARDA
No ratings yet
Untitled
Document4 pages
Untitled
Parth Lakare
No ratings yet
Resume 120123
Document4 pages
Resume 120123
Rahul Jakkula
No ratings yet
DevOps Resume 34
Document3 pages
DevOps Resume 34
tiyic73901
No ratings yet
Vamsi DevOps Engineer Resume
Document9 pages
Vamsi DevOps Engineer Resume
HARSHA
No ratings yet
Mypdf 1
Document2 pages
Mypdf 1
adrien.danzon.s
No ratings yet
DevOps AWS Kiran
Document3 pages
DevOps AWS Kiran
Anuj B
No ratings yet
User Manual: CMM366A-3G Cloud Monitoring Communication Module
Document17 pages
User Manual: CMM366A-3G Cloud Monitoring Communication Module
donneralaivao
No ratings yet
Trilhas de Aprendizagem - Cloud Skills Challenge SMB
Document6 pages
Trilhas de Aprendizagem - Cloud Skills Challenge SMB
Flavio Sena de Oliveira
No ratings yet
Working at BairesDev BRASIL - English
Document22 pages
Working at BairesDev BRASIL - English
Bruno Vasconcelos
No ratings yet
Cortex XDR CTF Presentation
Document54 pages
Cortex XDR CTF Presentation
Erick Barrios
No ratings yet
Zero Trust Maturity Assessment
Document132 pages
Zero Trust Maturity Assessment
rodrigo
No ratings yet
CH 01
Document19 pages
CH 01
subhaa Das
No ratings yet
Create Your Azure Free Account Today - Microsoft Azure
Document12 pages
Create Your Azure Free Account Today - Microsoft Azure
Payam Kazemi
No ratings yet
24 - 7.ai Java Selenium Testing Interview Questions 2021
Document4 pages
24 - 7.ai Java Selenium Testing Interview Questions 2021
jeffa123
No ratings yet
DBMS - Old Q&A For 10 and 5 Marks
Document19 pages
DBMS - Old Q&A For 10 and 5 Marks
Roshan
No ratings yet
Python Notes For CBSE
Document106 pages
Python Notes For CBSE
Youth Voice
100% (2)
Education: Experience: Ranjan Das
Document16 pages
Education: Experience: Ranjan Das
ashish ojha
No ratings yet
137 Ascendon Solution
Document6 pages
137 Ascendon Solution
Average Indian
No ratings yet
TrainWithShubham 02-1
Document15 pages
TrainWithShubham 02-1
Hshsh
No ratings yet
File 1
Document20 pages
File 1
Jorge Castro Sanchez
No ratings yet
VP Sales Marketing Operations in Chicago IL Resume Bill Abraham
Document3 pages
VP Sales Marketing Operations in Chicago IL Resume Bill Abraham
BillAbraham
No ratings yet
CEC315 Tutorial Sheet
Document1 page
CEC315 Tutorial Sheet
cathyngomo24
No ratings yet
Cyber Security
Document74 pages
Cyber Security
Dhamodaran Srinivasan
No ratings yet
GE Digital Activating Licenses Offline Using The GE Cloud License Server
Document10 pages
GE Digital Activating Licenses Offline Using The GE Cloud License Server
Sergio Rivas
No ratings yet
Imanager SONMaster V100R017C10 Basic Feature Description
Document24 pages
Imanager SONMaster V100R017C10 Basic Feature Description
Suraj Joshi
100% (1)
Goodwe 5048ES With BYD B-BOX (2.5-10) Installation Guide
Document13 pages
Goodwe 5048ES With BYD B-BOX (2.5-10) Installation Guide
Meraj Hasan
No ratings yet
Cloud Computing in Education in The Middle East and North Africa (Mena) Region Can Barriers Be Ov
Document6 pages
Cloud Computing in Education in The Middle East and North Africa (Mena) Region Can Barriers Be Ov
Victor Manuel Enriquez G
No ratings yet
Mobile Technology Exam Topics
Document40 pages
Mobile Technology Exam Topics
Sasha (Shandi)
No ratings yet
Cloud4C Ai Powered Sap Application Management Services: A Ctrls Company
Document11 pages
Cloud4C Ai Powered Sap Application Management Services: A Ctrls Company
rio_harcan
No ratings yet
Gurpreet Singh Bedi - CV
Document1 page
Gurpreet Singh Bedi - CV
Gurpreet Singh
No ratings yet
8 Must-Have Skills For AWS Cloud Architects: Aws Foundation Certification Courses
Document9 pages
8 Must-Have Skills For AWS Cloud Architects: Aws Foundation Certification Courses
246 D Amey Salvi
No ratings yet
CB Insights - Tech Trends 2024
Document129 pages
CB Insights - Tech Trends 2024
tanase.octavian2561
No ratings yet
Chapter 1
Document73 pages
Chapter 1
Hiếu Nguyễn Trí
No ratings yet
Enterprise Cloud Strategy PDF
Document109 pages
Enterprise Cloud Strategy PDF
Nenad Stamenović
100% (2)
S105465GC10 Mod17 PDF
Document41 pages
S105465GC10 Mod17 PDF
Hsie Hsuan
No ratings yet
Azure Documentation
Document383 pages
Azure Documentation
Endro Mustofa
No ratings yet