Certified Kubernetes Security Specialist (CKS) – Mock Exams

Be aware – 1 : Prior information of CKA is required earlier than enrollment.

Be aware – 2 : These “exam-style” questions will not be precisely like the actual examination, nor are they examination dumps or don’t anticipate them to be the case.

Part – 1:

There are not any observe questions in first part. This part is designed to assist college students for set up of gcp-k8s-cluster and cluster-setup.

Part – 2:

Take a look at your information of Trivy, RBAC & Service Accounts, AppArmor, Secrets and techniques & Pod, Seccomp profiles, RuntimeClass. Kube-bench.

Part – 3:

Take a look at your information of Audit, Falco, ImagePolicyWebhooks, Pod Safety Coverage, Community Coverage (Deny), Community Coverage (Limit pod), Dockerfile Safety problem

You need to cowl beneath curriculum earlier than making an attempt CKS Examination:

10% – Cluster Setup

1. Use Community safety insurance policies to limit cluster degree entry
2. Use CIS benchmark to evaluation the safety configuration of Kubernetes parts (etcd, kubelet, kubedns, kubeapi)
3. Correctly arrange Ingress objects with safety management
4. Shield node metadata and endpoints
5. Decrease use of, and entry to, GUI parts
6. Confirm platform binaries earlier than deploying

15% – Cluster Hardening

1. Limit entry to Kubernetes API
2. Use Position Based mostly Entry Controls to attenuate publicity
   • useful website collects collectively articles, instruments and the official documentation multi functional place
3. Train warning in utilizing service accounts e.g. disable defaults, reduce permissions on newly created ones
4. Replace Kubernetes often
5. Decrease host OS footprint (cut back assault floor)
6. Decrease IAM roles
7. Decrease exterior entry to the community
8. Appropriately use kernel hardening instruments equivalent to AppArmor, seccomp

15% System Hardening

1. Decrease host OS footprint (cut back assault floor)
2. Decrease IAM roles
3. Decrease exterior entry to the community
4. Appropriately use kernel hardening instruments equivalent to AppArmor, seccomp!? the place is selinux? assume examination programs are ubuntu

20% – Decrease Microservice Vulnerabilities

1. Setup acceptable OS degree safety domains e.g. utilizing PSP, OPA, safety contexts
2. Handle kubernetes secrets and techniques
3. Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
4. Implement pod to pod encryption by use of mTLS

20% – Provide Chain Safety

1. Decrease base picture footprint
2. Safe your provide chain: whitelist allowed picture registries, signal and validate photos
3. Use static evaluation of consumer workloads (e.g. kubernetes sources, docker information)
4. Scan photos for identified vulnerabilities

20% – Monitoring, Logging and Runtime Safety

1. Carry out behavioral analytics of syscall course of and file actions on the host and container degree to detect malicious actions
2. Detect threats inside bodily infrastructure, apps, networks, information, customers and workloads
3. Detect all phases of assault regardless the place it happens and the way it spreads
4. Carry out deep analytical investigation and identification of unhealthy actors inside setting
5. Guarantee immutability of containers at runtime
6. Use Audit Logs to observe entry

Join with 30 days a refund assure.