CKS exam preparation cheat sheets

Preparation for CKS exam (Certified Kubernetes Security Specialist)

Topics:

• CKS exam introduction
• Custer Setup and Hardering
• System Hardering
• Minimize microservice Vulnerabilities
• Supply chain security
• Monitoring, Logging and Runtime security
• Exam tips

CKS exam introduction

• Introduction

Custer Setup and Hardering

• CIS benchmark and kube-bench
• Service Accounts
• TLS in Kubernetes
• API groups
• Authorization
• RBAC
• Cluster upgrade process
• Kubelet
• Network policies
• Ingress
• Docker service security
• Kubectl Proxy & Port Forward
• Auditing

System Hardering

• Minimize host OS footprint
• Apparmor
• Seccomp
• Limit node access
• SSH hardering
• Minimize external access to network
• Restrict Kernel modules
• Linux privilege escalation

Minimize microservice Vulnerabilities

• Security Contexts
• Adminssions Controllers
• Pod security policies
• Open Policy Agent OPA
• gVisor
• kata Containers
• Control Plane isolation
• Data plane Isolation
• Pod-to-pod encryption
• Cilium
• QoS

Supply chain security

• Supply chain security
• SBOM
• Trivy
• Image security
• Kubesec scan

Monitoring, Logging and Runtime security

• Falco
• Mutable and Immutable infrastructure
• Sysdig
• Audit log

Exam tips

• External monitor for CKS/CKS/CKAD exams

Official Documentation

• Kubernetes Official Documentation
• Kubernetes Security Documentation
• Kubernetes Security Best Practices
• Kubernetes Security Checklist

Community-Driven Study Guides

• CKS Preparation Guide (GitHub)
• CKS Exam Study Guide by DevOpsCube

Video Resources

• PASS your Certified Kubernetes Security Specialist Exam
• Kubernetes CKS Full Course Theory + Practice + Browser Scenarios
• How to pass the CKS exam