Back
CKS · 3 days (21 h)
CKS Exam Preparation — Certified Kubernetes Security Specialist
Secure clusters in depth, from the Linux kernel to the supply chain — and pass the most demanding hands-on exam of the track.
Objectives
- Pass the CKS exam and be able to justify every hardening choice
- Reduce a cluster's attack surface: API server, kubelet, etcd
- Set up AppArmor, seccomp, and admission policies
- Detect suspicious runtime behavior with Falco
- Secure the build chain: image scanning, trusted registries
Audience
Platform engineers, SREs, and security profiles already CKA-certified — the certification is required to register for the exam.
Prerequisites
- Hold the CKA certification (required to register for the exam)
- Administer Kubernetes clusters on a daily basis
- Linux security basics: users, permissions, networking
Program
Cluster hardening
- CIS Benchmark and kube-bench
- Minimal RBAC, certificates, and rotation
- Securing the API server and the kubelet
System hardening
- AppArmor and seccomp
- Reducing privileges and capabilities
- Host attack surface
Microservice security
- SecurityContexts and Pod Security Standards
- mTLS and secrets encryption
- Sandboxing: gVisor and isolated runtimes
Supply chain
- Image scanning with Trivy
- Trusted registries and signatures
- Static analysis of manifests
Runtime, audit, and mock exam
- Falco: rules and detection
- Kubernetes audit logs
- Simulation under exam conditions
Get your quote
Six questions, two minutes. Quote within 48 h — often within minutes.
Configure my quote