Member-only story

My feedback about Kubernetes Security Specialist exam (CKS)

3 min readDec 15, 2020

CKS: Certified Kubernetes Security Specialist was issued by The Linux Foundation to Jihad BENABRA.

Earners of this designation are accomplished Kubernetes practitioners (as evidenced by holding the CKA credential)…

www.youracclaim.com

I recently acquired my Certified Kubernetes Security Specialist (CKS) certification. As a result, several people have reached out to me for insights and feedback on the significant topics of the exam.

It’s essential to recognize that the exam format varies among candidates. However, in my experience, the challenge involved addressing 19 questions related to the following topics:

ImagePolicyWebhook

The objective is to activate this plugin and connect it with a webhook server.

Using Admission Controllers

This page provides an overview of Admission Controllers. What are they? An admission controller is a piece of code that…

kubernetes.io

Audit Policy

Activate the plugin and configure logs for specific resources (such as namespaces and secrets) at various levels (like Metadata, Request, etc.)…

Auditing

Kubernetes auditing provides a security-relevant, chronological set of records documenting the sequence of actions in a…

kubernetes.io

Anomaly fix with Falco or Sysdig

Utilize scanners such as Falco or Sysdig to investigate anomalies in containers and pods, and then format the output in a specified manner.

What is Falco, and how it work with Kubernetes

When using Kubernetes as orchestrator, securing our deployments and pods become a major topic because many teams and…

jihadbenabra.medium.com

Sandbox containers, RuntimeClass and gVisor

Deploy a RuntimeClass and initiate a deployment using this class on the appropriate worker node.