CKS Self-Study Course

These self-study modules contain all of the topics outlined in the CNCF CKS Exam Curriculum. If you are not already familiar with the curriculum, take a moment to familiarize yourself as you will need to demonstrate knowledge of each topic in order to pass the CKS exam.

Talk to Team
Enrollment Schedule

Module 1 - Cluster Setup

  • Use Network security policies to restrict cluster level access
  • Use CIS benchmark to review the security configuration of Kubernetes components
  • Properly set up Ingress objects with TLS
  • Protect node metadata and endpoints
  • Verify platform binaries before deploying
  • Practice Drill
Go to CKS Self-Study Module 1

Module 2 - Cluster Hardening

  • Use Role Based Access Controls to minimize exposure
  • Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
  • Restrict access to Kubernetes API
  • Upgrade Kubernetes to avoid vulnerabilities
  • Practice Drill
Go to CKS Self-Study Module 2

Module 3 - System Hardening

  • Minimize host OS footprint (reduce attack surface)
  • Use least-privilege identity and access management
  • Minimize external access to the network
  • Appropriately use kernel hardening tools such as AppArmor, seccomp
  • Practice Drill
Go to CKS Self-Study Module 3

Module 4 - Minimize Microservice Vulnerabilities

  • Use appropriate pod security standards
  • Manage kubernetes secrets
  • Understand and implement isolation techniques (multi-tenancy, sandboxed containers, etc.)
  • Implement Pod-to-Pod encryption (Cilium, Istio)
  •  Practice Drill
Go to CKS Self-Study Module 4

Module 5 - Supply Chain Security

  • Minimize base image footprint
  • Understand your supply chain (e.g. SBOM, CI/CD, artifact repositories)
  • Secure your supply chain (permitted registries, sign and validate artifacts, etc.)
  • Perform static analysis of user workloads and container images (e.g. Kubesec, KubeLinter)
  • Practice Drill
Go to CKS Self-Study Module 5

Module 6 - Monitoring, Logging, and Runtime Security

  • Perform behavioral analytics to detect malicious activities
  • Detect threats within physical infrastructure, apps, networks, data, users and workloads
  • Investigate and identify phases of attack and bad actors within the environment
  • Ensure immutability of containers at runtime
  • Use Kubernetes audit logs to monitor access
  • Practice Drill
Go to CKS Self-Study Module 6

RX-M offers comprehensive CKS Boot Camps to help you secure your Certified Kubernetes Security Specialist certification

See All Upcoming CKS Boot Camps

Training

Course Catalog

Custom Course Builder

All Open Enrollments

Consulting

Managed Service+™

Kubernetes Consulting Services

Resources

Blog & News

CKA Self-Study Course

CKAD Self-Study Course

CKS Self-Study Course

Kubernetes Resources

Company

About Us

Contact Us

Careers

Partners

Privacy Policy

Sitemap

Secret Link