title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Certified Kubernetes Administrator (CKA)+ Certified Kubernetes Security Specialist (CKS) Exam Bundle
Course Description
Overview
CKA was created by The Linux Foundation and the Cloud Native Computing Foundation (CNCF) as a part of their ongoing effort to help develop the Kubernetes ecosystem. The exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes. CKS is a performance-based certification exam that tests candidates' knowledge of Kubernetes and cloud security in a simulated, real world environment. Candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam. CKS may be purchased but not scheduled until CKA certification has been achieved.A certified K8s administrator has demonstrated the ability to do basic installation as well as configuring and managing production-grade Kubernetes clusters. They will have an understanding of key concepts such as Kubernetes networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users. Obtaining a CKS demonstrates a candidate possesses the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.
CKA Exam Includes:
- Proctored Online Exam Delivery
- Exam Duration 2 Hours
- Certification Valid for 3 Years
- 12 Month Exam Eligibility
- Free Retake
- PDF Certificate and Digital Badge
- Software Version: Kubernetes v1.27
- Performance-Based Exam
- Exam Simulator
CKS Exam Includes:
- Proctored Online Exam Delivery
- Exam Duration 2 Hours
- Certification Valid for 2 Years
- 12 Month Exam Eligibility
- Free Retake
- PDF Certificate and Digital Badge
- Software Version: Kubernetes v1.27
- Performance-Based Exam
- Exam Simulator
Both the CKA and CKS exams are online, proctored, performance-based tests that requires solving multiple tasks from a command line running Kubernetes. For each exam, candidates have 2 hours to complete the tasks.
The CKS & CKA exam environments will be aligned with the most recent K8s minor version within approximately 4 to 8 weeks of the K8s release date
Certified Kubernetes Security Specialist (CKS) candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam.
CKS may be purchased but not scheduled until CKA certification has been achieved.
CKA Certification must be active (non-expired) on the date the CKS exam (including Retakes) is scheduled.
Objectives
Audience
Prerequisites
-
There are no pre-requisites for the CKA exam.
Active (non-expired) CKA certification is a prerequisite for the CKS exam.
Topics
- Understand storage classes, persistent volumes
- Understand volume mode, access modes and reclaim policies for volumes
- Understand persistent volume claims primitive
- Know how to configure applications with persistent storage
- Evaluate cluster and node logging
- Understand how to monitor applications
- Manage container stdout & stderr logs
- Troubleshoot application failure
- Troubleshoot cluster component failure
- Troubleshoot networking
- Understand deployments and how to perform rolling update and rollbacks
- Use ConfigMaps and Secrets to configure applications
- Know how to scale applications
- Understand the primitives used to create robust, self-healing, application deployments
- Understand how resource limits can affect Pod scheduling
- Awareness of manifest management and common templating tools
- Manage role based access control (RBAC)
- Use Kubeadm to install a basic cluster
- Manage a highly-available Kubernetes cluster
- Provision underlying infrastructure to deploy a Kubernetes cluster
- Perform a version upgrade on a Kubernetes cluster using Kubeadm
- Implement etcd backup and restore
- Understand host networking configuration on the cluster nodes
- Understand connectivity between Pods
- Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
- Know how to use Ingress controllers and Ingress resources
- Know how to configure and use CoreDNS
- Choose an appropriate container network interface plugin
- Use Network security policies to restrict cluster level access
- Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
- Properly set up Ingress objects with security control
- Protect node metadata and endpoints
- Minimize use of, and access to, GUI elements
- Verify platform binaries before deploying
- Restrict access to Kubernetes API
- Use Role Based Access Controls to minimize exposure
- Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
- Update Kubernetes frequently
- Minimize host OS footprint (reduce attack surface)
- Minimize IAM roles
- Minimize external access to the network
- Appropriately use kernel hardening tools such as AppArmor, seccomp
- Setup appropriate OS level security domains e.g. using PSP, OPA, security contexts
- Manage Kubernetes secrets
- Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
- Implement pod to pod encryption by use of mTLS
- Minimize base image footprint
- Secure your supply chain: whitelist allowed registries, sign and validate images
- Use static analysis of user workloads (e.g.Kubernetes resources, Docker files)
- Scan images for known vulnerabilities
- Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
- Detect threats within physical infrastructure, apps, networks, data, users and workloads
- Detect all phases of attack regardless where it occurs and how it spreads
- Perform deep analytical investigation and identification of bad actors within environment
- Ensure immutability of containers at runtime
- Use Audit Logs to monitor access
Related Courses
-
Certified Hyperledger Fabric Administrator (CHFA)
LQEX-LNX-CHFA- Duration: 0.25 Day
- Delivery Format: Exam Vouchers
- Price: 395.00 USD
-
Certified Kubernetes Administrator
LQEX-LNX-CKA- Duration: 0.25 Day
- Delivery Format: Exam Vouchers
- Price: 395.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
Linux Foundation E-Learning courses are self-paced online courses that can be accessed via a regular web browser. Most courses include a good number of videos, but the majority of content will be available as text, balanced with a good proportion of labs. The labs allow students the opportunity to practice concepts covered in the course.
Students are given 12 months of online access to the course materials, starting from date of purchase.
After 12 months, your access to the course will be closed. If the student completes the course before the 12 month period expires, they can still access the course.
Web browser with internet is required to play the course. Lab exercises may require additional configuration, e.g. setting up a Linux machine. Setup Requirements
E-Learning courses may be accessed online via a web-browser only. No course manuals or other offline access is available for E-Learning courses.
To start an e-learning course, please login to My Portal with your LF Account credentials, go to the In Progress tab, and click the Start e-Learning button. Clicking on Start e-Learning will launch the course. If you are accessing a Linux Foundation course via your employerÕs site, please check out the E-Learning Support document for more info.
Your best resource for questions regarding labs and course content will be the class forum set up for your course at forum.linuxfoundation.org. In addition to participation from other students, the forum is reviewed periodically by course staff. The forums are also where notices and updates regarding the course are posted, so it is good practice to check the forum regularly.
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration