☁️ Certified Kubernetes Security Specialist (CKS) - Exam-Prep
Free exam-prep for Certified Kubernetes Security Specialist (CKS) with a signed certificate. Learn the modules, pass the 10-question exam, EN/FR/AR, no account.
Last updated: June 2026
For Kubernetes administrators and DevSecOps engineers who already hold CKA and want to secure clusters, workloads, and the software supply chain to pass the hands-on CKS exam. The course is organized into 8 modules, ending with a final exam (pass mark 70%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Cluster Setup: Network Policies, Ingress TLS & CIS Benchmark
- Cluster Hardening: RBAC, Service Accounts & API Access
- System Hardening: Host OS, AppArmor & seccomp
- Minimize Microservice Vulnerabilities: Pod Security Standards & Isolation
- Secrets Management & Pod-to-Pod Encryption
- Supply Chain Security: Image Minimization, Signing & Registries
- Supply Chain Security: Static Analysis & Admission Control
- Monitoring, Logging & Runtime Security: Falco, Audit Logs & Immutability
Learning objectives
- Harden cluster setup with NetworkPolicies, TLS ingress, and CIS Benchmark reviews using kube-bench
- Implement least-privilege RBAC, restrict the API server, and minimize ServiceAccount permissions
- Apply Pod Security Standards and isolate workloads with seccomp, AppArmor, gVisor, and Kata Containers
- Manage Kubernetes Secrets securely, including encryption at rest and pod-to-pod mTLS
- Secure the software supply chain: minimize base images, scan with Trivy, and enforce image signing and admission control
- Detect runtime threats and enforce container immutability with Falco and behavioral analytics
- Configure, monitor, and investigate Kubernetes API audit logs across attack phases
- Practice realistic kubectl-driven, time-boxed scenarios that mirror the live CKS performance exam