The Certified Kubernetes Security Specialist (CKS) exam has undergone a significant update.
The exam’s updated content ensures that Kubernetes professionals remain equipped with the most up-to-date knowledge in security practices for containerized applications.
This blog will break down the changes and removals from the current syllabus, how to prepare, and important dates you need to know.
If you are planning to give the K8s certifications, you can make use of the following coupon to get flat 30% discount on certifications.
Main Focus Areas: Security across infrastructure, applications, and workloads
To renew your CKS certification, maintaining an active CKA certification is no longer required. However, the CKA is still a prerequisite for obtaining the CKS certification.
Updated domains and competencies across cluster setup, hardening, monitoring, and more. Here is the updated list.
Tools Added
Cilium: Used for Pod-to-Pod encryption and enhanced network security.
Software Bill of Materials (SBOM): Helps manage and secure the supply chain, providing transparency into the software components.
Kubesec and KubeLinter: Tools for performing static analysis on Kubernetes resources and container images to detect security vulnerabilities.
Audit Logs: Leveraged to monitor access and security-related events in Kubernetes clusters.
Concepts Added
Pod Security Standards (PSS): Emphasis on using appropriate pod security levels to protect Kubernetes clusters.
TLS for Ingress: Ensuring secure communication for traffic entering the Kubernetes cluster by using Transport Layer Security (TLS) for Ingress objects.
Multi-tenancy and Sandboxed Containers: New focus on implementing isolation techniques like multi-tenancy to secure environments.
Behavioral Analytics: Detecting malicious activities by analyzing system and network behavior, including syscall and process activities.
Least-Privilege Identity and Access Management (IAM): Strengthened use of least-privilege principles for access management.
Supply Chain Security: New focus on securing CI/CD pipelines, validating artifacts, and signing images to prevent vulnerabilities in the software supply chain.
These additions highlight the growing importance of pod-level security, network encryption, and supply chain management in Kubernetes environments.
What’s Changing?
Several key changes have been made to the CKS exam to align with the latest Kubernetes security best practices. While the exam's core domains remain the same, the competencies within each domain have been updated. Here's a breakdown:
1. Cluster Setup: Refined Security Configuration
New Addition: TLS is now explicitly included for setting up Ingress objects.
Removed: Minimizing the use of GUI elements and the reference to verifying platform binaries is simplified.
Why It Matters: Security has become more focused on streamlining critical configurations like TLS, which is foundational to securing ingress traffic.
2. Cluster Hardening: Strengthening Access Control
New Addition: Kubernetes upgrade recommendations now emphasize avoiding vulnerabilities.
Removed: Frequent Kubernetes updates have been simplified, as the focus shifts more toward critical upgrades.
Why It Matters: Regular Kubernetes upgrades are now prioritized to avoid security loopholes and exposure.
3. System Hardening: Simplified Host OS Footprint Management
New Addition: A strong emphasis on least-privilege IAM and kernel-level protections like AppArmor and seccomp.
Removed: Detailed mentions of external access and footprint minimization.
Why It Matters: The goal is to reduce the attack surface of the host OS by enforcing stricter access policies.
4. Minimize Microservice Vulnerabilities: New Standards for Pod Security
New Addition: Implementation of Cilium for Pod-to-Pod encryption and pod security standards.
Removed: Specific references to container runtime sandboxes like gvisor or kata containers.
Why It Matters: The focus has shifted to modern security standards like Cilium, simplifying the implementation of Pod encryption.
5. Supply Chain Security: Strengthening the CI/CD Pipeline
New Addition: Incorporating SBOM (Software Bill of Materials) and securing artifact repositories.
Removed: Whitelisting registries is replaced with more flexible validation of artifacts.
Why It Matters: Supply chain security now addresses vulnerabilities in the entire CI/CD pipeline.
6. Monitoring, Logging, and Runtime Security: Detection Over Prevention
New Addition: Enhanced behavioral analytics for detecting malicious activities across infrastructure and workloads.
Removed: Some older tools and methods have been consolidated to ensure focus on analytics and Kubernetes audit logs.
Why It Matters: Detection of threats is now highlighted over preventing each type of attack, ensuring a broader security coverage.
How to Prepare for the Updated CKS Exam
To prepare for the update CKS exam, you'll need to focus on the newly added topics alongside the existing ones.
Here are the key areas to prioritize in your preparation:
Master Security Tools: Gain a solid understanding of critical security tools such as Cilium (for Pod-to-Pod encryption), AppArmor, seccomp, and audit logs. These tools play a key role in securing various aspects of your Kubernetes environment, from network traffic encryption to system call monitoring and compliance.
Upgrade Knowledge on Pod Security Standards: Get familiar with the latest Pod Security Standards (PSS) and advanced isolation techniques like multi-tenancy and sandboxed containers. These are essential for ensuring workload security, particularly in multi-tenant Kubernetes environments.
Strengthen Supply Chain Security: Look into securing your CI/CD pipeline by utilizing SBOM (Software Bill of Materials) and managing artifact repositories. Make sure to practice with tools like Kubesec and KubeLinter for static analysis, which will help identify vulnerabilities in Kubernetes resources and container images.
Learn Ingress and TLS Configuration: Focus on configuraating TLS for Ingress objects to safeguard traffic entering your cluster. This has become an important requirement for Kubernetes administrators to ensure secure communication and prevent unauthorized access to services.
Practice Behavioral Analytics and Threat Detection: Practice well to detect and analyze abnormal behaviors at different levels—system, network, and application—using behavioral analytics. Learn to use Kubernetes audit logs to monitor access and investigate any suspicious activities, helping you proactively identify potential threats.
When Will the Changes Go Live?
The initial update was planned on September 12, 2024. Due to technical glitches, the updated CKS exam will be released no earlier than October 10, 2024, giving you time to review the new syllabus and prepare accordingly.
With a shift in focus toward enhanced security practices across Kubernetes clusters and workloads, the CKS exam updates emphasize the skills needed to safeguard modern infrastructure.
From pod security standards to the latest in supply chain security, make sure you’re prepared to tackle these new challenges.
Also, CKA exam is also getting an update. You can read about it in our CKA exam update blog.
Bibin Wilson (authored over 300 tech tutorials) is a cloud and DevOps consultant with over 12+ years of IT experience. He has extensive hands-on experience with public cloud platforms and Kubernetes.
CKS Exam Update: What’s New, What’s Removed
The CKS exam is updating after October 10, 2024, with new topics such as Cilium, Software Bill of Materials (SBOM), Kubesec and KubeLinter etc
— Bibin Wilson
CKS Exam Update: What’s New, What’s Removed
The Certified Kubernetes Security Specialist (CKS) exam has undergone a significant update.
The exam’s updated content ensures that Kubernetes professionals remain equipped with the most up-to-date knowledge in security practices for containerized applications.
This blog will break down the changes and removals from the current syllabus, how to prepare, and important dates you need to know.
If you are planning to give the K8s certifications, you can make use of the following coupon to get flat 30% discount on certifications.
TL;DR: CKS Exam Update 2024
Updated domains and competencies across cluster setup, hardening, monitoring, and more. Here is the updated list.
Tools Added
Concepts Added
These additions highlight the growing importance of pod-level security, network encryption, and supply chain management in Kubernetes environments.
What’s Changing?
Several key changes have been made to the CKS exam to align with the latest Kubernetes security best practices. While the exam's core domains remain the same, the competencies within each domain have been updated. Here's a breakdown:
1. Cluster Setup: Refined Security Configuration
Why It Matters: Security has become more focused on streamlining critical configurations like TLS, which is foundational to securing ingress traffic.
2. Cluster Hardening: Strengthening Access Control
Why It Matters: Regular Kubernetes upgrades are now prioritized to avoid security loopholes and exposure.
3. System Hardening: Simplified Host OS Footprint Management
Why It Matters: The goal is to reduce the attack surface of the host OS by enforcing stricter access policies.
4. Minimize Microservice Vulnerabilities: New Standards for Pod Security
Why It Matters: The focus has shifted to modern security standards like Cilium, simplifying the implementation of Pod encryption.
5. Supply Chain Security: Strengthening the CI/CD Pipeline
Why It Matters: Supply chain security now addresses vulnerabilities in the entire CI/CD pipeline.
6. Monitoring, Logging, and Runtime Security: Detection Over Prevention
Why It Matters: Detection of threats is now highlighted over preventing each type of attack, ensuring a broader security coverage.
How to Prepare for the Updated CKS Exam
To prepare for the update CKS exam, you'll need to focus on the newly added topics alongside the existing ones.
Here are the key areas to prioritize in your preparation:
When Will the Changes Go Live?
The initial update was planned on September 12, 2024. Due to technical glitches, the updated CKS exam will be released no earlier than October 10, 2024, giving you time to review the new syllabus and prepare accordingly.
Stay tuned for updates by bookmarking the official announcement page.
Conclusion
With a shift in focus toward enhanced security practices across Kubernetes clusters and workloads, the CKS exam updates emphasize the skills needed to safeguard modern infrastructure.
From pod security standards to the latest in supply chain security, make sure you’re prepared to tackle these new challenges.
Also, CKA exam is also getting an update. You can read about it in our CKA exam update blog.
For latest Linux Foundation promo code, you can check the Kubernetes certification coupons page.
Bibin Wilson (authored over 300 tech tutorials) is a cloud and DevOps consultant with over 12+ years of IT experience. He has extensive hands-on experience with public cloud platforms and Kubernetes.