Skip to main content

CKS Exam Update: What’s New, What’s Removed

The CKS exam is updating after October 10, 2024, with new topics such as Cilium, Software Bill of Materials (SBOM), Kubesec and KubeLinter etc

Bibin Wilson

The Certified Kubernetes Security Specialist (CKS) exam has undergone a significant update.

The exam’s updated content ensures that Kubernetes professionals remain equipped with the most up-to-date knowledge in security practices for containerized applications.

This blog will break down the changes and removals from the current syllabus, how to prepare, and important dates you need to know.


If you are planning to give the K8s certifications, you can make use of the following coupon to get flat 30% discount on certifications.

Coupon: Use code 30COMTECHIES at checkout

TL;DR: CKS Exam Update 2024

  • Main Focus Areas: Security across infrastructure, applications, and workloads
  • To renew your CKS certification, maintaining an active CKA certification is no longer required. However, the CKA is still a prerequisite for obtaining the CKS certification.

Updated domains and competencies across cluster setup, hardening, monitoring, and more. Here is the updated list.

Tools Added

  1. Cilium: Used for Pod-to-Pod encryption and enhanced network security.
  2. Software Bill of Materials (SBOM): Helps manage and secure the supply chain, providing transparency into the software components.
  3. Kubesec and KubeLinter: Tools for performing static analysis on Kubernetes resources and container images to detect security vulnerabilities.
  4. Audit Logs: Leveraged to monitor access and security-related events in Kubernetes clusters.

Concepts Added

  1. Pod Security Standards (PSS): Emphasis on using appropriate pod security levels to protect Kubernetes clusters.
  2. TLS for Ingress: Ensuring secure communication for traffic entering the Kubernetes cluster by using Transport Layer Security (TLS) for Ingress objects.
  3. Multi-tenancy and Sandboxed Containers: New focus on implementing isolation techniques like multi-tenancy to secure environments.
  4. Behavioral Analytics: Detecting malicious activities by analyzing system and network behavior, including syscall and process activities.
  5. Least-Privilege Identity and Access Management (IAM): Strengthened use of least-privilege principles for access management.
  6. Supply Chain Security: New focus on securing CI/CD pipelines, validating artifacts, and signing images to prevent vulnerabilities in the software supply chain.

These additions highlight the growing importance of pod-level security, network encryption, and supply chain management in Kubernetes environments.

What’s Changing?

Several key changes have been made to the CKS exam to align with the latest Kubernetes security best practices. While the exam's core domains remain the same, the competencies within each domain have been updated. Here's a breakdown:

1. Cluster Setup: Refined Security Configuration

  • New Addition: TLS is now explicitly included for setting up Ingress objects.
  • Removed: Minimizing the use of GUI elements and the reference to verifying platform binaries is simplified.

Why It Matters: Security has become more focused on streamlining critical configurations like TLS, which is foundational to securing ingress traffic.

2. Cluster Hardening: Strengthening Access Control

  • New Addition: Kubernetes upgrade recommendations now emphasize avoiding vulnerabilities.
  • Removed: Frequent Kubernetes updates have been simplified, as the focus shifts more toward critical upgrades.

Why It Matters: Regular Kubernetes upgrades are now prioritized to avoid security loopholes and exposure.

3. System Hardening: Simplified Host OS Footprint Management

  • New Addition: A strong emphasis on least-privilege IAM and kernel-level protections like AppArmor and seccomp.
  • Removed: Detailed mentions of external access and footprint minimization.

Why It Matters: The goal is to reduce the attack surface of the host OS by enforcing stricter access policies.

4. Minimize Microservice Vulnerabilities: New Standards for Pod Security

  • New Addition: Implementation of Cilium for Pod-to-Pod encryption and pod security standards.
  • Removed: Specific references to container runtime sandboxes like gvisor or kata containers.

Why It Matters: The focus has shifted to modern security standards like Cilium, simplifying the implementation of Pod encryption.

5. Supply Chain Security: Strengthening the CI/CD Pipeline

  • New Addition: Incorporating SBOM (Software Bill of Materials) and securing artifact repositories.
  • Removed: Whitelisting registries is replaced with more flexible validation of artifacts.

Why It Matters: Supply chain security now addresses vulnerabilities in the entire CI/CD pipeline.

6. Monitoring, Logging, and Runtime Security: Detection Over Prevention

  • New Addition: Enhanced behavioral analytics for detecting malicious activities across infrastructure and workloads.
  • Removed: Some older tools and methods have been consolidated to ensure focus on analytics and Kubernetes audit logs.

Why It Matters: Detection of threats is now highlighted over preventing each type of attack, ensuring a broader security coverage.

How to Prepare for the Updated CKS Exam

To prepare for the update CKS exam, you'll need to focus on the newly added topics alongside the existing ones.

Here are the key areas to prioritize in your preparation:

  1. Master Security Tools: Gain a solid understanding of critical security tools such as Cilium (for Pod-to-Pod encryption), AppArmor, seccomp, and audit logs. These tools play a key role in securing various aspects of your Kubernetes environment, from network traffic encryption to system call monitoring and compliance.
  2. Upgrade Knowledge on Pod Security Standards: Get familiar with the latest Pod Security Standards (PSS) and advanced isolation techniques like multi-tenancy and sandboxed containers. These are essential for ensuring workload security, particularly in multi-tenant Kubernetes environments.
  3. Strengthen Supply Chain Security: Look into securing your CI/CD pipeline by utilizing SBOM (Software Bill of Materials) and managing artifact repositories. Make sure to practice with tools like Kubesec and KubeLinter for static analysis, which will help identify vulnerabilities in Kubernetes resources and container images.
  4. Learn Ingress and TLS Configuration: Focus on configuraating TLS for Ingress objects to safeguard traffic entering your cluster. This has become an important requirement for Kubernetes administrators to ensure secure communication and prevent unauthorized access to services.
  5. Practice Behavioral Analytics and Threat Detection: Practice well to detect and analyze abnormal behaviors at different levels—system, network, and application—using behavioral analytics. Learn to use Kubernetes audit logs to monitor access and investigate any suspicious activities, helping you proactively identify potential threats.

When Will the Changes Go Live?

The initial update was planned on September 12, 2024. Due to technical glitches, the updated CKS exam will be released no earlier than October 10, 2024, giving you time to review the new syllabus and prepare accordingly.

Stay tuned for updates by bookmarking the official announcement page.

Conclusion

With a shift in focus toward enhanced security practices across Kubernetes clusters and workloads, the CKS exam updates emphasize the skills needed to safeguard modern infrastructure.

From pod security standards to the latest in supply chain security, make sure you’re prepared to tackle these new challenges.

Also, CKA exam is also getting an update. You can read about it in our CKA exam update blog.

For latest Linux Foundation promo code, you can check the Kubernetes certification coupons page.

Bibin Wilson