I passed the CKS exam on March 2023, and officially completed the triad (CKAD, CKA and CKS) of Kubernetes certification. Now it's time to share my experience with the exam.
CKS exam and its purpose
The CKS exam certification is offered by the Cloud Native Computing Foundation (CNCF) to validate and certify that an individual has the skills, knowledge and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.
Understanding the Exam
The exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes.
Candidates have 2 hours to complete the tasks.
A candidate will have two attempts to pass the exam.
As per the official documentation, the CKS curriculum includes the following domains:
Cluster Setup: 10%
Cluster Hardening: 15%
System Hardening: 15%
Minimize Microservice Vulnerabilities: 20%
Supply Chain Security: 20%
Monitoring, Logging and Runtime Security: 20%
You can read more about the curriculum (exam version v1.26) here: github.com/cncf/curriculum/blob/master/CKS_.. v1.26.pdf
Preparing for the Exam
Courses to refer
There are two popular courses available for CKS exam preparation,
Certified Kubernetes Security Specialist (CKS) by KodeKloud
Kubernetes CKS 2023 Complete Course - Theory - Practice by Kim Wüstkamp
Both courses are good enough for the exam preparation, but I went ahead with KodeKloud's course.
Understanding the Documentation
While preparing for the exam, it's highly recommended to understand the Kubernetes documentation. This will help you in the exam to find the correct yaml within no time. Here's the list of documentation pages you should bookmark during the preparation.
Mock exams
The first mock exam I referred to was KodeKloud's Mock exam, which comes with the course.
Another one is the killer.sh exam simulator, which comes free with exam registration (2 attempts of each 36 hours). Try utilizing both attempts, and start your attempts during the weekend so you can use the full 36 hours. killer.sh is a bit difficult compared to the actual exam, so don't get demotivated if you cannot finish the practice questions in the given time.
Additional Resources
Container Security by Liz Rice
Certified Kubernetes Security Specialist learning resources curated by Walid Shaari
The Exam
Linux Foundation introduced some new rules in June 2022
Only one monitor is allowed for the exam.
Bookmarks are not allowed.
The exam is now carried out in a remote Linux VM
The new remote VM exam can be buggy if your internet connection is poor. So make sure you have a good internet connection.
It would help if you go through the official handbook and Instructions before the exam
https://docs.linuxfoundation.org/tc-docs/certification/lf-handbook2/
https://docs.linuxfoundation.org/tc-docs/certification/important-instructions-cks
As you know, you can refer to official Kubernetes documentation during the exam. Additionally, you be provided with the direct link of other documentation (Trivy, Falco etc.) in the question but it's subject to the requirement. The exam will have 15 to 17 questions, ranging from 4% to 11% in weightage.
Time management is critical in this exam. Do read the questions carefully before jumping on them. Finish all the easy questions first. Also, save time on questions that are doable but will take time. You can attempt such questions once you after finishing all the easy questions.
That's all from my side for the CKS exam preparation. I wish you all the best for your exam.
You can contact me on Twitter or LinkedIn for any doubts about the exam.
Twitter: https://twitter.com/PrateekJainDev