Training > Cybersecurity > CKS Exam + THRIVE Subscription Bundle
CERTIFICATION + THRIVE SUBSCRIPTION BUNDLE

CKS Exam + THRIVE Subscription Bundle

Now Available! You can bundle CKS with an annual THRIVE subscription to get access to more than 100 educational products, including Kubernetes Security Essentials (LFS260) and SkillCreds for only $595!

The Certified Kubernetes Security Specialist (CKS) program provides assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. CKA certification is required to sit for this exam.

Not sure where to start? You may consider reviewing our suggested CKS learning path.

EXAM SIMULATOR! Learners will now have access to an exam simulator, provided by Killer.sh, to experience the exam environment. You will have two exam simulation attempts (36 hours of access for each attempt from the start of activation). Simulation includes 20-25 questions (which are exactly the same for every attempt and every user (unlike those found on the actual exams) and graded simulation results.

REMINDER: The Certified Kubernetes Security Specialist (CKS) Program Changes went into effect October 15, 2024.

Who Is It For
A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.
read less read more
What You’ll Learn
With unlimited access to all of our e-learning courses, the learning opportunities are endless. In one of the 65+ courses, Kubernetes Security Essentials, you'll gain the knowledge and skills needed to maintain security in dynamic, multi-project environments.
read less read more
What It Demonstrates
Obtaining a CKS demonstrates a candidate possesses the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.
read less read more
Exam Domains & Competencies
Expand All
Collapse All
Cluster Setup15%
Use Network security policies to restrict cluster level access
Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
Properly set up Ingress with TLS
Protect node metadata and endpoints
Verify platform binaries before deploying
Cluster Hardening15%
Use Role Based Access Controls to minimize exposure
Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
Restrict access to Kubernetes API
Upgrade Kubernetes to avoid vulnerabilities
System Hardening10%
Minimize host OS footprint (reduce attack surface)
Using least-privilege identity and access management
Minimize external access to the network
Appropriately use kernel hardening tools such as AppArmor, seccomp
Minimize Microservice Vulnerabilities20%
Use appropriate pod security standards
Manage Kubernetes secrets
Understand and implement isolation techniques (multi-tenancy, sandboxed containers, etc.)
Implement Pod-to-Pod encryption using Cilium
Supply Chain Security20%
Minimize base image footprint
Understand your supply chain (e.g. SBOM, CI/CD, artifact repositories)
Secure your supply chain (permitted registries, sign and validate artifacts, etc.)
Perform static analysis of user workloads and container images (e.g. Kubesec, KubeLinter)
Monitoring, Logging and Runtime Security20%
Perform behavioral analytics to detect malicious activities
Detect threats within physical infrastructure, apps, networks, data, users and workloads
Investigate and identify phases of attack and bad actors within the environment
Ensure immutability of containers at runtime
Use Kubernetes audit logs to monitor access
The Linux Foundation worked with industry experts and the Linux kernel community to identify the core domains and the critical skills, knowledge and competencies applicable to each certification. Performance-based exams were then developed based on the competencies that were identified.
Exam Details & Resources
Certified Kubernetes Security Specialist (CKS) candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam.

This exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes. Candidates have 2 hours to complete the tasks.

The exam is based on Kubernetes v1.31

Candidates who register for the Certified Kubernetes Security Specialist (CKS) exam will have 2 attempts (per exam registration) to an exam simulator, provided by Killer.sh.  

Please review the Candidate Handbook, Curriculum Overview and Exam Tips along with other recommended resources below.

Prerequisites
Certified Kubernetes Security Specialist (CKS) candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam.
Learn more about the THRIVE Subscription here & save!
$595
CKS Exam + THRIVE Subscription
Buy Bundle
100% Money Back Guarantee
THRIVE Subscription Includes
Access to 100+ Educational Products
Hands-on labs Included in 45+ e-learning courses
Access to Available SkillCreds (1x)
12 Months of Access to Online Course
12 Months of Access to Online Courses
Digital Badges Upon Course Completions
Discussion Forums
Exam Includes
Online Exam Delivery
Exam Duration 2 Hours
Certification Valid for 2 Years
12 Month Exam Eligibility
One Retake
PDF Certificate and Digital Badge
Discussion forums
Software Version: Kubernetes v1.31
Performance-Based Exam
Exam Simulator
Exam Experience Level: Intermediate
Get a Quote
Certifying more than 10 people?Get a corporate quote.