Are you wondering how to prepare for the Certified Kubernetes Security Specialist (CKS) exam? None of the information here is a secret - everything you need to know to pass the exams, is already available to you. We will help you learn where to look, how to study, and give a few exam-taking tips!
What is the CKS exam?
The Certified Kubernetes Security Specialist (CKS) program is a certification created by the Cloud Native Computing Foundation (CNCF) and The Linux Foundation for individuals with knowledge and expertise in securing container-based applications and Kubernetes platforms. The CKS exam is a performance-based test that is taken online and proctored, to test candidates' knowledge of Kubernetes and cloud security in a simulated environment. Candidates must hold a current Certified Kubernetes Administrator (CKA) certification to be eligible to take the CKS exam. The certification remains valid for two years from the date it is awarded.
What does the CKS cover?
The CKS covers a wide range of container-based security practices. You will need a good understanding of the topics below. You will need to be able to analyze and fix issues in a real environment.
- Cluster Setup - 10%
- Cluster Hardening - 15%
- System Hardening - 15%
- Minimize Microservice Vulnerabilities - 20%
- Supply Chain Security - 20%
- Monitoring, Logging, and Runtime Security - 20%
How do I sign up for the CKS exam and what is the cost?
You can sign up for the CKS exam by visiting The Linux Foundation's training portal. The full price for the exam is $395, but you can receive a discount by contacting us!
What is the format of the CKS exam and how long does it take to complete?
The CKS exam can be taken in person or online. The online exams are proctored by PSI, and have a similar environment to the CKAD and CKA exams. You will demonstrate your knowledge by completing 15-20 performance-based tasks. There are no multiple-choice questions. Partial credit may be awarded for some questions. You will have 2 hours to complete the CKS exam.
What is the passing score for the CKS exam and how is it determined?
You only need a 65% score to pass the exam. Exams are automatically graded, and scores are sent out within 24 hours. There is no explanation of individual questions, only pass/fail and your percentage.
What is the best way to prepare for the CKS exam?
The CKS exam is performance based, so the best way to prepare is by completing tasks related to the curriculum. Do these tasks over and over, until you can do them easily. You will be allowed to access certain documentation. Get familiar with looking up subjects that you may struggle with. The quicker you can find the answers in the documentation, the more time you will have to complete the exam. Killer.sh, Killercoda, and KodeKloud are all great resources.
Can I use certain tools or resources during the CKS exam?
The exam environment comes pre-configured with all of the tools you will need to complete the exam. The LinuxFoundation lists all allowed resources for the Certified Kubernetes Security Sepcialist exam. As of this writing you will have access to documentation on kubernetes.ioincluding blogs, Trivy, Falco, and AppArmour.
What happens if I don't pass the CKS exam?
Don't worry if you fail the first time you take the exam. Many people have tried and failed -- it is a tough exam. Use it as a learning experience! Revisit anything you didn't feel comfortable with. You have a free retake, as long as it is taken within a year of the initial purchase.
Are there any prerequisites for taking the CKS exam?
You must have an active CKA certification at the time of sitting for your exam. You can purchase the CKS before passing the CKA, but will need to complete that before you are able to schedule the CKS.
CKS Exam & Study Tips
Killer.sh emulates the exam environment which helps you feel more comfortable on a foreign system. The questions on Killer.sh are usually viewed as harder than what's on the exam. If you can get a passing score on Killer.sh, then the actual exam will feel much easier. Killer.sh gives a full explanation of each question. Make sure to go through the explanations even if you got the question right -- there might be a quicker way. You get two free attempts, make sure to use them both!
Create a notes file in the exam environment. We have found the notepad and question flags to be unreliable. If you create a text file, it will be there even if your exam is interrupted. The new exam environment offers multiple ways of doing this - personally, I prefer the tried and true:
Seriously, read the manual! Get familiar with the documentation you are allowed to use during the exam. When you need to look something up, you want to be able to do that as quickly as possible.
Stop Googling things :) you can't use Google on the exam, so stop using it while you study. ChatGPT is also definitely off the table! When studying only use the allowed resources, and commandline man or --help.
- For the most up to date information on the CKS exam: https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist/
- CKS: Certified Kubernetes Security Specialist https://www.cncf.io/certification/cks/
- Killer.sh CKS simulator that provides you with an environment containing 22 scenarios and their solutions.
- Killercoda These scenarios can be used standalone for CKS preparation or Kubernetes security studies.
- KodeKloud Certified Kubernetes Security Specialist course
- Trivy Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
- Falco The Falco Project is an open source runtime security tool originally built by Sysdig, Inc. Falco uses system calls to secure and monitor a system.
- AppArmour AppArmor protects systems from insecure or untrusted processes by running them in restricted confinement, while still allowing processes to share files, exercise privilege and communicate with other processes.
- CKAD: Certified Kubernetes Application Developer https://www.cncf.io/certification/ckad/
- CKA: Certified Kubernetes Administrator https://www.cncf.io/certification/cka/
- KCNA: Kubernetes and Cloud Native Associate https://www.cncf.io/certification/kcna/