This lab is part of a series of practice exam content for the Certified Kubernetes Security Specialist (CKS) certification. Each practice exam in the series provides you with exam-like tasks to perform in a Kubernetes cluster modeled after the clusters used in the real CKS exam. Each practice exam focuses on one particular domain in the CKS exam curriculum. The tasks outlined in the practice exam should be attempted on your own with the consultation of the official Kubernetes documentation, just like in the real exam. If you need assistance with a particular task, the solution and relevant exam tips are provided in the final solution guide lab step in the lab.

This practice exam focuses on the Cluster Setup domain which is worth 15% of the exam. The Cluster Setup domain encapsulates the following knowledge, skills, and abilities listed in the exam curriculum:

• Use Network security policies to restrict cluster level access
• Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
• Properly set up Ingress objects with security control
• Protect node metadata and endpoints
• Minimize use of, and access to, GUI elements
• Verify platform binaries before deploying

Assessed topics

• Kubernetes cluster setup
• Network policies
• CIS benchmark (Kube-bench)
• Ingress

Intended Audience

• Kubernetes certification exam candidates
• Kubernetes practitioners

Prerequisites

• Completion of prior content in the Certified Kubernetes Security Specialist (CKS) Exam Preparation learning path is highly recommended.