GCP K8 Setup before attempting practice questions
Hands-on practice of CKS Labs
Kubernetes Admin knowledge
Think from a hackers perspective
Note – 1 : Prior knowledge of CKA is required before enrollment.
Note – 2 : These “exam-style” questions are not exactly like the real exam, nor are they exam dumps or don’t expect them to be the case.
Section – 1:
There are no practice questions in first section. This section is designed to help students for installation of gcp-k8s-cluster and cluster-setup.
Section – 2:
Test your knowledge of Trivy, RBAC & Service Accounts, AppArmor, Secrets & Pod, Seccomp profiles, RuntimeClass. Kube-bench.
Section – 3:
Test your knowledge of Audit, Falco, ImagePolicyWebhooks, Pod Security Policy, Network Policy (Deny), Network Policy (Restrict pod), Dockerfile Security issue
You must cover below curriculum before attempting CKS Exam:
10% – Cluster Setup
- Use Network security policies to restrict cluster level access
- Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
- Properly set up Ingress objects with security control
- Protect node metadata and endpoints
- Minimize use of, and access to, GUI elements
- Verify platform binaries before deploying
15% – Cluster Hardening
- Restrict access to Kubernetes API
- Use Role Based Access Controls to minimize exposure
- handy site collects together articles, tools and the official documentation all in one place
- Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
- Update Kubernetes frequently
- Minimize host OS footprint (reduce attack surface)
- Minimize IAM roles
- Minimize external access to the network
- Appropriately use kernel hardening tools such as AppArmor, seccomp
15% System Hardening
- Minimize host OS footprint (reduce attack surface)
- Minimize IAM roles
- Minimize external access to the network
- Appropriately use kernel hardening tools such as AppArmor, seccomp!? where is selinux? assume exam systems are ubuntu
20% – Minimize Microservice Vulnerabilities
- Setup appropriate OS level security domains e.g. using PSP, OPA, security contexts
- Manage kubernetes secrets
- Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
- Implement pod to pod encryption by use of mTLS
20% – Supply Chain Security
- Minimize base image footprint
- Secure your supply chain: whitelist allowed image registries, sign and validate images
- Use static analysis of user workloads (e.g. kubernetes resources, docker files)
- Scan images for known vulnerabilities
20% – Monitoring, Logging and Runtime Security
- Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
- Detect threats within physical infrastructure, apps, networks, data, users and workloads
- Detect all phases of attack regardless where it occurs and how it spreads
- Perform deep analytical investigation and identification of bad actors within environment
- Ensure immutability of containers at runtime
- Use Audit Logs to monitor access
Sign up with 30 days money back guarantee.
