Certified Kubernetes Security Specialist (CKS) Exam Questions

Certified Kubernetes Security Specialist (CKS) is a hot IT Certification test. Certified Kubernetes Security Specialist (CKS) candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam.PassQuestion provides the latest Certified Kubernetes Security Specialist (CKS) Exam Questions that would be asked in the real CKS exam.After your preparation for Certified Kubernetes Security Specialist (CKS) Exam Questions, you will be ready to attempt all the CKS exam confidently which will make 100% guaranteed your success in the first attempt with good grades.

Certified Kubernetes Security Specialist (CKS)

A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.CKS is a performance-based certification exam that tests candidates’ knowledge of Kubernetes and cloud security in a simulated, real world environment.

CKS is a performance-based certification exam that tests candidates’ knowledge of Kubernetes and cloud security in a simulated, real world environment. Candidates must have taken and passed the Certified Kubernetes Administrator (CKA) exam prior to attempting the CKS exam. CKS may be purchased but not scheduled until CKA certification has been achieved.
CKA Certification must be active (non-expired) on the date the CKS exam (including Retakes) is scheduled.

Exam Details

This exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes. Candidates have two (2) hours to complete the tasks.The exam is taken remotely with a live proctor monitoring via webcam and screen sharing. Candidates for CKS must hold a current Certified Kubernetes Administrator (CKA) certification to demonstrate they possess sufficient Kubernetes expertise before sitting for the CKS.The cost is $375 and includes one free retake.

Domains & Competencies

  • Cluster Setup 10%
  • Cluster Hardening 15%
  • System Hardening 15%
  • Minimize Microservice Vulnerabilities 20%
  • Supply Chain Security 20%
  • Monitoring, Logging and Runtime Security 20%

View Online Certified Kubernetes Security Specialist (CKS) Free Questions

CORRECT TEXT
Given an existing Pod named nginx-pod running in the namespace test-system, fetch the service-account-name used and put the content in /candidate/KSC00124.txt
Create a new Role named dev-test-role in the namespace test-system, which can perform
update operations, on resources of type namespaces.
Create a new RoleBinding named dev-test-role-binding, which binds the newly created Role to the Pod’s ServiceAccount ( found in the Nginx pod running in namespace test-system).
Answer: Send us your feedback on it.

CORRECT TEXT
A container image scanner is set up on the cluster.
Given an incomplete configuration in the directory
/etc/Kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://acme.local.8081/image_policy
1. Enable the admission plugin.
2. Validate the control configuration and change it to implicit deny.
Finally, test the configuration by deploying the pod having the image tag as the latest.
Answer: Send us your feedback on it.

CORRECT TEXT
Given an existing Pod named test-web-pod running in the namespace test-system
Edit the existing Role bound to the Pod’s Service Account named sa-backend to only allow performing get operations on endpoints.
Create a new Role named test-system-role-2 in the namespace test-system, which can perform patch operations, on resources of type statefulsets.
Create a new RoleBinding named test-system-role-2-binding binding the newly created Role to the Pod’s ServiceAccount sa-backend.
Answer: Send us your feedback on this.

CORRECT TEXT
Using the runtime detection tool Falco, Analyse the container behavior for at least 30 seconds, using filters that detect newly spawning and executing processes
store the incident file art /opt/falco-incident.txt, containing the detected incidents. one per line, in the format
[timestamp],[uid],[user-name],[processName]
Answer: Send us your suggestion on it.

CORRECT TEXT
Service is running on port 389 inside the system, find the process-id of the process, and stores the names of all the open-files inside the /candidate/KH77539/files.txt, and also delete the binary.
Answer: Send us your feedback on it.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store