Passing the Certified Kubernetes Security Specialist (CKS) exam is tough. You have up to two hours to solve 15 to 20 real-life scenarios, each with its own cluster. Even more intimidating: you have a proctor overseeing you and your screen.
In this article, we’ll share the journey to prepare, take, and pass the exam.
Certified Kubernetes Administrator (CKA) certification is required to take the CKS exam. If you don’t have it or it has expired (it lasts three years), you can view our article with tips for the CKA exam.
There are a lot of courses to choose from. Based on experience, here is what we have learned.
You might be tempted to start with the Linux Foundation course Kubernetes Security Essentials. While the course is interesting, we don’t recommend it as preparation for the CKS exam as it is too generic and does not provide tools or exercises to prepare for the exam.
Kim Wüstkamp’s Kubernetes CKS 2022 Complete Course - Theory - Practice at Udemy is an outstanding choice. This course is from 2021, and thus it uses Kubernetes 1.22. The CKS exam now uses Kubernetes 1.23 but there are not any considerable differences to take into account. The course is outstanding. Kim explains concepts really well and each chapter has a hands-on section that you can carry out with your own cluster.
Kim is the creator of Killercoda, a set of scenarios to practice CKS topics. You will get a chance to experience an environment with a built-in terminal in the browser where you can solve a set of challenges. We recommend solving all scenarios.
Udemy has another CKS course from 2022: Certified Kubernetes Security Specialist 2022. This course uses Kubernetes 1.23. This course had too much theory and not much practice, and if you have completed Kim’s course, it will not add anything significant.
Once you purchase the CKS exam, you have two simulator sessions available. The simulator experience is similar to what you will face on the day of the exam. Here are the main differences:
- You have two takes.
- The simulator is harder than the actual exam. It’s meant to put you under a lot of pressure for you to try to complete it under two hours.
- The exam environment will be up for 36 hours, even if you close the browser. This is very useful as you can use that extra time to study and test the questions that you failed.
- Once you have figured out how to solve all questions, try the second take, with the goal of completing it under two hours. If you made any mistakes, check the answers and study further until you understand what went wrong.
Prior to the exam, clear as much from your desk as possible and make sure that the room is tidy. When you take the exam, the proctor will ask you to use your webcam to show your desk (above and under) and the whole room. Therefore, the less clutter that you have in the space and desk, the easier that it will be for the proctor to consider that your space is safe to take the exam.
You can use an external monitor for the exam. The proctor will ask you to share both screens and use only one of them for the exam.
On the day of the exam, join 15 minutes earlier so you have plenty of time to go through the security process with the proctor. It may take a bit longer than 15 minutes but this should not matter since the counter will start once you actually request the proctor to start the exam. Notice though that the exam cannot start 15 minutes later than the scheduled time.
During the exam, speed is key. You just need to get a 67 out of 100 to pass. Therefore:
- Start by solving all questions that you think you can solve quickly.
- If you find a task that seems tricky, flag it (there is a button to flag tasks) or make a note in the built-in notepad.
- Keep track of each question, its score, and whether you passed it or not. This will help you to decide which question to tackle next once you have done the first pass.
- At the beginning of each question, there is a command to switch to the cluster to use. Make sure that you are at the root environment before using such a command and not inside a cluster; otherwise, you won’t be able to switch context and therefore you will be using the wrong cluster.
There are several resources out there to get confident enough for the exam. Please share your thoughts if you get to read this article and take the exam.