Fatskills
Practice. Master. Repeat.
Study Guide: Kubernetes CKS (Addenda: Extras) Exam Survival Guide
Source: https://www.fatskills.com/kubernetes/chapter/kubernetes-cks-addenda-extras-exam-survival-guide

Kubernetes CKS (Addenda: Extras) Exam Survival Guide

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~1 min read

Window: Global | Security deep dive

Must-do topics

  • Image security: signing (cosign), scanning, registry policies
  • Runtime monitoring: Falco, auditd, Sysdig rules, OPA Gatekeeper
  • Secrets mgmt: KMS, sealed-secrets, external vault integration
  • Advanced netpols: egress restrictions, namespace scoping, default deny all
  • Incident response: forensic basics (cordon, isolate, copy logs, dump mem)

Top traps (avoid)

  • Treating sealed-secrets as encrypted; they’re controller-managed
  • Forgetting egress rules → pods talk out freely
  • Audit policy mis-scoped → logs flood or miss critical events
  • Not cleaning up compromised pod artifacts

Quick facts

  • PodSecurity Admission replaces PodSecurityPolicies
  • OPA Gatekeeper enforces custom constraints with CRDs
  • Sealed-secrets allow storing encrypted secrets in Git safely

Speed tactics

  • Always apply least privilege in RBAC + seccomp
  • For Qs, map to hardening layer: build → deploy → runtime


ADVERTISEMENT