Certified Kubernetes Security Specialist (CKS) Exam Exam tip: Know how to create Service Accounts, Roles, and Cluster Roles and associate them together using Role Binding and Cluster Role Binding. Exam tip: Know  automountServiceAccountToken can be used to prevent the service account from being auto-mounted. Update Kubernetes frequently Kubernetes supports N to N-2 versions and it is recommended to upgrade the components Exam tip: Know how to upgrade a Kubernetes cluster (although it did not appear on my exam) System Hardening – 15% Practice CKS Exercises – System Harding Minimize host OS footprint (reduce attack surface) Control access using SSH, disable root and password-based logins Remove unwanted packages and ports Minimize IAM roles IAM roles are usually with Cloud providers and relate to the least privilege access principle. Minimize external access to the network External access Linux Foundation CKS Exam Dumps can be controlled using Network Policies through egress policies. Appropriately use kernel hardening tools such as AppArmor, seccomp Runtime classes provided by gvisor and kata containers can help provide further isolation of the containers Secure Computing – Seccomp tool helps control syscalls made by containers AppArmor can be configured for any application to reduce its potential host attack surface and provide a greater in-depth defense. PodSecurityPolicies – PSP enables fine-grained authorization of pod creation and updates. Apply host updates Install minimal required OS fingerprint Identify and address open ports Remove unnecessary packages Protect access to data with permissions Restrict allowed hostpaths Exam tip: Know how to load AppArmor profiles, and enable them for the pods.

Click Here More Info ……. >>>>>>>>>  https://dumpsboss.com/linux-foundation-exam/cks/