CKS Prep
June 18, 2026 · View on GitHub
Languages
🇨🇳 简体中文 🇪🇸 Español 🇫🇷 Français 🇩🇪 Deutsch 🇯🇵 日本語 🇷🇺 Русский 🇰🇷 한국어 🇧🇷 Português 🇺🇸 English
A guided Certified Kubernetes Security Specialist (CKS) preparation course with 45 Kubernetes security labs arranged from security foundations to cluster setup, hardening, workload security, supply chain, audit, and runtime investigation.
Exercises
| Index | Name | Difficulty | Practice |
|---|---|---|---|
| 01 | 🧩 Map Kubernetes Security Boundaries | Beginner | Start Lab |
| 02 | 🧩 Collect Security Evidence with kubectl | Beginner | Start Lab |
| 03 | 🧩 Review Namespaces and Tenant Isolation | Beginner | Start Lab |
| 04 | 🧩 Inspect RBAC Subjects and Permissions | Beginner | Start Lab |
| 05 | 🧩 Inspect ServiceAccount Token Behavior | Beginner | Start Lab |
| 06 | 🧩 Apply Pod Security Standards | Beginner | Start Lab |
| 07 | 🧩 Restrict Namespace Traffic with NetworkPolicy | Beginner | Start Lab |
| 08 | 🧩 Allow DNS Through Default-Deny Egress | Beginner | Start Lab |
| 09 | 🧩 Publish Ingress with TLS | Beginner | Start Lab |
| 10 | 🧩 Deny Workload Access to Node Metadata | Beginner | Start Lab |
| 11 | 🧩 Verify Kubernetes Binaries | Beginner | Start Lab |
| 12 | 🧩 Review CIS Findings with kube-bench | Beginner | Start Lab |
| 13 | 🧩 Check Admission and Pod Security Readiness | Beginner | Start Lab |
| 14 | 🧩 Minimize a Role's Permissions | Beginner | Start Lab |
| 15 | 🧩 Reduce an Overprivileged ClusterRoleBinding | Beginner | Start Lab |
| 16 | 🧩 Disable Default ServiceAccount Token Mounts | Beginner | Start Lab |
| 17 | 🧩 Scope a Namespace Operator Role | Beginner | Start Lab |
| 18 | 🧩 Block API Server Proxy Escalation | Beginner | Start Lab |
| 19 | 🧩 Contain a Leaked ServiceAccount Token | Beginner | Start Lab |
| 20 | 🧩 Audit Access to Sensitive Resources | Beginner | Start Lab |
| 21 | 🧩 Inspect Host Attack Surface Safely | Beginner | Start Lab |
| 22 | 🧩 Disable a Host Debug Service | Beginner | Start Lab |
| 23 | 🧩 Review kubelet Exposure | Beginner | Start Lab |
| 24 | 🧩 Review AppArmor Profile Enforcement on a Workload | Beginner | Start Lab |
| 25 | 🧩 Install a Local seccomp Profile | Beginner | Start Lab |
| 26 | 🧩 Remove HostPath Access from a Workload | Beginner | Start Lab |
| 27 | 🧩 Harden a Pod Security Context | Beginner | Start Lab |
| 28 | 🧩 Drop Linux Capabilities | Beginner | Start Lab |
| 29 | 🧩 Run Containers as Non-Root | Beginner | Start Lab |
| 30 | 🧩 Protect Secrets with Projected Files | Beginner | Start Lab |
| 31 | 🧩 Rotate and Constrain Application Secrets | Beginner | Start Lab |
| 32 | 🧩 Isolate a Risky Sidecar Boundary | Beginner | Start Lab |
| 33 | 🧩 Enforce Immutable Runtime Containers | Beginner | Start Lab |
| 34 | 🧩 Quarantine a Suspicious Workload | Beginner | Start Lab |
| 35 | 🧩 Build a Minimal Approved Image | Beginner | Start Lab |
| 36 | 🧩 Scan Workload Manifests with kube-linter | Beginner | Start Lab |
| 37 | 🧩 Scan Helm Output with kube-linter | Beginner | Start Lab |
| 38 | 🧩 Verify SBOM and Checksum Evidence | Beginner | Start Lab |
| 39 | 🧩 Enforce Trusted Image Registries | Beginner | Start Lab |
| 40 | 🧩 Remove Build Secrets from an Image | Beginner | Start Lab |
| 41 | 🧩 Review Audit Events for Secret Access | Beginner | Start Lab |
| 42 | 🧩 Investigate Unauthorized API Activity | Beginner | Start Lab |
| 43 | 🧩 Detect Suspicious Runtime Processes | Beginner | Start Lab |
| 44 | 🧩 Detect Runtime File Drift | Beginner | Start Lab |
| 45 | 🧩 Restore Policy from Audit Evidence | Beginner | Start Lab |
About LabEx
LabEx is an interactive, hands-on learning platform dedicated to coding and technology. It combines labs, AI assistance, and virtual machines to provide a no-video, practical learning experience. With a strict 'Learn by Doing' approach, interactive online environments in the browser with automated step-by-step checks, structured content organization through the Skill Tree learning system, and a growing resource of 30 Skill Trees and over 6,000 Labs, LabEx offers comprehensive practical education. The platform includes Labby, an AI learning assistant built on latest AI models, providing a conversational learning experience.
