CKS Prep

June 18, 2026 · View on GitHub

Languages

🇨🇳 简体中文 🇪🇸 Español 🇫🇷 Français 🇩🇪 Deutsch 🇯🇵 日本語 🇷🇺 Русский 🇰🇷 한국어 🇧🇷 Português 🇺🇸 English

CKS Prep

Start-Learning

A guided Certified Kubernetes Security Specialist (CKS) preparation course with 45 Kubernetes security labs arranged from security foundations to cluster setup, hardening, workload security, supply chain, audit, and runtime investigation.

kubernetes cks

Exercises

IndexNameDifficultyPractice
01🧩 Map Kubernetes Security BoundariesBeginnerStart Lab
02🧩 Collect Security Evidence with kubectlBeginnerStart Lab
03🧩 Review Namespaces and Tenant IsolationBeginnerStart Lab
04🧩 Inspect RBAC Subjects and PermissionsBeginnerStart Lab
05🧩 Inspect ServiceAccount Token BehaviorBeginnerStart Lab
06🧩 Apply Pod Security StandardsBeginnerStart Lab
07🧩 Restrict Namespace Traffic with NetworkPolicyBeginnerStart Lab
08🧩 Allow DNS Through Default-Deny EgressBeginnerStart Lab
09🧩 Publish Ingress with TLSBeginnerStart Lab
10🧩 Deny Workload Access to Node MetadataBeginnerStart Lab
11🧩 Verify Kubernetes BinariesBeginnerStart Lab
12🧩 Review CIS Findings with kube-benchBeginnerStart Lab
13🧩 Check Admission and Pod Security ReadinessBeginnerStart Lab
14🧩 Minimize a Role's PermissionsBeginnerStart Lab
15🧩 Reduce an Overprivileged ClusterRoleBindingBeginnerStart Lab
16🧩 Disable Default ServiceAccount Token MountsBeginnerStart Lab
17🧩 Scope a Namespace Operator RoleBeginnerStart Lab
18🧩 Block API Server Proxy EscalationBeginnerStart Lab
19🧩 Contain a Leaked ServiceAccount TokenBeginnerStart Lab
20🧩 Audit Access to Sensitive ResourcesBeginnerStart Lab
21🧩 Inspect Host Attack Surface SafelyBeginnerStart Lab
22🧩 Disable a Host Debug ServiceBeginnerStart Lab
23🧩 Review kubelet ExposureBeginnerStart Lab
24🧩 Review AppArmor Profile Enforcement on a WorkloadBeginnerStart Lab
25🧩 Install a Local seccomp ProfileBeginnerStart Lab
26🧩 Remove HostPath Access from a WorkloadBeginnerStart Lab
27🧩 Harden a Pod Security ContextBeginnerStart Lab
28🧩 Drop Linux CapabilitiesBeginnerStart Lab
29🧩 Run Containers as Non-RootBeginnerStart Lab
30🧩 Protect Secrets with Projected FilesBeginnerStart Lab
31🧩 Rotate and Constrain Application SecretsBeginnerStart Lab
32🧩 Isolate a Risky Sidecar BoundaryBeginnerStart Lab
33🧩 Enforce Immutable Runtime ContainersBeginnerStart Lab
34🧩 Quarantine a Suspicious WorkloadBeginnerStart Lab
35🧩 Build a Minimal Approved ImageBeginnerStart Lab
36🧩 Scan Workload Manifests with kube-linterBeginnerStart Lab
37🧩 Scan Helm Output with kube-linterBeginnerStart Lab
38🧩 Verify SBOM and Checksum EvidenceBeginnerStart Lab
39🧩 Enforce Trusted Image RegistriesBeginnerStart Lab
40🧩 Remove Build Secrets from an ImageBeginnerStart Lab
41🧩 Review Audit Events for Secret AccessBeginnerStart Lab
42🧩 Investigate Unauthorized API ActivityBeginnerStart Lab
43🧩 Detect Suspicious Runtime ProcessesBeginnerStart Lab
44🧩 Detect Runtime File DriftBeginnerStart Lab
45🧩 Restore Policy from Audit EvidenceBeginnerStart Lab

About LabEx

LabEx is an interactive, hands-on learning platform dedicated to coding and technology. It combines labs, AI assistance, and virtual machines to provide a no-video, practical learning experience. With a strict 'Learn by Doing' approach, interactive online environments in the browser with automated step-by-step checks, structured content organization through the Skill Tree learning system, and a growing resource of 30 Skill Trees and over 6,000 Labs, LabEx offers comprehensive practical education. The platform includes Labby, an AI learning assistant built on latest AI models, providing a conversational learning experience.

More