Skip to content
riquetta edited this page Jan 17, 2024 · 2 revisions

Important note

We have meticulously chosen the most relevant references aligned with the certification domains and competencies outlined on the official CNCF certification page. Following these references will streamline your research efforts and help you locate the content necessary for studying specific domain subjects. We hope you find this guide enjoyable and that it proves valuable on your KCSA journey!"

Study Guide References

Domains & Competencies

  • Overview of Cloud Native Security - 14%

The 4Cs of Cloud Native Security
Cloud Provider and Infrastructure Security
Controls and Frameworks
Isolation Techniques
Artifact Repository and Image Security
Workload and Application Code Security

Additional References:
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
https://docs.docker.com/develop/security-best-practices/

  • Kubernetes Cluster Component Security - 22%

API Server
Controller Manager
Scheduler
Kubelet
Container Runtime
KubeProxy
Pod
Etcd
Container Networking
Client Security
Storage

Additional References:
https://kubernetes.io/docs/reference/command-line-tools-reference/
https://kubernetes.io/docs/reference/scheduling/
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/

  • Kubernetes Security Fundamentals - 22%

Pod Security Standards
Pod Security Admissions
Authentication
Authorization
Secrets
Isolation and Segmentation
Audit Logging
Network Policy

Additional References:
https://kubernetes.io/docs/concepts/security/

  • Kubernetes Threat Model - 16% (References below)

Kubernetes Trust Boundaries and Data Flow
Persistence
Denial of Service
Malicious Code Execution and Compromised Applications in Containers
Attacker on the Network
Access to Sensitive Data
Privilege Escalation

Additional References:
kubernetes/community
Threat Modelling: Securing Kubernetes Infrastructure & Deployments - Rowan Baker
https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/
https://www.docker.com/ja-jp/static/five-container-development-security-risks-and-how-to-prevent-them.pdf
https://kubernetes.io/docs/concepts/security/rbac-good-practices/
https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

  • Platform Security - 16%

Supply Chain Security
Image Repository
Observability
Service Mesh
PKI
Connectivity
Admission Control

Additional References:
(https://kubernetes.io/docs/concepts/security/security-checklist/#images)

  • Compliance and Security Frameworks - 10%

Compliance Frameworks
Threat Modelling Frameworks
Supply Chain Compliance
Automation and Tooling

Additional References:
CIS K8S
Kubernetes Compliance Considerations

Clone this wiki locally