-
Notifications
You must be signed in to change notification settings - Fork 4
Home
We have meticulously chosen the most relevant references aligned with the certification domains and competencies outlined on the official CNCF certification page. Following these references will streamline your research efforts and help you locate the content necessary for studying specific domain subjects. We hope you find this guide enjoyable and that it proves valuable on your KCSA journey!"
Domains & Competencies
-
Overview of Cloud Native Security - 14%
The 4Cs of Cloud Native Security
Cloud Provider and Infrastructure Security
Controls and Frameworks
Isolation Techniques
Artifact Repository and Image Security
Workload and Application Code Security
Additional References:
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
https://docs.docker.com/develop/security-best-practices/
-
Kubernetes Cluster Component Security - 22%
API Server
Controller Manager
Scheduler
Kubelet
Container Runtime
KubeProxy
Pod
Etcd
Container Networking
Client Security
Storage
Additional References:
https://kubernetes.io/docs/reference/command-line-tools-reference/
https://kubernetes.io/docs/reference/scheduling/
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
-
Kubernetes Security Fundamentals - 22%
Pod Security Standards
Pod Security Admissions
Authentication
Authorization
Secrets
Isolation and Segmentation
Audit Logging
Network Policy
Additional References:
https://kubernetes.io/docs/concepts/security/
-
Kubernetes Threat Model - 16% (References below)
Kubernetes Trust Boundaries and Data Flow
Persistence
Denial of Service
Malicious Code Execution and Compromised Applications in Containers
Attacker on the Network
Access to Sensitive Data
Privilege Escalation
Additional References:
kubernetes/community
Threat Modelling: Securing Kubernetes Infrastructure & Deployments - Rowan Baker
https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/
https://www.docker.com/ja-jp/static/five-container-development-security-risks-and-how-to-prevent-them.pdf
https://kubernetes.io/docs/concepts/security/rbac-good-practices/
https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/
-
Platform Security - 16%
Supply Chain Security
Image Repository
Observability
Service Mesh
PKI
Connectivity
Admission Control
Additional References:
(https://kubernetes.io/docs/concepts/security/security-checklist/#images)
-
Compliance and Security Frameworks - 10%
Compliance Frameworks
Threat Modelling Frameworks
Supply Chain Compliance
Automation and Tooling
Additional References:
CIS K8S
Kubernetes Compliance Considerations