𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗮𝗻𝗱 𝗖𝗹𝗼𝘂𝗱 𝗡𝗮𝘁𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝘀𝘀𝗼𝗰𝗶𝗮𝘁𝗲 (𝗞𝗖𝗦𝗔)

Purpose: A Certified Kubernetes and Cloud Native Security Associate is an associate-level certification designed for candidates interested in advancing to the professional level through a demonstrated understanding of foundational knowledge and skills of security technologies in the cloud native ecosystem.

Certification can be found at the LF Training Portal.

Facts about KCSA

• Cost - 250.00 USD ( Discounts are available through Linux Foundation programs such as LIFT Scholarship + KubeCon Attendee Vouchers, and Black Friday Sales.)
• Certification Valid for 3 Years
• Includes 12 Month Exam Eligibility
• One Retake if you didn't PASS
• Multiple Choice Exam ( 60 Questions )
• Duration of Exam 90 minutes
• Passing Marks - 75 / Total Marks - 100 or 45/60 Questions should be correct
• During the exam, you can access Notepad/Calculator in the PSI Secure browser, but it is not required for this exam.
• Exams are scored automatically and barring any exceptions or technical difficulties, a score report will be emailed to you, within 24 hours of completing the exam. ( Note: I got mine in 2 mins after exam completion )

Weightage of Different Topics

pie
    title Cloud Native Security Question Distribution
    "Overview of Cloud Native Security" : 14
    "Kubernetes Cluster Component Security" : 22
    "Kubernetes Security Fundamentals" : 22
    "Kubernetes Threat Model" : 16
    "Platform Security" : 16
    "Compliance and Security Frameworks" : 10

Loading

Resources in Details

Following a section-wise approach for the exam helps. You can start from the top and go to the bottom to cover the syllabus:

Based on the search results, here are the links I found to complete your cloud native security sections:

🐳 Cloud Native Security

→ Container image scanning (eg: trivy )

→ Multi-stage Docker builds

→ Container registries

→ gVisor/Firecracker ( Mostly a CKS topic, but important)

→ Image signing ( cosign )

→ Image Digest vs Image tags

→ Container breakout prevention

→ CWPP (Cloud Workload Protection Platform)[9]

→ Multi-tenancy models(Soft vs Hard)

→ Docker socket security

→ 4 Cs of CN Security ( Cloud, Cluster, Container, Code )

📊 Compliance and Security Frameworks

→ NIST Cybersecurity Framework

→ NIST SP 800-53 Rev.5

→ FedRAMP

→ HIPAA

→ CIS Controls

→ CIS Kubernetes Benchmark (with kube-bench)

→ Microsoft SDL

→ NSA/CISA guidance

→ MITRE ATT&CK

→ OPA Gatekeeper

→ Kyverno

⚙️ Kubernetes Cluster Component Security

→ kube-apiserver configuration( diff flags for diff controllers)

→ etcd encryption

→ kubelet security

→ kube-scheduler

→ kube-proxy

→ Static pods

→ Cluster health checks

→ Services (ClusterIP/NodePort/LoadBalancer)

→ Ingress

→ PersistentVolumes

→ StatefulSets

→ DaemonSets

→ HPA (Horizontal Pod Autoscaler)

→ kubeadm auth vs authorize controls

🔐 Kubernetes Security Fundamentals

→ RBAC (Roles/RoleBindings + ClusterRole/ClusterRoleBindings)

→ Security contexts[

→ Pod Security Standards/PSA

→ Pod Security Policies (Deprecated + comparison with PSA)

→ NetworkPolicies

→ Secrets vs ConfigMaps

→ ServiceAccounts

→ Namespaces

→ Admission controllers

→ Audit policies

→ Image pull policies

→ Certificate management

🎯 Kubernetes Threat Model

→ STRIDE framework

→ Threat modeling process + Threat modeling b/w k8s components like API-Server and CNI

→ Privilege escalation

→ Information disclosure

→ Tampering/spoofing

→ Denial of service

→ Elevation of privileges

→ Trust boundaries

→ Attack persistence

🖥️ Platform Security

→ Linux tools (strace, netstat)

→ Certificate management (OpenSSL)

→ TLS/SSH

→ kubectl commands

→ Service Mesh ( mTLS )

→ AppArmor

→ PKI (Public Key Infrastructure)

→ File integrity

→ Package management

→ Network diagnostics

→ Monitoring tools (Grafana)

Resources

• KodeKloud KCSA

Study Tips

• Play with the tools like ArgoCD a bit to understand them clearly
• Focus on implementing and running a simple GitOps Application for Clarity
• Learn a bit of Architecture of the Tools as it helps you remember theory for longer

Exam Tips ( PSI )

• Keep your desk tidy and run the System Check before the exams.
• Carry an ID that has not expired.
• The exam can be started 30 minutes prior to your scheduled time, which is an excellent opportunity to complete the security checks and begin the exam early. It helps me to calm down and not rush during the exam :)
• Delete the PSI Browser from your system to save time for your next exam.
• Mark the questions To Review if you need more clarification and want to get back later. You have a dashboard with all the questions collectively listed, which helps you to get back to easily

Certificate and a Credly Badge

Once you PASS it, you get the certificate mailed to you ⬇️

With that, you can move on to the next certification from the catalogue and don't forget to Star ⭐ this repo. Feel free to contribute any resource, that was helpful to you!