Examens: Kubernetes and Cloud Native Security Associate (KCSA)

The Kubernetes and Cloud Native Security Associate (KCSA) exam certifies knowledge of security best practices for cloud native environments, specifically  Kubernetes security,  and  validates that individuals can implement security controls and maintain security posture in cloud native environments using Kubernetes. 

A Certified Kubernetes and Cloud Native Security Associate is an associate-level certification designed for candidates interested in advancing to the professional level through a demonstrated understanding of foundational knowledge and skills of security technologies in the cloud native ecosystem.

Exam Info:

• Duration - 90 Mins
• 12 Months to schedule and take the exam
• Two Exam Attempts.
• Exam Preparation Handbook 

The certification will help demonstrate skills in:

• Developing security policies and procedures and helping ensure compliance with industry standards and regulations.
• Identifying and assessing security risks and vulnerabilities and helping implement controls to mitigate those risks.
• Assisting in incident response and forensic investigations, as well as testing and monitoring security systems. 
• Educating and training employees on security best practices

Domains and Competencies

Overview of Cloud Native Security - 14%

• The 4Cs of Cloud Native Security
• Cloud Provider and Infrastructure Security
• Controls and Frameworks
• Isolation Techniques
• Artifact Repository and Image Security
• Workload and Application Code Security

Kubernetes Cluster Component Security

• API Server
• Controller Manager
• Scheduler
• Kubelet
• Container Runtime
• KubeProxy
• Pod
• Etcd
• Container Networking
• Client Security
• Storage

Kubernetes Security Fundamentals

• Pod Security Standards
• Pod Security Admissions
• Authentication
• Authorization
• Secrets
• Isolation and Segmentation
• Audit Logging
• Network Policy

Kubernetes Threat Model

• Kubernetes Trust Boundaries and Data Flow
• Persistence
• Denial of Service
• Malicious Code Execution and Compromised Applications in Containers
• Attacker on the Network
• Access to Sensitive Data
• Privilege Escalation

Platform Security

• Supply Chain Security
• Image Repository
• Observability
• Service Mesh
• PKI
• Connectivity
• Admission Control

Compliance and Security Frameworks

• Compliance Frameworks
• Threat Modelling Frameworks
• Supply Chain Compliance
• Automation and Tooling

There are no formal prerequisites for the Kubernetes and Cloud Native Security Associate (KCSA) certification, but you need:

• Basic Kubernetes & cloud knowledge (like CKA/CKAD level understanding)
• IT security fundamentals for success, targeting DevOps/Cloud Admins to learn security best practices for hardening clusters, securing supply chains, and compliance.