hands-on lab

Assess Kubernetes Cluster Security With Kube-Bench
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

The Kubernetes CIS Benchmark is a set of best practices for securing a Kubernetes cluster that is published by the Center for Internet Security (CIS). The CIS Benchmark is a valuable resource for securing and hardening a cluster and serves as a great starting point for assessing the security of a cluster. It provides secure configuration guidelines developed for Kubernetes and spans over 250 pages of details on how to secure Kubernetes deployments.

This lab focuses on the kube-bench application by Aqua Security. Kube-bench is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to run CIS Kubernetes Benchmark tests with kube-bench and filter/remediate findings in this lab.

Learning objectives

Upon completion of this lab, you will be able to:

  • Use kube-bench to run CIS Kubernetes Benchmark tests on a cluster
  • Use various flags to filter the tests and results of the tests
  • Take steps to remediate a failed test

Intended audience

  • Candidates for the Certified Kubernetes Security Specialist (CKS) exam
  • DevOps Engineers
  • Security Practitioners


Familiarity with the following will be beneficial but is not required:

  • Kubernetes Pods
  • kubectl output formatting

The following content can be used to fulfill the prerequisites:

Environment before
environment before preview
Environment after
environment after preview
About the author
Daniel Wood
Lab Operations Specialist

Daniel is a Lab Operations Specialist with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.

Covered topics
Lab steps
Connecting to the Kubernetes Cluster
Using Kube-Bench to Assess Cluster Security
Correct a Kube-Bench Check