Mock Exams
Overview
These mock exams are designed to simulate the real CKS exam experience as closely as possible. Each exam contains 17 questions distributed across all six CKS domains, weighted proportionally to the actual exam. The questions are performance-based, requiring you to execute commands, write YAML manifests, and configure security controls on live clusters.
Exam Format Reminder
| Detail | Value |
|---|---|
| Duration | 2 hours (120 minutes) |
| Format | Performance-based (hands-on CLI tasks) |
| Passing Score | 67% |
| Questions | 15-20 questions |
| Clusters | Multiple clusters (you switch between them) |
| Resources | kubernetes.io docs, tool docs allowed |
How to Use These Mock Exams
Simulation Approach
For the most realistic experience, follow these steps:
- Set a timer for 2 hours -- do not go over
- Use a real Kubernetes cluster (kind, kubeadm, or killer.sh sandbox)
- Only reference kubernetes.io -- no other docs, no notes, no AI
- Do not look at solutions until the timer expires
- Score yourself honestly after completing the exam
- Review every question -- even the ones you got right
Time Budget Per Question
With 17 questions in 120 minutes, you have roughly 7 minutes per question. However, questions are weighted differently:
| Question Weight | Time Budget | Strategy |
|---|---|---|
| 4-7% (low weight) | 4-6 minutes | Quick wins -- do these first |
| 8-10% (medium weight) | 7-10 minutes | Solid effort -- core questions |
| 11-13% (high weight) | 10-14 minutes | Complex scenarios -- allocate extra time |
Golden rule: If you are stuck for more than 3 minutes on any single step, flag it and move on. Return to flagged questions after completing all others.
Recommended Study Strategy
Domain Distribution in Mock Exams
Each mock exam distributes questions proportionally to the official CKS exam weights:
| Domain | Exam Weight | Questions per Mock | Approximate Points |
|---|---|---|---|
| Cluster Setup | 15% | 2-3 | 15 |
| Cluster Hardening | 15% | 2-3 | 15 |
| System Hardening | 15% | 2-3 | 15 |
| Minimize Microservice Vulnerabilities | 20% | 3-4 | 20 |
| Supply Chain Security | 20% | 3-4 | 20 |
| Monitoring, Logging & Runtime Security | 15% | 2-3 | 15 |
| Total | 100% | 17 | 100 |
Scoring Guide
After completing a mock exam, score yourself using these criteria:
Scoring Rubric
- Full marks: Task completed correctly with all verification steps passing
- Partial marks (50-75%): Core task completed but minor details missed (e.g., correct policy but wrong namespace, correct RBAC but missing one verb)
- Minimal marks (25%): Correct approach but incomplete execution (e.g., started YAML but did not apply, or applied with errors)
- Zero marks: Not attempted, completely wrong approach, or broke the cluster
Be honest with yourself. In the real exam, partial credit is awarded by automated scoring. If your YAML has a syntax error, it will not apply, and you get zero for that task.
Common Scoring Mistakes
- Do not give yourself credit for "knowing the answer" -- you must execute it
- Verify your work with
kubectl get,kubectl describe, orkubectl auth can-i - Check that pods are running after applying security contexts
- Ensure NetworkPolicies actually block traffic by testing
Available Mock Exams
| Exam | Focus | Difficulty |
|---|---|---|
| Mock Exam 1 - Questions | Comprehensive coverage of all domains | Hard |
| Mock Exam 1 - Solutions | Step-by-step solutions with verification | -- |
| Mock Exam 2 - Questions | Edge cases and commonly failed areas | Hard |
| Mock Exam 2 - Solutions | Step-by-step solutions with verification | -- |
Do Not Read Solutions Before Attempting
The value of these mock exams comes from struggling with the questions under time pressure. Reading solutions first will give you a false sense of readiness. Attempt the full exam first, then review.