How to Pass the KCSA Exam
KCSA-specific tips and the most common pitfalls.
KCSA exam tips
- KCSA questions often present attack scenarios and ask which control mitigates them — practice thinking about "what stops this attack?".
- Distinguish between PodSecurityAdmission (PSA) and the deprecated PodSecurityPolicy (PSP). The exam tests both.
- Know NetworkPolicy semantics precisely: default-deny, ingress vs egress, namespace selectors, and pod selectors.
- Compliance framework questions test recognition, not depth. Know the purpose and scope of CIS Benchmarks, SOC2, and NIST at a headline level.
Common KCSA pitfalls
- Confusing PSA enforcement modes (enforce, audit, warn) — a very testable detail that candidates frequently get wrong.
- Overlooking supply chain security topics (image scanning, signing, SBOMs). These feel "soft" but carry real exam weight.