The Red Hat Certified Specialist in Security: Containers and OpenShift Exam (EX425) tests your ability to identify and mitigate threats to OpenShift container-based infrastructure. The exam focuses on implementing and managing secure architecture, policies, and procedures for modern containerized applications and software-defined networking.
By passing this exam, you become a Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform, which also counts toward becoming a Red Hat Certified Architect (RHCA).
This exam is based on Red Hat® OpenShift® Container Platform 3.11.
Who should attend
- System administrators or developers who want to demonstrate their ability to properly secure containers
- System administrators or developers who are working in a DevOps environment using Red Hat OpenShift Container Platform
- Red Hat Certified Engineers who wish to become Red Hat Certified Architects
Red Hat encourages you to consider taking Red Hat Security: Securing Containers and OpenShift (DO425) to help prepare. Attendance in these classes is not required; students can choose to take just the exam.
While attending Red Hat classes can be an important part of your preparation, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
Many books and other resources on system administration for Red Hat products are available. Red Hat does not endorse any of these materials as preparation guides for exams. Nevertheless, you may find additional reading deepens understanding and can prove helpful.
Prerequisites for this exam
- Become a Red Hat Certified System Administrator, or possess comparable work experience and skills (Red Hat Certified Engineer would be even better)
- Take Red Hat OpenShift I: Containers & Kubernetes (DO180), or possess comparable work experience using containers
- Review the exam objectives
Study points for the exam
To help you prepare, these exam objectives highlight the task areas you can expect to see covered in the exam.
Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
Understand, identify, and work with containerization features
- Deploy a preconfigured application and identify crucial features such as namespaces, SELinux labels, and cgroups
- Deploy a preconfigured application with security context constraint capabilities and view the application’s capability set
- Configure security context constraints
Use trusted registries
- Load images into a registry
- Query images in a registry
Work with trusted container images
- Identify a trusted container image
- Sign images
- View signed images
- Scan images
- Load signed images into a registry
Build secure container images
- Perform simple S2I builds
- Implement S2I build hooks
- Automate builds using Jenkins
- Automate scanning and code validations as part of the build process
Control access to OpenShift Container Platform clusters
- Configure users with different permission levels, access, and bindings
- Configure OpenShift Container Platform to use Red Hat Identity Management services (IdM) for authentication
- Query users and groups in IdM
- Log into OpenShift Container Platform using an IdM managed account
Configure single sign-on (SSO)
- Install SSO authentication
- Configure OpenShift Container Platform to use SSO
- Integrate web applications with SSO
Automate policy-based deployments
- Configure policies to control the use of images and registries
- Use secrets to provide access to external registries
- Automatically pull and use images from a registry
- Use triggers to verify that automated deployments work
- Restrict nodes on which containers may run
- Use quotas to limit resource utilization
- Use secrets to automate access to resources
Configure network isolation
- Create software-defined networks (SDN)
- Associate containers and projects with SDNs
Configure and manage secure container storage
- Configure and secure file-based container storage
- Configure and secure block-based container storage
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.
This exam is a performance-based evaluation of skills and knowledge required to configure and manage secure containers using Red Hat OpenShift Container Platform and related technologies. You will perform the configuration and administrative tasks necessary to deploy secure containers and will be evaluated on whether you have met specific objective criteria. Performance-based testing means that you must perform tasks similar to what you perform on your job.
This exam consists of one section lasting 3 hours.
Scores and reporting
Official scores for exams come exclusively from Red Hat Certification Central. Red Hat does not authorize examiners or training partners to report results to candidates directly. Scores on the exam are usually reported within 3 U.S. business days.
Exam results are reported as total scores. Red Hat does not report performance on individual items, nor will it provide additional information upon request.