The Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform exam (EX425) tests your ability to identify and mitigate threats to OpenShift container-based infrastructure. The exam focuses on implementing and managing secure architecture, policies, and procedures for modern containerized applications and software-defined networking.
By passing this exam, you become a Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform, which also counts toward becoming a Red Hat Certified Architect (RHCA).
This exam is based on Red Hat® OpenShift® Container Platform 3.11.
Exam Preparation - Study points for the exam
To help you prepare, these exam objectives highlight the task areas you can expect to see covered in the exam.
Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
You should be able to:
Understand, identify, and work with containerization features
Use trusted registries
- Deploy a preconfigured application and identify crucial features such as namespaces, SELinux labels, and cgroups
- Deploy a preconfigured application with security context constraint capabilities and view the application’s capability set
- Configure security context constraints
Work with trusted container images
- Load images into a registry
- Query images in a registry
Build secure container images
- Identify a trusted container image
- Sign images
- View signed images
- Scan images
- Load signed images into a registry
Control access to OpenShift Container Platform clusters
- Perform simple S2I builds
- Implement S2I build hooks
- Automate builds using Jenkins
- Automate scanning and code validations as part of the build process
Configure single sign-on (SSO)
- Configure users with different permission levels, access, and bindings
- Configure OpenShift Container Platform to use Red Hat Identity Management services (IdM) for authentication
- Query users and groups in IdM
- Log into OpenShift Container Platform using an IdM managed account
Automate policy-based deployments
- Install SSO authentication
- Configure OpenShift Container Platform to use SSO
- Integrate web applications with SSO
- Configure policies to control the use of images and registries
- Use secrets to provide access to external registries
- Automatically pull and use images from a registry
- Use triggers to verify that automated deployments work
Configure network isolation
- Restrict nodes on which containers may run
- Use quotas to limit resource utilization
- Use secrets to automate access to resources
Configure and manage secure container storage
- Create software-defined networks (SDN)
- Associate containers and projects with SDNs
- Configure and secure file-based container storage
- Configure and secure block-based container storage
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.
- Red Hat encourages you to consider taking Red Hat Security: Containers and OpenShift Container Platform (DO425) to help prepare. Attendance in these classes is not required; students can choose to take just the exam.
- While attending Red Hat classes can be an important part of your preparation, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
- Many books and other resources on system administration for Red Hat products are available. Red Hat does not endorse any of these materials as preparation guides for exams. Nevertheless, you may find additional reading helpful to deepen your understanding.
Audience for this exam
- This exam is a performance-based evaluation of skills and knowledge required to configure and manage secure containers using Red Hat OpenShift Container Platform and related technologies. You will perform the configuration and administrative tasks necessary to deploy secure containers and will be evaluated on whether you have met specific objective criteria. Performance-based testing means that you must perform tasks similar to what you perform on your job.
- This exam consists of one section lasting 3 hours.
Prerequisites for this exam
- System administrators or developers who want to demonstrate their ability to properly secure containers
- System administrators or developers who are working in a DevOps environment using Red Hat OpenShift Container Platform
- Red Hat Certified Engineers who wish to become Red Hat Certified Architects
- Become a Red Hat Certified System Administrator, or possess comparable work experience and skills (Red Hat Certified Engineer would be even better)
- Take Introduction to Containers, Kubernetes, and Red Hat OpenShift (DO180), or possess comparable work experience using containers
- Take Red Hat OpenShift Administration I (DO280), or possess comparable work experience using containers
- Pass Red Hat Certified Specialist in OpenShift Administration exam (EX280), or possess comparable work experience using containers