The Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform exam (EX425) tests your ability to identify and mitigate threats to OpenShift container-based infrastructure. The exam focuses on implementing and managing secure architecture, policies, and procedures for modern containerized applications and software-defined networking.
This exam is based on Red Hat® OpenShift® Container Platform 3.11.
By passing this exam, you become a Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform, which also counts toward becoming a Red Hat Certified Architect (RHCA).
- System administrators or developers who want to demonstrate their ability to properly secure containers
- System administrators or developers who are working in a DevOps environment using Red Hat OpenShift Container Platform
- Red Hat Certified Engineers who wish to become Red Hat Certified Architects
Duration: 3.00 hours
Red Hat encourages you to consider taking Red Hat Security: Containers and OpenShift Container Platform (DO425) to help prepare. Attendance in these classes is not required; students can choose to take just the exam.
While attending Red Hat classes can be an important part of your preparation, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
Many books and other resources on system administration for Red Hat products are available. Red Hat does not endorse any of these materials as preparation guides for exams. Nevertheless, you may find additional reading deepens understanding and can prove helpful.
Study points for the exam
To help you prepare, these exam objectives highlight the task areas you can expect to see covered in the exam.
Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
- Understand, identify, and work with containerization features
- Deploy a preconfigured application and identify crucial features such as namespaces, SELinux labels, and cgroups
- Deploy a preconfigured application with security context constraint capabilities and view the application’s capability set
- Configure security context constraints
- Use trusted registries
- Load images into a registry
- Query images in a registry
- Work with trusted container images
- Identify a trusted container image
- Sign images
- View signed images
- Scan images
- Load signed images into a registry
- Build secure container images
- Perform simple S2I builds
- Implement S2I build hooks
- Automate builds using Jenkins
- Automate scanning and code validations as part of the build process
- Control access to OpenShift Container Platform clusters
- Configure users with different permission levels, access, and bindings
- Configure OpenShift Container Platform to use Red Hat Identity Management services (IdM) for authentication
- Query users and groups in IdM
- Log into OpenShift Container Platform using an IdM managed account
- Configure single sign-on (SSO)
- Install SSO authentication
- Configure OpenShift Container Platform to use SSO
- Integrate web applications with SSO
- Automate policy-based deployments
- Configure policies to control the use of images and registries
- Use secrets to provide access to external registries
- Automatically pull and use images from a registry
- Use triggers to verify that automated deployments work
- Manage orchestration
- Restrict nodes on which containers may run
- Use quotas to limit resource utilization
- Use secrets to automate access to resources
- Configure network isolation
- Create software-defined networks (SDN)
- Associate containers and projects with SDNs
- Configure and manage secure container storage
- Configure and secure file-based container storage
- Configure and secure block-based container storage
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.