#Certification

167 posts

Red Hat Certified Engineer (RHCE) #18: Exam Tips and Time Management
12 min read

Red Hat Certified Engineer (RHCE) #18: Exam Tips and Time Management

A condensed cheat sheet to read once more right before walking into the RHCE (EX294) hands-on exam. We cover the operating strategy for auto-configuring systems with playbooks over four hours and the habit of piling up tasks, running `--syntax-check` and `--check` often, solving unknown modules with ansible-doc and the system roles example docs in an offline environment, verifying idempotency with two runs, the recurring patterns that bleed points and the easily confused concept pairs, and a per-domain checklist for the moment before you sit. The next post, #19, is a full-scale mock exam.

Red Hat Certified System Administrator (RHCSA) #15: Exam tips, time management, and patterns people get wrong
11 min read

Red Hat Certified System Administrator (RHCSA) #15: Exam tips, time management, and patterns people get wrong

A compressed read for the moment right before you walk into the RHCSA hands-on exam. We cover the time management that runs your 2.5 hours from the easy tasks outward in dependency order, how to solve unfamiliar tasks with man pages when there is no internet, the habit of verifying tasks with a reboot, the recurring patterns that bleed points across the whole series (fstab typos, missing service enable, missing firewall reload, missing persistent SELinux settings) and how to avoid them, easily confused concept pairs, and a domain-by-domain checklist to run right before you sit. The next post, #16, is a full-scale mock exam.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #10 Domain 4-1 Networking — VPC Operations and Connectivity Troubleshooting
5 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #10 Domain 4-1 Networking — VPC Operations and Connectivity Troubleshooting

The tenth post of the SOA-C03 series covers VPC operations, the first topic in the networking domain (18%). It covers route tables and gateways, the difference between security groups and NACLs, NAT and VPC endpoints, peering and Transit Gateway, and where to check and in what order when connectivity fails.

Certified Kubernetes Administrator (CKA) #25 Troubleshooting 4: Networking, DNS, RBAC, Certificate Expiry
12 min read

Certified Kubernetes Administrator (CKA) #25 Troubleshooting 4: Networking, DNS, RBAC, Certificate Expiry

The 25th post in the Certified Kubernetes Administrator (CKA) series. We lay out the diagnostic order to walk when service communication fails — from Endpoints all the way to NetworkPolicy — how to narrow down name-resolution failures with CoreDNS and nslookup, how to read RBAC Forbidden errors with auth can-i, and how to find and fix expired certificates with kubeadm certs check-expiration.

Certified Kubernetes Application Developer (CKAD) #20: Exam Tips, Time Management, and the Patterns People Miss
10 min read

Certified Kubernetes Application Developer (CKAD) #20: Exam Tips, Time Management, and the Patterns People Miss

A compressed read-through to take with you right before the CKAD hands-on exam. We cover the time management for running roughly 15–20 tasks in 2 hours, a refresher on the kubectl speed setup, using imperative generators and the official docs, eight recurring patterns that leak points on the practical and how to avoid them, confusing concept pairs, and a per-domain pre-exam checklist. The next post, #21, is a full-scale hands-on mock exam.

Certified Kubernetes Security Specialist (CKS) #18: Container immutability, forensics
10 min read

Certified Kubernetes Security Specialist (CKS) #18: Container immutability, forensics

The eighteenth post in the Certified Kubernetes Security Specialist (CKS) series. We cover the final pieces of runtime security — container immutability and incident response. We work through YAML examples for the pattern of hardening the filesystem to read-only with readOnlyRootFilesystem and opening only the paths that need writes via emptyDir, the immutable operating model that forbids in-place changes and only swaps via redeploy, and the forensics procedure of isolating a compromised Pod with a NetworkPolicy and a node cordon, preserving evidence, and then investigating with kubectl debug.

Kubernetes and Cloud Native Associate (KCNA) #9: Full-Length Practice Exam — 50 Questions with Explanations
19 min read

Kubernetes and Cloud Native Associate (KCNA) #9: Full-Length Practice Exam — 50 Questions with Explanations

The final post of the KCNA series. Fifty questions sized to match the real exam domain weights (Kubernetes Fundamentals 46%, Container Orchestration 22%, Cloud Native Architecture 16%, Observability 8%, Application Delivery 8%), each followed by its answer and an explanation. Score 38 out of 50 (75%) or better and you are in passing territory — go book the exam.

Red Hat Certified Engineer (RHCE) #17 RHCSA Automation 4: firewall, SELinux, SSH keys
9 min read

Red Hat Certified Engineer (RHCE) #17 RHCSA Automation 4: firewall, SELinux, SSH keys

Part 17 of the Red Hat Certified Engineer (RHCE) series. This is the final post on automating RHCSA security tasks with Ansible — permanently allowing ports and services with ansible.posix.firewalld, handling SELinux with ansible.posix.seboolean and community.general.sefcontext, and deploying SSH public keys with authorized_key. We also cover the firewall and selinux system role alternatives, along with the persistent-apply options that show up again and again on the exam.

Red Hat Certified System Administrator (RHCSA) #14 Managing containers: Podman, systemd integration (quadlet)
9 min read

Red Hat Certified System Administrator (RHCSA) #14 Managing containers: Podman, systemd integration (quadlet)

The fourteenth post in the Red Hat Certified System Administrator (RHCSA) series. We search for and pull images with Podman, run containers, map ports, volumes, and environment variables, and run rootless containers as a regular user. Then we register a container as a systemd service with quadlet and use loginctl enable-linger to start it automatically at boot — a staple RHCSA task.

AWS Certified CloudOps Engineer - Associate (SOA-C03) #9 Domain 3-3 Deployment — Container Operations (ECS, EKS, ECR)
4 min read

AWS Certified CloudOps Engineer - Associate (SOA-C03) #9 Domain 3-3 Deployment — Container Operations (ECS, EKS, ECR)

The ninth post of the SOA-C03 series covers container operations, newly added in SOA-C03. It covers the difference between ECS and EKS, choosing between the Fargate and EC2 launch types, how to store and scan images with ECR, container logging and monitoring, and deployment and scaling operations.

AWS Certified Developer - Associate (DVA-C02) #15 Full-Scale Multiple-Choice Mock Exam — 50 Questions + Explanations
18 min read

AWS Certified Developer - Associate (DVA-C02) #15 Full-Scale Multiple-Choice Mock Exam — 50 Questions + Explanations

The final post of the DVA-C02 series. Matched to the real exam's domain weights (development 32% , security 26% , deployment 24% , troubleshooting and optimization 18%), you solve 50 questions and find your weak domains through each question's answer and explanation. Solve them on the clock, then go back to the relevant domain post to shore up any gaps.

Certified Kubernetes Administrator (CKA) #24 Troubleshooting 3: Control Plane (apiserver/etcd/scheduler Down), etcd Recovery
11 min read

Certified Kubernetes Administrator (CKA) #24 Troubleshooting 3: Control Plane (apiserver/etcd/scheduler Down), etcd Recovery

The twenty-fourth post in the Certified Kubernetes Administrator (CKA) series. Taking the fact that control plane components run as static Pods as the starting point of diagnosis, we organize how to narrow down causes by symptom — from an apiserver down that leaves kubectl unresponsive, to an etcd down, to a scheduler/controller-manager down. We get hands-on with inspecting containers directly via crictl and journalctl, and with fixing manifests so kubelet restarts them.