U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 17 Discussion

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret valuefor e.g:-
A) ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert='ca.crt' --cert='server.crt' --key='server.key' Output Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

Linux Foundation CKS Exam - Topic 1 Question 17 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 17
Topic #: 1
[All CKS Questions]

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

Show Suggested Answer Hide Answer
Suggested Answer: A

by Truman at May 07, 2022, 08:01 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rebecka
8 months ago
Yeah, but if you set up encryption, it should be fine, right?
upvoted 0 times
...
Estrella
8 months ago
I thought they were secure at rest with the right config?
upvoted 0 times
...
Ettie
8 months ago
Wait, you can just use etcdctl to get secrets? That's a bit concerning...
upvoted 0 times
...
Brandee
8 months ago
Totally agree, encryption is a must for sensitive data!
upvoted 0 times
...
Cory
8 months ago
That's true, etcd secrets aren't secure by default.
upvoted 0 times
...
Osvaldo
8 months ago
I definitely remember that secrets need to be encrypted at rest, but I’m uncertain if I need to specify the provider in the manifest or just the encryption type.
upvoted 0 times
...
Gwen
8 months ago
I feel like I’ve seen the etcdctl command before, but I’m a bit confused about the flags for certs and keys.
upvoted 0 times
...
Janessa
8 months ago
I remember studying how etcd stores secrets, but I'm not entirely sure how to implement the encryption configuration correctly.
upvoted 0 times
...
Sina
9 months ago
I think we practiced a similar question about securing secrets with AES-CBC, but I can't recall the exact steps for creating the manifest.
upvoted 0 times
...
Tamie
9 months ago
I've got a good feeling about this one. Based on my experience with PP/DS, I think option D, using a planning group, is the way to go. That should allow us to target the specific resources we need to plan for.
upvoted 0 times
...
Marshall
9 months ago
Alright, I think I've got it. The key is understanding how the expression works and applying the filters correctly. I'll walk through the logic step-by-step to make sure I've got the right approach.
upvoted 0 times
...
Lucy
9 months ago
Ah, this is a tricky one. I remember learning about ACK's scheduling capabilities, but I'm drawing a blank on the specifics. I'll have to review my notes and try to eliminate the options that don't sound right.
upvoted 0 times
...
Lewis
9 months ago
I remember practicing a similar question, and it involved setting the trunk mode, but that doesn't sound like it applies to untagged traffic.
upvoted 0 times
...

Save Cancel