Linux Foundation CKS Exam - Topic 1 Question 17 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 17
Topic #: 1

[All CKS Questions]

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

AETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert='ca.crt' --cert='server.crt' --key='server.key'
Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

Show Suggested Answer

Suggested Answer: A

by Truman at May 07, 2022, 08:01 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rebecka

5 months ago

Yeah, but if you set up encryption, it should be fine, right?

upvoted 0 times

...

Estrella

5 months ago

I thought they were secure at rest with the right config?

upvoted 0 times

...

Ettie

5 months ago

Wait, you can just use etcdctl to get secrets? That's a bit concerning...

upvoted 0 times

...

Brandee

5 months ago

Totally agree, encryption is a must for sensitive data!

upvoted 0 times

...

Cory

5 months ago

That's true, etcd secrets aren't secure by default.

upvoted 0 times

...

Osvaldo

5 months ago

I definitely remember that secrets need to be encrypted at rest, but I’m uncertain if I need to specify the provider in the manifest or just the encryption type.

upvoted 0 times

...

Gwen

5 months ago

I feel like I’ve seen the etcdctl command before, but I’m a bit confused about the flags for certs and keys.

upvoted 0 times

...

Janessa

5 months ago

I remember studying how etcd stores secrets, but I'm not entirely sure how to implement the encryption configuration correctly.

upvoted 0 times

...

Sina

6 months ago

I think we practiced a similar question about securing secrets with AES-CBC, but I can't recall the exact steps for creating the manifest.

upvoted 0 times

...

Tamie

6 months ago

I've got a good feeling about this one. Based on my experience with PP/DS, I think option D, using a planning group, is the way to go. That should allow us to target the specific resources we need to plan for.

upvoted 0 times

...

Marshall

6 months ago

Alright, I think I've got it. The key is understanding how the expression works and applying the filters correctly. I'll walk through the logic step-by-step to make sure I've got the right approach.

upvoted 0 times

...

Lucy

6 months ago

Ah, this is a tricky one. I remember learning about ACK's scheduling capabilities, but I'm drawing a blank on the specifics. I'll have to review my notes and try to eliminate the options that don't sound right.

upvoted 0 times

...

Lewis

6 months ago

I remember practicing a similar question, and it involved setting the trunk mode, but that doesn't sound like it applies to untagged traffic.

upvoted 0 times

...