U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 4 Discussion

SIMULATIONSecrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret valuefor e.g:-ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"OutputUsing the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.
A) Send us the Feedback on it.

Linux Foundation CKS Exam - Topic 1 Question 4 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 4
Topic #: 1
[All CKS Questions]

SIMULATION

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Beckie at May 07, 2022, 08:12 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Deandrea
8 months ago
I’m not sure if that’s the best method, though.
upvoted 0 times
...
Arleen
8 months ago
AES-CBC is a solid choice for encryption!
upvoted 0 times
...
Jettie
8 months ago
Wait, you can just get secrets like that?
upvoted 0 times
...
Alfred
8 months ago
Totally agree, secrets should be encrypted.
upvoted 0 times
...
Stevie
8 months ago
That's a major security risk!
upvoted 0 times
...
Eden
8 months ago
I think we practiced a similar scenario where we had to encrypt secrets. I remember the command for etcdctl, but I'm not confident about the manifest structure for the encryption configuration.
upvoted 0 times
...
Nydia
8 months ago
I feel a bit lost on how to create the manifest. I know it involves specifying the encryption provider, but I can't remember the exact parameters we need to include.
upvoted 0 times
...
Hillary
8 months ago
This reminds me of a practice question we did on securing secrets in etcd. I think we used AES-CBC in that example too, but I can't recall all the details.
upvoted 0 times
...
Meghann
9 months ago
I remember we discussed how etcd stores secrets and the importance of encrypting them at rest, but I'm not entirely sure about the exact manifest syntax for the encryption configuration.
upvoted 0 times
...
Carmela
9 months ago
I'm feeling pretty confident about this one. The endpoint and parameters indicate that this is retrieving email-related data, so the correct answer is likely Option D, which mentions the device group name and type for email.
upvoted 0 times
...
Lawrence
9 months ago
This is a tricky one. I'm not entirely sure about the differences between the options, especially between B and C. I'll need to think through the pros and cons of each approach to determine the most cost-effective solution that also maintains high availability.
upvoted 0 times
...
Bernadine
9 months ago
Okay, I think I have a strategy here. I'll focus on the disk space issue and evaluate which actions could actually free up space.
upvoted 0 times
...

Save Cancel