Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 4 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 4
Topic #: 1
[All CKS Questions]

SIMULATION

Secrets stored in the etcd is not secure at rest, you can use the etcdctl command utility to find the secret value

for e.g:-

ETCDCTL_API=3 etcdctl get /registry/secrets/default/cks-secret --cacert="ca.crt" --cert="server.crt" --key="server.key"

Output

Using the Encryption Configuration, Create the manifest, which secures the resource secrets using the provider AES-CBC and identity, to encrypt the secret-data at rest and ensure all secrets are encrypted with the new configuration.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Beckie at May 07, 2022, 08:12 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Deandrea
6 months ago
I’m not sure if that’s the best method, though.
upvoted 0 times
...
Arleen
6 months ago
AES-CBC is a solid choice for encryption!
upvoted 0 times
...
Jettie
7 months ago
Wait, you can just get secrets like that?
upvoted 0 times
...
Alfred
7 months ago
Totally agree, secrets should be encrypted.
upvoted 0 times
...
Stevie
7 months ago
That's a major security risk!
upvoted 0 times
...
Eden
7 months ago
I think we practiced a similar scenario where we had to encrypt secrets. I remember the command for etcdctl, but I'm not confident about the manifest structure for the encryption configuration.
upvoted 0 times
...
Nydia
7 months ago
I feel a bit lost on how to create the manifest. I know it involves specifying the encryption provider, but I can't remember the exact parameters we need to include.
upvoted 0 times
...
Hillary
7 months ago
This reminds me of a practice question we did on securing secrets in etcd. I think we used AES-CBC in that example too, but I can't recall all the details.
upvoted 0 times
...
Meghann
7 months ago
I remember we discussed how etcd stores secrets and the importance of encrypting them at rest, but I'm not entirely sure about the exact manifest syntax for the encryption configuration.
upvoted 0 times
...
Carmela
7 months ago
I'm feeling pretty confident about this one. The endpoint and parameters indicate that this is retrieving email-related data, so the correct answer is likely Option D, which mentions the device group name and type for email.
upvoted 0 times
...
Lawrence
7 months ago
This is a tricky one. I'm not entirely sure about the differences between the options, especially between B and C. I'll need to think through the pros and cons of each approach to determine the most cost-effective solution that also maintains high availability.
upvoted 0 times
...
Bernadine
7 months ago
Okay, I think I have a strategy here. I'll focus on the disk space issue and evaluate which actions could actually free up space.
upvoted 0 times
...

Save Cancel