0
0
Elasticsearchquery~20 mins

Encryption in transit and at rest in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Encryption Mastery in Elasticsearch
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of the Elasticsearch TLS configuration snippet?
Given the following Elasticsearch configuration snippet for enabling TLS encryption in transit, what will be the effect when Elasticsearch nodes start?
Elasticsearch
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
AElasticsearch nodes will fail to start due to missing password for keystore.
BElasticsearch nodes will communicate without encryption because verification_mode is set to certificate.
CElasticsearch nodes will communicate over encrypted transport using TLS with certificate verification.
DElasticsearch nodes will communicate over unencrypted HTTP transport.
Attempts:
2 left
💡 Hint
Look at the 'xpack.security.transport.ssl.enabled' and 'verification_mode' settings.
Predict Output
intermediate
2:00remaining
What happens if you enable encryption at rest without setting a keystore password?
Consider this Elasticsearch configuration snippet for encryption at rest: xpack.security.enabled: true xpack.security.encryptionKey: "myencryptionkey123" xpack.security.audit.enabled: true What will happen when Elasticsearch tries to encrypt data at rest?
AElasticsearch will fail to start due to missing keystore password for encryption key.
BElasticsearch will store data unencrypted because encryptionKey is not a valid setting.
CElasticsearch will encrypt data but audit logs will be disabled.
DElasticsearch will encrypt data at rest using the provided encryption key without errors.
Attempts:
2 left
💡 Hint
Check if 'xpack.security.encryptionKey' is sufficient for encryption at rest.
🔧 Debug
advanced
2:00remaining
Identify the error in this Elasticsearch TLS transport configuration
This snippet is intended to enable TLS encryption for Elasticsearch transport layer. What error will occur when Elasticsearch starts?
Elasticsearch
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.verification_mode: none
AElasticsearch will start successfully but without verifying certificates, risking MITM attacks.
BElasticsearch will fail to start due to invalid 'verification_mode' value 'none'.
CElasticsearch will fail to start because keystore and truststore paths are missing passwords.
DElasticsearch will start but transport encryption will be disabled.
Attempts:
2 left
💡 Hint
Check the allowed values for 'verification_mode'.
📝 Syntax
advanced
2:00remaining
Which option correctly enables HTTPS for Elasticsearch HTTP layer?
Select the correct configuration snippet to enable HTTPS encryption for the HTTP layer in Elasticsearch.
A
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: certs/http.p12
xpack.security.http.ssl.keystore.password: "password"
B
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/http.p12
xpack.security.http.ssl.keystore.password: "password"
C
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/http.p12
xpack.security.http.ssl.keystore.password: "password"
D
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/http.p12
xpack.security.http.ssl.keystore.password: "password"
Attempts:
2 left
💡 Hint
Focus on the correct prefix for HTTP SSL settings.
🚀 Application
expert
3:00remaining
How many nodes will successfully join the cluster with this transport encryption config?
You have a 3-node Elasticsearch cluster. Each node has the following transport encryption settings: Node 1: xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/node1.p12 xpack.security.transport.ssl.truststore.path: certs/ca.p12 Node 2: xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: full xpack.security.transport.ssl.keystore.path: certs/node2.p12 xpack.security.transport.ssl.truststore.path: certs/ca.p12 Node 3: xpack.security.transport.ssl.enabled: false How many nodes will successfully join the cluster?
A2 nodes will join; Node 3 will fail due to disabled transport encryption.
BAll 3 nodes will join successfully despite Node 3's disabled encryption.
COnly Node 1 will join; Node 2 fails due to stricter verification_mode, Node 3 fails due to disabled encryption.
DNo nodes will join because of mismatched verification_mode settings.
Attempts:
2 left
💡 Hint
Consider how transport encryption and verification_mode affect node communication.