0

You want to ensure both encryption in transit and encryption at rest for your Elasticsearch cluster. Which approach correctly combines these protections?

hard🚀 Application Q15 of Q15

Elasticsearch - Security

You want to ensure both encryption in transit and encryption at rest for your Elasticsearch cluster. Which approach correctly combines these protections?

AOnly enable TLS in elasticsearch.yml; Elasticsearch encrypts data at rest automatically

BEnable TLS in elasticsearch.yml for transit; use external disk encryption for at rest

CEnable TLS in elasticsearch.yml for transit; enable xpack.security.encryption.at_rest: true

DUse network.host: localhost to secure transit; enable snapshot encryption for at rest

Step-by-Step Solution

Solution:

Step 1: Understand encryption in transit setup
Encryption in transit is enabled by TLS settings in elasticsearch.yml.
Step 2: Understand encryption at rest setup
Elasticsearch does not natively encrypt data at rest; external disk or filesystem encryption is needed.
Step 3: Combine both correctly
Use TLS for transit encryption and external tools (like disk encryption) for data at rest.
Final Answer:
Enable TLS in elasticsearch.yml for transit; use external disk encryption for at rest -> Option B
Quick Check:
Transit TLS + external disk encryption = full protection [OK]

Quick Trick: Elasticsearch encrypts transit; use external tools for at rest [OK]

Common Mistakes:

MISTAKES

Assuming Elasticsearch encrypts data at rest by default
Using wrong settings like xpack.security.encryption.at_rest
Confusing network.host with encryption settings

Master "Security" in Elasticsearch

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Elasticsearch Quizzes