HDFS encryption at rest is used to protect data stored in Hadoop Distributed File System. What is its main goal?
Think about what 'encryption at rest' means in data security.
Encryption at rest means encrypting data when it is stored on disk, so unauthorized users cannot read it even if they access the storage directly.
In HDFS encryption at rest, which system is responsible for managing the encryption keys?
Think about a service dedicated to handling keys securely.
The Key Management Server (KMS) manages encryption keys securely and provides them to HDFS when needed.
Given the command hdfs crypto -listZones, what output will it produce if there are two encryption zones named /zone1 and /zone2?
hdfs crypto -listZones
Check the typical output format of hdfs crypto -listZones.
The command lists encryption zones with a header line 'Encryption zones:' followed by each zone on a new line.
Consider the command hdfs crypto -createZone -keyName myKey -path /secure_data fails with error 'Key not found'. What is the most likely cause?
Focus on the error message about the key.
The error 'Key not found' means the specified key 'myKey' is not registered in the Key Management Server (KMS).
You want to check if the file /secure_data/file1.txt is encrypted by HDFS encryption at rest. Which command will give you this information?
Look for a command that returns the encryption zone for a specific path.
The command hdfs crypto -getZoneForPath returns the encryption zone for the given file path, confirming if it is encrypted.