Bird
0
0

Why does Kubernetes not encrypt Secrets by default, and what is the recommended approach?

hard📝 Conceptual Q10 of 15
Kubernetes - Secrets
Why does Kubernetes not encrypt Secrets by default, and what is the recommended approach?
AEncryption is disabled to improve performance and cannot be enabled
BEncryption is optional to allow flexibility; enable encryption and RBAC for security
CSecrets are encrypted by default in all clusters
DEncryption is unnecessary because etcd is always secure
Step-by-Step Solution
Solution:

  1. Step 1: Understand Kubernetes design choice

    Kubernetes leaves encryption optional to let users choose based on needs and environment.

  2. Step 2: Identify recommended security practice

    Best practice is to enable encryption and use RBAC to protect Secrets.

  3. Final Answer:

    Encryption is optional to allow flexibility; enable encryption and RBAC for security -> Option B

  4. Quick Check:

    Encryption optional; enable it plus RBAC for safety [OK]
Quick Trick: Enable encryption and RBAC for secure Secrets [OK]
Common Mistakes:
  • Assuming etcd is always secure
  • Believing encryption is default
  • Thinking encryption cannot be enabled

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
ConfigMaps - Creating ConfigMaps from files - Quiz 8hard Health Checks and Probes - Liveness probe concept - Quiz 1easy Health Checks and Probes - HTTP probe configuration - Quiz 13medium Health Checks and Probes - Readiness probe concept - Quiz 6medium Ingress - Ingress controllers (Nginx, Traefik) - Quiz 9hard Networking - Pod-to-Pod communication - Quiz 1easy Resource Management - CPU requests and limits - Quiz 2easy Resource Management - Horizontal Pod Autoscaler - Quiz 6medium Resource Management - CPU requests and limits - Quiz 12easy Secrets - External secret management integration - Quiz 12easy