Bird
0
0

Given this PeerAuthentication YAML snippet:

medium📝 Command Output Q13 of 15
Kubernetes - Service Mesh
Given this PeerAuthentication YAML snippet:
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
  namespace: myapp
spec:
  mtls:
    mode: STRICT

What happens when a service in namespace myapp receives plain HTTP traffic?
AThe traffic is rejected because mTLS is enforced
BThe traffic is accepted without encryption
CThe traffic is accepted but logged as insecure
DThe traffic is redirected to HTTPS automatically
Step-by-Step Solution
Solution:

  1. Step 1: Analyze PeerAuthentication mode

    The mode is STRICT, which enforces mTLS for all incoming traffic in the namespace.

  2. Step 2: Understand effect on plain HTTP

    Plain HTTP traffic without mTLS will be rejected because encryption and identity verification are mandatory.

  3. Final Answer:

    The traffic is rejected because mTLS is enforced -> Option A

  4. Quick Check:

    STRICT mode rejects plain HTTP [OK]
Quick Trick: STRICT mode blocks non-mTLS traffic [OK]
Common Mistakes:
  • Assuming plain HTTP is accepted in STRICT mode
  • Thinking traffic is redirected automatically
  • Confusing logging with rejection

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Advanced Deployment Patterns - Why advanced patterns matter - Quiz 10hard Advanced Deployment Patterns - FluxCD for continuous delivery - Quiz 7medium Monitoring and Logging - Kubernetes dashboard - Quiz 3easy Monitoring and Logging - Centralized logging (EFK stack) - Quiz 6medium Production Best Practices - etcd backup and recovery - Quiz 8hard RBAC and Security - Roles and ClusterRoles - Quiz 13medium RBAC and Security - Service accounts - Quiz 10hard Troubleshooting - OOMKilled containers - Quiz 4medium Troubleshooting - Why troubleshooting skills are critical - Quiz 5medium Troubleshooting - Pod in CrashLoopBackOff - Quiz 7medium