Bird
0
0

Why does Kubernetes use a provider list with multiple encryption methods (like aescbc and identity) in the encryption config?

hard📝 Conceptual Q10 of 15
Kubernetes - RBAC and Security
Why does Kubernetes use a provider list with multiple encryption methods (like aescbc and identity) in the encryption config?
ATo encrypt secrets twice for extra security.
BTo allow seamless key rotation and fallback to unencrypted data.
CTo encrypt some secrets and leave others unencrypted by choice.
DTo enable encryption only during cluster upgrades.
Step-by-Step Solution
Solution:

  1. Step 1: Understand provider list purpose

    The provider list allows Kubernetes to try providers in order, enabling key rotation and fallback.

  2. Step 2: Clarify fallback role of identity provider

    Identity means no encryption; it allows reading old unencrypted data during rotation.

  3. Final Answer:

    To allow seamless key rotation and fallback to unencrypted data. -> Option B

  4. Quick Check:

    Provider list enables rotation and fallback [OK]
Quick Trick: Provider list supports rotation and fallback to unencrypted data. [OK]
Common Mistakes:
  • Thinking multiple providers mean double encryption
  • Assuming selective encryption by secret
  • Believing encryption only during upgrades

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Helm Package Manager - Adding chart repositories - Quiz 9hard Monitoring and Logging - Alerting with Prometheus Alertmanager - Quiz 8hard Operators and Custom Resources - Operator SDK basics - Quiz 4medium Operators and Custom Resources - Operator pattern overview - Quiz 3easy Operators and Custom Resources - OperatorHub for community operators - Quiz 1easy Operators and Custom Resources - OperatorHub for community operators - Quiz 5medium Production Best Practices - Why production readiness matters - Quiz 1easy Production Best Practices - Why production readiness matters - Quiz 9hard RBAC and Security - Pod security standards - Quiz 8hard RBAC and Security - Image security scanning - Quiz 7medium