0
0
RabbitMQdevops~20 mins

TLS/SSL encryption in RabbitMQ - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
TLS/SSL Encryption Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
RabbitMQ TLS handshake failure output
You have configured RabbitMQ to use TLS but the client fails to connect. What output will you see in the RabbitMQ logs when a TLS handshake fails due to a certificate mismatch?
A[error] TLS: client: In state hello received SERVER ALERT: Fatal - Bad Certificate
B[info] TLS: client: Connection established successfully
C[warning] TLS: client: Certificate verified successfully
D[error] TLS: client: Connection closed by peer without handshake
Attempts:
2 left
💡 Hint
Look for error messages related to TLS handshake and certificate issues.
Configuration
intermediate
2:00remaining
Correct RabbitMQ TLS configuration snippet
Which of the following RabbitMQ configuration snippets correctly enables TLS on the default listener port 5671 with certificate files?
A
listeners.tcp = 5671
ssl_options.cacertfile = "/etc/rabbitmq/ca_certificate.pem"
ssl_options.certfile = "/etc/rabbitmq/server_certificate.pem"
ssl_options.keyfile = "/etc/rabbitmq/server_key.pem"
B
listeners.tcp = none
listeners.ssl.default = 5671
ssl_options.cacertfile = "/etc/rabbitmq/ca_certificate.pem"
ssl_options.certfile = "/etc/rabbitmq/server_certificate.pem"
ssl_options.keyfile = "/etc/rabbitmq/server_key.pem"
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
C
listeners.ssl.default = 5672
ssl_options.cacertfile = "/etc/rabbitmq/ca_certificate.pem"
ssl_options.certfile = "/etc/rabbitmq/server_certificate.pem"
ssl_options.keyfile = "/etc/rabbitmq/server_key.pem"
D
listeners.ssl.default = 5671
ssl_options.cacertfile = "/etc/rabbitmq/server_certificate.pem"
ssl_options.certfile = "/etc/rabbitmq/ca_certificate.pem"
ssl_options.keyfile = "/etc/rabbitmq/server_key.pem"
Attempts:
2 left
💡 Hint
Check the port number and the order of certificate files in ssl_options.
Troubleshoot
advanced
2:00remaining
Diagnosing RabbitMQ TLS client connection error
A RabbitMQ client fails to connect over TLS with the error: "unable to verify the first certificate". What is the most likely cause?
AThe client is using the wrong username or password
BThe RabbitMQ server certificate has expired
CThe RabbitMQ server is not listening on the TLS port
DThe client does not trust the CA that signed the RabbitMQ server certificate
Attempts:
2 left
💡 Hint
Think about what "unable to verify the first certificate" means in TLS context.
🔀 Workflow
advanced
2:00remaining
Order of steps to enable TLS on RabbitMQ
What is the correct order of steps to enable TLS encryption on a RabbitMQ server?
A1,3,2,4
B2,1,3,4
C1,2,3,4
D3,1,2,4
Attempts:
2 left
💡 Hint
Think about what must be done before configuring RabbitMQ and clients.
Best Practice
expert
2:00remaining
Best practice for RabbitMQ TLS private key security
Which of the following is the best practice to secure the RabbitMQ server private key used for TLS?
AStore the private key with strict file permissions and use an encrypted filesystem or hardware security module (HSM)
BEmbed the private key directly in the RabbitMQ configuration file for easy access
CStore the private key on a public web server for backup
DShare the private key with all RabbitMQ clients to simplify setup
Attempts:
2 left
💡 Hint
Consider how to protect sensitive cryptographic material from unauthorized access.