Topic 1 Question 535
A company is building an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for its workloads. All secrets that are stored in Amazon EKS must be encrypted in the Kubernetes etcd key-value store.
Which solution will meet these requirements?
Create a new AWS Key Management Service (AWS KMS) key. Use AWS Secrets Manager to manage, rotate, and store all secrets in Amazon EKS.
Create a new AWS Key Management Service (AWS KMS) key. Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster.
Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver as an add-on.
Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias. Enable default Amazon Elastic Block Store (Amazon EBS) volume encryption for the account.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: B
B is the right option. https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
👍 4MrAWSAssociate2023/06/20 - 正解だと思う選択肢: B
It is B, because we need to encrypt inside of the EKS cluster, not outside. AWS KMS is to encrypt at rest.
👍 3alexandercamachop2023/06/07 - 正解だと思う選択肢: B
EKS supports using AWS KMS keys to provide envelope encryption of Kubernetes secrets stored in EKS. Envelope encryption adds an addition, customer-managed layer of encryption for application secrets or user data that is stored within a Kubernetes cluster.
👍 3TariqKipkemei2023/07/24
シャッフルモード