Topic 1 Question 177
You manage a microservices application on Google Kubernetes Engine (GKE) using Istio. You secure the communication channels between your microservices by implementing an Istio AuthorizationPolicy, a Kubernetes NetworkPolicy, and mTLS on your GKE cluster. You discover that HTTP requests between two Pods to specific URLs fail, while other requests to other URLs succeed. What is the cause of the connection issue?
A Kubernetes NetworkPolicy resource is blocking HTTP traffic between the Pods.
The Pod initiating the HTTP requests is attempting to connect to the target Pod via an incorrect TCP port.
The Authorization Policy of your cluster is blocking HTTP requests for specific paths within your application.
The cluster has mTLS configured in permissive mode, but the Pod's sidecar proxy is sending unencrypted traffic in plain text.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
A is not correct because Kubernetes NetworkPolicy resources allow you to block HTTP traffic between groups of pods but not for selected paths. (https://kubernetes.io/docs/concepts/services-networking/network-policies/). B is not correct because if the client pod is using an incorrect port to communicate with the server, pod requests will time out for all URL paths. C is correct because an Istio Authorization policy allows you to block HTTP methods between pods for specific URL paths (https://istio.io/latest/docs/tasks/security/authorization/authz-http/). D is not correct because mTLS configuration using Istio should not cause HTTP requests to fail. In permissive mode (default configuration), a service can accept both plain text and mTLS encrypted traffic (https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/).
👍 2telp2023/01/13 - 正解だと思う選択肢: C
C is the answer.
👍 1zellck2022/12/15 - 正解だと思う選択肢: C👍 1TNT872022/12/21
シャッフルモード