-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathswarm_default_security.yaml
More file actions
72 lines (65 loc) · 3.86 KB
/
swarm_default_security.yaml
File metadata and controls
72 lines (65 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
questions:
- uuid: 1d85043d-622a-4ff7-bdbb-6a9d20790a4e
question: What type of security is enabled by default in Docker Swarm mode?
answers:
- { value: 'GPG encryption of container images', correct: false }
- { value: 'SSH tunnels for node communication', correct: false }
- { value: 'Open authentication with tokens', correct: false }
- { value: 'Mutual TLS (mTLS) between nodes', correct: true }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: 98f53903-8bc4-4689-99bb-729b0b217c1c
question: What is the role of certificates in Docker Swarm?
answers:
- { value: 'They authenticate and encrypt communication between nodes', correct: true }
- { value: "They store the container's configuration", correct: false }
- { value: 'They are used for publishing images', correct: false }
- { value: 'They replace container secrets', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: 3ef672a6-236f-4f7e-914c-b3c3cc626295
question: What happens when a worker joins a Swarm cluster?
answers:
- { value: 'It is issued a certificate signed by the Swarm CA', correct: true }
- { value: "It inherits the manager's privileges", correct: false }
- { value: 'It generates its own self-signed certificate', correct: false }
- { value: 'It does not require authentication', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: 66b4b6e5-f739-4936-98f1-9b9d9b294b5d
question: What type of encryption is used for control plane traffic in Docker Swarm?
answers:
- { value: 'AES-128', correct: false }
- { value: 'Mutual TLS', correct: true }
- { value: 'JWT Tokens', correct: false }
- { value: 'SHA-256', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: 4ac92b8d-b5b1-4b5b-9378-5d3654c89794
question: Can node certificates in a Swarm cluster expire?
answers:
- { value: 'No, once issued they last forever', correct: false }
- { value: 'Only revoked tokens cause expiration', correct: false }
- { value: 'Yes, they have a configurable expiration and are automatically renewed', correct: true }
- { value: 'Only manager node certificates expire', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: e1b4a932-2f2b-446e-a1e4-fc1e3c1d25ff
question: Which security feature ensures only authorized nodes can join a Swarm cluster?
answers:
- { value: 'Join tokens with automatic rotation', correct: true }
- { value: 'Docker Content Trust', correct: false }
- { value: 'UCP RBAC policies', correct: false }
- { value: 'Firewalls on overlay networks', correct: false }
help: https://docs.docker.com/engine/swarm/swarm_manager_locking/#join-tokens
- uuid: f6d2a9e6-bbe3-4f6a-90eb-0b91c4a3eec5
question: What happens if the Swarm root certificate authority (CA) is compromised?
answers:
- { value: 'Only worker nodes are affected', correct: false }
- { value: 'The ingress network stops functioning', correct: false }
- { value: 'All node certificates must be rotated', correct: true }
- { value: 'The Swarm cluster auto-recovers', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
- uuid: 12d74de5-d6d2-4a88-9e9b-20f9ab76efbe
question: How is the trust between nodes enforced in a Docker Swarm cluster?
answers:
- { value: 'Through a central OAuth provider', correct: false }
- { value: 'Using certificates signed by the Swarm CA', correct: true }
- { value: 'Via Kubernetes secrets', correct: false }
- { value: 'With password-based authentication', correct: false }
help: https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/