Answer-first summary for fast verification
Answer: Creating an AWS KMS key to enable KMS-based secrets encryption for the Amazon EKS cluster.
When building an Amazon EKS cluster and needing to ensure that all secrets stored in the Kubernetes etcd key-value store are encrypted, Amazon EKS provides a native solution through KMS-based secrets encryption. To achieve this, creating an AWS Key Management Service (AWS KMS) key and enabling KMS secrets encryption on the Amazon EKS cluster is the appropriate option. This ensures that the secrets managed by Kubernetes are encrypted using the specified KMS key, thereby enhancing the security and compliance of your EKS workloads.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
For an Amazon EKS cluster, which approach ensures encryption of all stored secrets in the Kubernetes etcd key-value store?
A
Creating an AWS KMS key and utilizing AWS Secrets Manager for secret management in Amazon EKS.
B
Creating an AWS KMS key to enable KMS-based secrets encryption for the Amazon EKS cluster.
C
Using default Amazon EKS cluster setup with the Amazon EBS CSI driver for storage.
D
Creating an AWS KMS key for enabling default encryption of Amazon EBS volumes.
No comments yet.