Answer-first summary for fast verification
Answer: Install Istio, enable proxy injection on your application namespace, and then enable mTLS.
The correct answer is B because installing Istio and enabling mTLS with proxy injection encrypts all inter-service traffic within the cluster using mutual TLS (mTLS) without requiring changes to the applications. Istio's sidecar proxies handle encryption automatically, minimizing application modifications. Google supports Istio (via Anthos Service Mesh) on GKE, ensuring compatibility and support. Options A and C do not address encryption but focus on network segmentation/access. Option D would require application-level changes to manage certificates, which conflicts with the requirement to minimize changes.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your security team audited all applications running in Google Kubernetes Engine and found that some transmit traffic within the cluster unencrypted. How can you enforce encryption for all intra-cluster traffic with minimal application changes while maintaining Google's support?
A
Use Network Policies to block traffic between applications.
B
Install Istio, enable proxy injection on your application namespace, and then enable mTLS.
C
Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.
D
Use an automated process to request SSL Certificates for your applications from Let's Encrypt and add them to your applications.
No comments yet.