Consul service mesh Questions

A Consul operator wants to implement traffic management by directing 20% of requests from `frontend` to a new canary version of `backend-v2` and 80% t...

A Consul service mesh operator notices that an `allow` intention between `web` and `api` is defined, but `web` still cannot connect to `api`. The Cons...

A developer wants to start a Consul sidecar proxy for a service named `web` that was already registered in Consul. Which `consul` CLI command should t...

A security engineer changes an L4 intention from allow to deny between two TCP services. What happens to already established connections?

In normal service mesh traffic flow, which component actually enforces intentions on inbound connections or requests?

What determines whether an intention is enforced as an L4 rule or an L7 rule?

How many intentions can control authorization between the same source and destination service pair at one point in time?

A new datacenter enables service mesh without explicitly configuring a CA provider. What happens when leadership is established and the CA has not bee...

A Consul server becomes temporarily unreachable during an outage. What happens to intention-based authorization in the data path?

Which setting defines whether mesh communication is allow-by-default or deny-by-default when no matching intention exists?

Two L7 intention rules match the same request with equal specificity, but one says allow and the other says deny. Which action wins?

How does a secondary datacenter obtain the signing material it uses for service mesh leaf certificates?

Which HTTP API endpoint lists the currently trusted service mesh root certificates and shows the active root?

Which statement correctly matches Consul's two service mesh leaf certificate uses?

A terminating gateway on VMs uses certificate files on disk to connect to linked external services. The certificates are rotated. What must the operat...