Secure agent communication Questions
Practice questions for Secure agent communication topic in HashiCorp Certified: Consul Associate (003). 24 questions covering this domain.
A Consul operator configures TLS with `verify_server_hostname = true` in the agent configuration. What does this setting enforce?
An operator wants to rotate the gossip encryption key in a running Consul datacenter without causing any downtime. Which Consul CLI command is used to...
A Consul cluster is configured with gossip encryption. A new agent is being added to the datacenter. Which statement about gossip encryption for the n...
A security team is hardening a Consul datacenter and must ensure that no client certificate can be used to impersonate a server. Beyond setting `verif...
A security engineer discovers that a Consul agent is communicating with the rest of the cluster using an expired TLS certificate. The agent configurat...
Which Consul CLI command generates a new gossip encryption key that can be used in the agent configuration?
An operator wants local CLI and API calls on a node to keep using localhost HTTP, but still wants RPC traffic between agents fully protected with mTLS...
Two datacenters are joined with WAN federation. What should be true of their gossip encryption keys?
An operator runs `consul keyring -install <new-key>` on one agent. What happens next in a healthy datacenter?
An existing datacenter is being moved to gossip encryption. Which statement is correct about applying the new gossip settings?
A team configures TLS files correctly but leaves `ports.https` at `-1`. What is the effect on the HTTP API?
A server certificate is being created for a federated environment with `dc1` and `dc2`. Why might the operator add `-additional-dnsname=server.dc2.con...
Why must the file consul-agent-ca-key.pem be stored carefully and kept private?
A client agent is using the auto-encrypt workflow for agent mTLS. Which client configuration requests a TLS certificate from Consul servers?
After running consul tls ca create for agent mTLS, which file must be distributed to every node that runs a Consul agent?
An operator has three Consul servers in dc1 and wants each server to have its own unique server certificate. What happens when they rerun consul tls c...
A server deployment uses the built-in CA and wants Consul to generate and distribute client certificates automatically. Which server setting enables t...
A client agent uses the recommended auto-encrypt method instead of manual certificate distribution. Which file set is sufficient on local disk before ...
A federated Consul deployment includes dc1 and dc2. Why might an operator add an additional DNS name for server.dc2.consul when generating a dc1 serve...
Which command generates a new gossip encryption key for Consul agents?
Sign in to see all 24 questions
Create a free account to browse all questions — completely free during our launch phase.