Sign in with Google
Question-35: Select correct statements with regards to networking and security for Cloudera Private Cloud Base setup.
- Cloudera Supports Security Enhanced Linux enabled with enforcing mode.
- Iptables and firewalld must be enabled and should not be updated to avoid misconfigurations.
- For RHEL and CentOS, the /etc/sysconfig/network file on each host must contain the correct hostname.
- Cluster hosts must have a working network name resolution system and correctly formatted /etc/hosts file.
Answer:
This Question is from QuickTechie Cloudera CDP Certification Preparation Kit.
Exp:
Cluster hosts must have a working network name resolution system and correctly formatted /etc/hosts file. All cluster hosts must have properly configured forward and reverse host resolution through DNS. The /etc/hosts files must:
Contain consistent information about hostnames and IP addresses across all hosts
- Not contain uppercase hostnames
- Not contain duplicate IP addresses
Cluster hosts must not use aliases, either in /etc/hosts or in configuring DNS. A properly formatted /etc/hosts file should be similar to the following example:
127.0.0.1 localhost.localdomain localhost
192.168.1.1 cluster-01.example.com cluster-01
192.168.1.2 cluster-02.example.com cluster-02
192.168.1.3 cluster-03.example.com cluster-03
Cloudera Runtime and SELinux
Cloudera Enterprise is supported on platforms with Security-Enhanced Linux (SELinux) enabled and in enforcing mode. Cloudera is not responsible for SELinux policy development, support, or enforcement. If you experience issues running Cloudera software with SELinux enabled, contact your OS provider for assistance.
If you are using SELinux in enforcing mode, Cloudera Support can request that you disable SELinux or change the mode to permissive to rule out SELinux as a factor when investigating reported issues.
This Question is from QuickTechie Cloudera CDP Certification Preparation Kit.
Cloudera Manager and Firewalls
Firewalls (such as iptables and firewalld) must be disabled or configured to allow access to ports used by Cloudera Manager, Runtime, and related services.
- For RHEL and CentOS, the /etc/sysconfig/network file on each host must contain the correct hostname.
- Cloudera Manager and Runtime use several user accounts and groups to complete their tasks. The set of user accounts and groups varies according to the components you choose to install. Do not delete these accounts or groups and do not modify their permissions and rights. Ensure that no existing systems prevent these accounts and groups from functioning. For example, if you have scripts that delete user accounts not in an allowlist, add these accounts to the list of permitted accounts. i.e. hbase, atlas, hdfs etc.
.jpg)