Question-37: Please select the correct statements with regards to Data at Rest Encryption in Cloudera Private Cloud Base - QuickTechie

Question-37: Please select the correct statements with regards to Data at Rest Encryption in Cloudera Private Cloud Base

On Linux System If the entropy is consistently low (500 or less), you must increase it
Key Trustee Server installation requires the default umask of 0022.
Cloudera recommends using self-signed certificates for the hostname of your Key Trustee Server, to ensure secure network traffic.
Cryptographic operations do not mandate entropy when used with Cloudera Manager

Answer:

Get All Questions & Answer for CDP Generalist Exam (CDP-0011) and trainings.

Get All Questions & Answer for CDP Administrator - Private Cloud Base Exam CDP-2001 and trainings.

Get All Questions & Answer for CDP Data Developer Exam CDP-3001 and trainings.

This Question is from QuickTechie Cloudera CDP Certification Preparation Kit.

Exp: Entropy Requirements: Cryptographic operations require entropy to ensure randomness. Check the entropy several times to determine the state of the entropy pool on the system. If the entropy is consistently low (500 or less), you must increase it by installing rng-tools and starting the rngd service. Make sure that the hosts running Key Trustee Server and Key Trustee KMS have sufficient entropy to perform cryptographic operations.

umask Requirements: Key Trustee Server installation requires the default umask of 0022.

TLS Certificate Requirements: To ensure secure network traffic, Cloudera recommends obtaining Transport Layer Security (TLS) certificates specific to the hostname of your Key Trustee Server. To obtain the certificate, generate a Certificate Signing Request (CSR) for the fully qualified domain name (FQDN) of the Key Trustee Server host. The CSR must be signed by a trusted Certificate Authority (CA). After the certificate has been verified and signed by the CA, the Key Trustee Server TLS configuration requires:

The CA-signed certificate
The private key used to generate the original CSR
The intermediate certificate/chain file (provided by the CA)

Cloudera recommends not using self-signed certificates. If you use self-signed certificates, you must use the --skip-ssl-check parameter when registering Navigator Encrypt with the Key Trustee Server. This skips TLS hostname validation, which safeguards against certain network-level attacks. For more information regarding insecure mode, see Registration Options.

Other Popular Courses