Consul uses a gossip protocol that is powered by Serf.
How is this communication protected between all participating servers and clients?
A . shared secret
B. TLS
C. username and password
D. mutual TLS
Answer: A
Explanation:
Consul’s gossip protocol is protected by a symmetric key, or a shared secret, that is configured as part of the configuration file or in a separate file that is read when the Consul service starts. For example, you can add the parameter "encrypt" to the configuration file with 32-byte, Base64 encoded shared secret.
All nodes in the Consul cluster, including WAN joined datacenters, must use the same encryption key. An example of this key would be pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s= Furthermore, you can generate this 32-byte, Base64 encoded shared secret by using the built-in command consul keygen
$ consul keygen
pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s=
More information about the gossip encryption can be found here.
By the way, the HashiCorp Learn platform mentioned that the key is 16-bytes, but that was changed sometime in 2019 in order for Serf to encrypt data using AES256
Latest Consul Associate Dumps Valid Version with 171 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund