IBM Exam C1000-150 Topic 8 Question 32 Discussion

Actual exam question for IBM's C1000-150 exam

Question #: 32
Topic #: 8

To limit and secure integrations with an external service, which method is used to establish a trusted relationship between the Cloud Pak for Business Automation capability on OpenShift with the external service?

AProvide the Cloud Pak for Business Automation operator root CA signer certificate to the external service provider to be configured

BPrompt the Cloud Pak for Business Automation end user to store a local copy of the certificate.

CGenerate a generic secret with the external TLS certificate and then add that secret to the operator trusted_certificate_list CR parameter.

DCopy the external TLS certificate to the /wlp/trustedcert directory on the individual pod that requires access.

Show Suggested Answer

Suggested Answer: A

When setting up a demo environment an identity provider may not be known. In this case, htpasswd can be used to replace the default admin user with a simple identity provider. Htpasswd is an Apache utility for creating and updating user authentication files for the Apache web server. It uses a combination of plaintext passwords and a hashing algorithm to store its credentials.

by Emile at May 18, 2024, 10:16 PM

Limited Time Offer

25%

Off

Get Premium C1000-150 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Verlene

1 months ago

I'm going with option C. It's the most secure and automated approach to managing the trusted certificates. Plus, it avoids the potential headaches of the other options.

upvoted 0 times

...

Kaycee

1 months ago

Ha! Copying the certificate to a specific pod? That's like trying to secure your house by hiding the key under the doormat. Option C is the way to go.

upvoted 0 times

Antione

3 days ago

I agree, copying the certificate to a specific pod is not secure at all. Option C is much more reliable.

upvoted 0 times

...

Antione

10 days ago

Option C is definitely the best way to establish a trusted relationship with the external service.

upvoted 0 times

...

Claribel

2 months ago

Option A makes sense, but it would require the external service provider to be involved in the setup process. Option C looks more straightforward and self-contained.

upvoted 0 times

Krystina

27 days ago

A) Provide the Cloud Pak for Business Automation operator root CA signer certificate to the external service provider to be configured

upvoted 0 times

...

Isidra

2 months ago

That makes sense too, we need to establish a trusted relationship between the Cloud Pak for Business Automation capability and the external service.

upvoted 0 times

...

Melvin

2 months ago

I'm not sure about option B. Prompting the end user to manage the certificate locally doesn't sound like a scalable solution for enterprise-level deployments.

upvoted 0 times

Jolanda

1 months ago

Option C might be a better choice for establishing a trusted relationship with the external service.

upvoted 0 times

...

Jolanda

1 months ago

I agree, option B doesn't seem like the best approach for scalability.

upvoted 0 times

...

Rhea

2 months ago

Option C seems like the correct way to establish a trusted relationship. It's a more secure approach than just copying the certificate to a specific pod.

upvoted 0 times

Skye

13 days ago

Copying the certificate to a specific pod seems risky.

upvoted 0 times

...

Zona

14 days ago

Storing a local copy of the certificate might not be the best practice.

upvoted 0 times

...

Deeanna

21 days ago

I think providing the root CA signer certificate is also a good option.

upvoted 0 times

...

Erick

1 months ago

I agree, option C is the most secure method.

upvoted 0 times

...

Clement

2 months ago

I disagree, I believe the correct answer is A. We should provide the Cloud Pak for Business Automation operator root CA signer certificate to the external service provider.

upvoted 0 times

...

Isidra

2 months ago

I think the answer is C, because we need to generate a generic secret with the external TLS certificate.

upvoted 0 times

...