Istio will not rotate certificates and keys that have been defined for the services through an Ingress gateway to secure traffic from external clients to the edge microservice. A) True
B) False
There can only be one MeshPolicy with name as default that will apply mTLS mesh-wide.
A) True
B) False
Mutual TLS can be as granular as possible from the namespace level to the service level by defining a policy.
A) True
B) False
Mutual TLS can also be defined through destination rules for the subsets, which can be used to define virtual services.
A) True
B) False
Istio is capable of shielding modern microservices applications so that they can run in a zero-trust network without the need to make any changes to the application code.
A) True
B) False
Istio makes VPN and firewalls redundant if security is implemented properly.
A) True
B) False
It is the responsibility of the edge microservice to manage JWT for authorizations. Istio does not have native automation support yet.
A) True
B) False
Istio's Secret Discovery Service mounts secrets in pods automatically.
A) True
B) False
Istio's Citadel will rotate certificates and keys by default every 90 days. However, this can be changed by editing Citadel's workload-cert-ttl to 1h deployment argument in a zero-trust network. This change can be done without restarting Citadel.
A) True
B) False
The Envoy sidecar checks the TTL of the certificates. The Istio node agent, if enabled, can request a new certificate for Citadel. It is Citadel that pushes the certificates to Envoy, not the node agent.
A) True
B) False
