30 Questions
What happens if deny rules are not defined at all for agent key rules?
The agent exits with an error for all items except system.run[*]
What is the behavior when a key is restricted by configuration?
The agent treats the key as if it is not supported
What is the consequence of denied remote commands?
Denied remote commands will not be logged in the agent log
How do AllowKey and DenyKey rules affect configuration parameters?
They have no effect on the configuration parameters
What is the outcome of using the DenyKey rule for a single file?
The file is not supported by the agent
What is the implication of using AllowKeys for agent key rules?
It permits the usage of keys only if explicitly allowed
How does the agent behave when keys that are not allowed are accessed?
The agent denies the access and logs the event
What is the behavior of the agent when deny rules are not defined for a specific item?
The agent treats the item as unsupported
What is the consequence of using the allow list without a single deny rule for non-system.run[*] items?
The agent exits with an error for all non-system.run[*] items
What happens when a key is accessed with a path that tricks the deny rule?
The agent treats the key as unsupported
Which encryption method is not supported in Zabbix?
PSK
What is the storage format of pre-shared keys in Zabbix database and agent/proxy configuration files?
Plain text
What are the steps involved in setting up PSK encryption on Zabbix agent or proxy?
Creating a directory for keys, generating a PSK key, and changing the configuration
What is the requirement for Zabbix server, proxies, and agents when using certificates for encryption?
CA certificate, server certificate, and certificate private key
What type of keys cannot be used with the same PSK identity?
Two different PSK keys
Which version of GnuTLS onwards supports mixed encryption?
3.1.18
Where are PSK (pre-shared key) pairs stored in Zabbix frontend?
Host/proxy settings
What are the required TLS options for Zabbix server, proxies, and agents when using certificates for encryption?
CA certificate, certificate file, and key file
What is the supported replacement of OpenSSL from Zabbix 2.7 and 3.0.x?
LibreSSL
What type of errors and network issues are mentioned in the text?
Zabbix agent checks on different hosts
What type of keys starting with 'system.swap' are denied by the Zabbix Agent?
Keys related to swap memory usage
Which Zabbix Agent key is allowed as a percentage?
Free swap size
What type of items are disabled by default in Zabbix?
system.run items
How does the Zabbix Agent allow for executing remote commands?
Using passive or active checks
Which option can be used to log remote commands executed by the Zabbix Agent?
LogRemoteCommands option
Which version of TLS is used for internal communications in Zabbix?
TLS 1.2 and TLS v1.3
In Zabbix 6.0, which components can natively encrypt communications?
Zabbix server, proxies, agents, databases, and web services
Which component's communication is not natively encrypted in Zabbix?
Zabbix server/proxies and Zabbix Java gateway
How does Zabbix support encryption of communication with databases?
Using TLS and certificates
What is required for advanced setups for database encryption in Zabbix?
User-generated custom CA, server, and client certificates
Study Notes
Zabbix Security and Encryption Overview
- Zabbix Agent key "Free swap size" is allowed as a percentage
- All other keys starting with "system.swap" are denied
- The Latest data screen for student-XX host should show the blocked keys
- The "system.run" items are disabled by default
- The Zabbix agent allows for executing remote commands using passive or active checks
- Remote commands can be logged using the LogRemoteCommands option
- Remote commands are used in multiple places including item checks, Zabbix frontend scripts, and actions
- Zabbix uses TLS 1.2 and TLS v1.3 for internal communications
- Zabbix 6.0 can natively encrypt communications between Zabbix server and proxies, agents, databases, and web services
- Communication between Zabbix server/proxies and Zabbix Java gateway is not natively encrypted
- Zabbix supports encryption of communication with databases using TLS and certificates
- Advanced setups for DB encryption require user-generated custom CA, server, and client certificates and must be supported by the database engine
Test your knowledge of Zabbix security and encryption with this quiz. Explore topics such as agent key permissions, remote command execution, TLS encryption, and secure communication with databases.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free