Back to the course
Test yourself

Salt

Final exam · 14 questions · answers explained as you pick
Beginner
4 questions
01Salt is best known for…
Incorrect — it is primarily agent-based over a bus (with salt-ssh as an agentless option).
Correct — one publish reaches all targeted minions at once — near real-time at scale.
Incorrect — the classic model has a master (masterless is an option).
Incorrect — states are YAML+Jinja.
02Remote execution (salt ‘*’ <fn>) is…
Correct — the counterpart to declarative states; e.g. service.restart across the fleet.
Incorrect — that is state.apply/highstate, not remote execution.
Incorrect — it targets minions.
Incorrect — it executes for real — hence the caution.
03An SLS (state) file is…
Incorrect — that is Chef.
Incorrect — that is Terraform.
Correct — rendered through Jinja, then parsed as YAML.
Incorrect — no.
04The highstate is…
Incorrect — it is the complete assembled state, not one file.
Correct — state.highstate applies everything top.sls assigns to that minion.
Incorrect — unrelated.
Incorrect — it is declarative state, not ad-hoc execution.
4 questions · explanations appear as you answer
Intermediate
5 questions
01Pillar data is…
Incorrect — no — it is targeted per minion.
Incorrect — those are grains.
Correct — the right home for secrets and targeted config; verify with pillar.items.
Incorrect — unrelated.
02Grains are…
Correct — like Puppet/Ansible facts — spoofable by a compromised minion, so not for secrets.
Incorrect — that is pillar.
Incorrect — unrelated.
Incorrect — no.
03Why should security decisions NOT rely on a settable grain?
Incorrect — the issue is trust, not speed.
Correct — use pillar targeting and key/id-based trust for anything sensitive.
Incorrect — they are not — and that is part of the point.
Incorrect — they can — that is exactly the risk.
04SLS files are rendered by Jinja and then…
Incorrect — no Ruby involved.
Incorrect — no.
Correct — a loop emitting misaligned lines yields a YAML error on the rendered output.
Incorrect — no.
05A Salt formula is…
Correct — keeps states DRY and shareable; pin and review like any dependency.
Incorrect — that is pillar/GPG.
Incorrect — no.
Incorrect — unrelated.
5 questions · explanations appear as you answer
Advanced
5 questions
01The reactor system lets Salt…
Incorrect — that is Puppet terminology.
Correct — e.g. auto-highstate a minion the moment it connects; event-driven automation.
Incorrect — unrelated.
Incorrect — that is the GPG renderer.
02salt-ssh differs from the normal model in that it…
Correct — trades bus speed for zero footprint; trust moves to SSH keys + roster.
Incorrect — it needs SSH access.
Incorrect — the bus is faster; salt-ssh trades speed for no agent.
Incorrect — no.
03The Salt GPG renderer protects pillar secrets by…
Incorrect — it encrypts, not hashes.
Incorrect — grains are the wrong place for secrets.
Correct — safe in Git; the master’s private key decrypts before delivery — like eyaml/Vault.
Incorrect — the opposite of pillar targeting.
04Salt’s minion trust gate is…
Incorrect — network helps, but trust is key acceptance.
Correct — manage with salt-key; never auto_accept in prod.
Incorrect — it uses keys, not passwords.
Incorrect — grains are spoofable; not a trust gate.
05Two failure modes behind most Salt incidents are…
Correct — patch the master fast, set auto_accept: False, restrict reachability, and use publisher_acl + eauth.
Incorrect — those are not the security incidents.
Incorrect — those are normal, safe features.
Incorrect — no.
5 questions · explanations appear as you answer