1Z0-820 · Question #31
1Z0-820 Question #31: Real Exam Question with Answer & Explanation
The correct answer is B. zfs create - o encryption = 256-ccm - o keysource = raw, file : ///my key pool1/encrypt. Option B is correct because ZFS encrypted file system creation requires two separate properties set with -o flags: encryption=256-ccm to specify the algorithm (AES-256 in CCM mode), and keysource=raw,file:///mykey to specify both the key format (raw) and its location (using a fil
Question
Options
- Azfs create - o encryption = /mykey pool1/encrypt
- Bzfs create - o encryption = 256-ccm - o keysource = raw, file : ///my key pool1/encrypt
- Czfs create - o encryption = AES keysource = /mykey pool1/encrypt
- Dzfs create - o encryption = on keystore = /mykey pool1/encrypt
Explanation
Option B is correct because ZFS encrypted file system creation requires two separate properties set with -o flags: encryption=256-ccm to specify the algorithm (AES-256 in CCM mode), and keysource=raw,file:///mykey to specify both the key format (raw) and its location (using a file:// URI). The keysource property follows the syntax format,location, which is why raw,file:///mykey correctly tells ZFS the key is a raw binary file at that path.
A is wrong because encryption accepts an algorithm name (like 256-ccm), not a file path - you can't point encryption directly at a key file.
C is wrong for two reasons: encryption=AES is not a valid specific algorithm value, and keysource is missing its own -o flag, making the command syntactically invalid.
D is wrong because keystore is not a valid ZFS property - the correct property name is keysource (where the key comes from), not keystore (where it is stored).
Memory tip: Think "keysource" - you are telling ZFS the source of the key, in format,location pairs. The trick distractors exploit confusion between keystore (sounds intuitive but wrong) and keysource (the actual property), so lock in: source, not store.
Topics
Community Discussion
No community discussion yet for this question.