Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Pure Storage
  5. Portworx-Enterprise-Professional

Pure Storage Portworx-Enterprise-Professional Exam Questions
Pure Certified Portworx Enterprise Professional (Page 3 )

Updated On: 21-Feb-2026
Page 3 of 16
PDF with 75 Questions

What information is included in the Portworx diagnostics bundle (diags)?

  1. Portworx journal logs, CLI command outputs, and basic OS information
  2. User activity logs, security policies, and firewall rules
  3. Application logs, Kubernetes events, and network configurations

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:
The Portworx diagnostics bundle, known as "diags," aggregates comprehensive diagnostic data for troubleshooting. This includes Portworx journal logs, which record detailed system and service events essential for identifying errors or malfunctions. Additionally, the bundle contains outputs from key CLI commands such as pxctl status and pxctl volume list that provide snapshots of the cluster's health, volume states, and configuration at the time of collection. Basic operating system information, including kernel version, disk hardware details, and network interfaces, is also captured to understand the underlying environment. Together, these components equip Portworx support and administrators with the contextual data needed for effective root cause analysis and faster issue resolution. The official Portworx support documentation recommends collecting and submitting this bundle for all significant troubleshooting cases as it expedites problem diagnosis and resolutionPure Storage Portworx Support Guidesource.



Which 3 secret stores are supported by Portworx?

  1. AWS KMS, Oracle Key Vault, Hashicorp Vault
  2. IBM KMS, Hashicorp Vault, Gemalto SafeNet KeySecure
  3. AWS KMS, Google Cloud KMS, Kubernetes Secrets

Answer(s): C

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:
Portworx integrates with three primary external secret stores to manage encryption keys securely:
AWS Key Management Service (AWS KMS), Google Cloud Key Management Service (Google Cloud KMS), and Kubernetes Secrets. AWS KMS enables secure key storage and management for workloads running in AWS, leveraging native cloud security features. Google Cloud KMS provides similar key management for Google Cloud environments, allowing seamless integration with Google's security infrastructure. Kubernetes Secrets provide an on-premises or hybrid cloud method to store encryption keys and sensitive configuration securely within Kubernetes clusters, suitable for private data centers or cloud-agnostic deployments. This multi-cloud and hybrid cloud compatibility enable Portworx to meet diverse customer requirements for key management and regulatory compliance. Portworx security documentation details the setup, configuration, and best practices for each supported secret store to ensure data encryption keys are managed securely and efficiently across environmentsPure Storage Portworx Security Guidesource.



What step is necessary to start using encrypted PVCs in Portworx?

  1. Select secret provider.
  2. StorageClass needs the following parameter: secure: enabled.
  3. Configure IO profiles.

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:
Using encrypted Persistent Volume Claims (PVCs) with Portworx requires that an administrator first configure a secret provider responsible for managing the encryption keys. The secret provider could be an external Key Management System (KMS) such as AWS KMS, Google Cloud KMS, Hashicorp Vault, or Kubernetes Secrets. This step is critical because encryption keys are essential to securely encrypt and decrypt data on volumes. Although enabling encryption in the StorageClass via parameters like secure: enabled is necessary to activate encryption on volumes, it is insufficient without a properly configured secret provider to manage the keys. The secret provider ensures keys are securely stored, rotated, and accessed, fulfilling compliance and security requirements. Portworx documentation stresses this as a foundational step to enable encrypted PVCs, highlighting that without a configured secret provider, encrypted volumes cannot be provisioned or used effectivelyPure Storage Portworx Encryption Docssource.



What happens if the spec.csi.enabled flag is set to false in the Portworx StorageCluster spec?

  1. CSI will be installed, but it will not be used.
  2. The cluster will fail to deploy if CSI is disabled.
  3. CSI will not be installed for the storage cluster.

Answer(s): C

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:
The spec.csi.enabled flag in the Portworx StorageCluster specification dictates whether the Container Storage Interface (CSI) driver is deployed within the Kubernetes environment. Setting this flag to false means that the CSI driver will not be installed or enabled, effectively disabling the CSI functionality. The CSI driver is responsible for dynamic volume provisioning, attachment, and lifecycle management in Kubernetes clusters. Disabling CSI might be necessary in environments relying on legacy volume plugins or specific operational requirements.
When CSI is disabled, Portworx will not support dynamic provisioning or other CSI-dependent features, which could limit functionality for Kubernetes storage operations. Portworx operator documentation explicitly states that disabling CSI omits the CSI driver installation, advising users to carefully consider the impact before setting this flag to false, especially in production environments requiring CSI functionalityPure Storage Portworx Operator Docssource.



When utilizing volume encryption, what is a supported external key manager?

  1. Static keys stored in an S3 bucket
  2. Hashicorp Vault
  3. Microsoft Key Management Services

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:
Hashicorp Vault is a widely supported external Key Management System (KMS) integrated with

Portworx for volume encryption. It offers robust capabilities including secure key generation, storage, rotation, and access control, making it well-suited for managing encryption keys in enterprise environments. Integrating Portworx with Hashicorp Vault enables automated and secure key retrieval during volume provisioning and use, ensuring compliance with security policies and regulations. Unlike static keys stored in S3 buckets, which lack dynamic security controls, Hashicorp Vault provides granular policy enforcement and audit logging. Microsoft Key Management Services (KMS) is not currently supported as an external KMS for Portworx encryption. Portworx security documentation emphasizes Hashicorp Vault's importance in maintaining secure key lifecycle management for encrypted volumes, highlighting it as the preferred KMS solution in multi-cloud and hybrid environmentsPure Storage Portworx Security Guidesource.






Post your Comments and Discuss Pure Storage Portworx-Enterprise-Professional exam dumps with other Community members:

Join the Portworx-Enterprise-Professional Discussion