What are some reasons that Consul would continue to allow this to happen?

Consul Associate 0 Comments

After enabling ACLs using the configuration file, ACLs aren’t preventing users from querying services.

What are some reasons that Consul would continue to allow this to happen? (select three)
A . the clients are using the bootstrap token for requests
B. the anonymous token permits these actions
C. the default_policy parameter hasn’t been set to deny
D. Consul ACLs don’t protect the DNS interface, only the API interface

Answer: A,B,C

Explanation:

When enabling ACLs, the default_policy parameter must be explicitly set to deny, otherwise, the default policy is allow and Consul will not prevent access or changes to Consul features.

If the default_policy is set to deny, the policy associated with the anonymous token could have updated to permit these actions.

If the default_policy is set to deny, the clients could be using the bootstrap token (or any other token with

permissions) to make the requests.

Note – the bootstrap token should never be provided to clients to make requests. Specific policies and

tokens should be created for applications and client requests depending on the requirements.

https://www.consul.io/docs/agent/options.html#acl

https://learn.hashicorp.com/consul/security-networking/production-acls

Latest Consul Associate Dumps Valid Version with 171 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Consul Associate PDF     Consul Associate Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments