Which command does not meet this requirement?
Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement? A. generate-password | vault kv put secret/password value B. vault kv put secret/password value-itsasecret C. vault kv put secret/password [email protected] D. vault kv put secret/password value-SSECRET_VALUEView AnswerAnswer: B Explanation: The command that...
What should this policy look like?
You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like? A) B) C) D) A . Option AB . Option...
What do these policies allow an organization to do?
The following three policies exist in Vault. What do these policies allow an organization to do? A . Separates permissions allowed on actions associated with the transit secret engineB . Nothing, as the minimum permissions to perform useful tasks are not presentC . Encrypt, decrypt, and rewrap data using the...
How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"?
You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"? This new user will need the power-users policy. A) B) C) D) A. Option A B. Option B C. Option C D. Option DView AnswerAnswer: A Explanation:...
Which of the following statements describe the CLI command below?
Which of the following statements describe the CLI command below? S vault login -method-1dap username-mitche11hA . Generates a token which is response wrappedB . You will be prompted to enter the passwordC . By default the generated token is valid for 24 hoursD . Fails because the password is not...
The vault lease renew command increments the lease time from:
The vault lease renew command increments the lease time from:A . The current timeB . The end of the leaseView AnswerAnswer: A Explanation: The vault lease renew command increments the lease time from the current time, not the end of the lease. This means that the user can request a...
Which of these is not a benefit of dynamic secrets?
Which of these is not a benefit of dynamic secrets?A . Supports systems which do not natively provide a method of expiring credentialsB . Minimizes damage of credentials leakingC . Ensures that administrators can see every password usedD . Replaces cumbersome password rotation tools and practicesView AnswerAnswer: C Explanation: Dynamic...
Which of the following is a machine-oriented Vault authentication backend?
Which of the following is a machine-oriented Vault authentication backend?A . OktaB . AppRoleC . TransitD . GitHubView AnswerAnswer: B Explanation: AppRole is a machine-oriented authentication method that allows machines or applications to authenticate with Vault using a role ID and a secret ID. The role ID is a unique...
What command creates a secret with the key "my-password" and the value "53cr3t" at path "my-secrets" within the KV secrets engine mounted at "secret"?
What command creates a secret with the key "my-password" and the value "53cr3t" at path "my-secrets" within the KV secrets engine mounted at "secret"?A . vault kv put secret/my-secrets/my-password 53cr3tB . vault kv write secret/my-secrets/my-password 53cr3tC . vault kv write 53cr3t my-secrets/my-passwordD . vault kv put secret/my-secrets »y-password-53cr3tView AnswerAnswer: A...
What is the Vault CLI command to query information about the token the client is currently using?
What is the Vault CLI command to query information about the token the client is currently using?A . vault lookup tokenB . vault token lookupC . vault lookup selfD . vault self-lookupView AnswerAnswer: B Explanation: The Vault CLI command to query information about the token the client is currently using...