To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?A . updateB . readC . sudoD . listE . None of the aboveView AnswerAnswer: C Explanation: To give a role the ability...
What should this policy look like?
You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like? A) B) C) D) A . Option AB . Option...
Which of these is not a benefit of dynamic secrets?
Which of these is not a benefit of dynamic secrets?A . Supports systems which do not natively provide a method of expiring credentialsB . Minimizes damage of credentials leakingC . Ensures that administrators can see every password usedD . Replaces cumbersome password rotation tools and practicesView AnswerAnswer: C Explanation: Dynamic...
Which of the following statements describe the CLI command below?
Which of the following statements describe the CLI command below? S vault login -method-1dap username-mitche11hA . Generates a token which is response wrappedB . You will be prompted to enter the passwordC . By default the generated token is valid for 24 hoursD . Fails because the password is not...
Which of the following cannot define the maximum time-to-live (TTL) for a token?
Which of the following cannot define the maximum time-to-live (TTL) for a token?A . By the authentication method t natively provide a method of expiring credentialsB . By the client system f credentials leakingC . By the mount endpoint configuration very password usedD . A parent token TTL e password...
The vault lease renew command increments the lease time from:
The vault lease renew command increments the lease time from:A . The current timeB . The end of the leaseView AnswerAnswer: A Explanation: The vault lease renew command increments the lease time from the current time, not the end of the lease. This means that the user can request a...
What are orphan tokens?
What are orphan tokens?A . Orphan tokens are tokens with a use limit so you can set the number of uses when you create themB . Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent doesC . Orphan tokens are tokens with...
Which of the following best describes the transit secrets engine?
You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?A . A data key encrypts the blob locally, and the same key decrypts the blob locally.B . To process such a large blob. Vault will temporarily...
What environment variable overrides the CLI's default Vault server address?
What environment variable overrides the CLI's default Vault server address?A . VAULT_ADDRB . VAULT_HTTP_ADORESSC . VAULT_ADDRESSD . VAULT _HTTPS_ ADDRESSView AnswerAnswer: B Explanation: The environment variable VAULT_ADDR overrides the CLI’s default Vault server address. The VAULT_ADDR environment variable specifies the address of the Vault server that is used to communicate...
What do these policies allow an organization to do?
The following three policies exist in Vault. What do these policies allow an organization to do? A . Separates permissions allowed on actions associated with the transit secret engineB . Nothing, as the minimum permissions to perform useful tasks are not presentC . Encrypt, decrypt, and rewrap data using the...