After enabling ACLs using the configuration file, ACLs aren’t preventing users from querying services.
What are some reasons that Consul would continue to allow this to happen? (select three)
A . the clients are using the bootstrap token for requests
B. the anonymous token permits these actions
C. the default_policy parameter hasn’t been set to deny
D. Consul ACLs don’t protect the DNS interface, only the API interface
Answer: A,B,C
Explanation:
When enabling ACLs, the default_policy parameter must be explicitly set to deny, otherwise, the default policy is allow and Consul will not prevent access or changes to Consul features.
If the default_policy is set to deny, the policy associated with the anonymous token could have updated to permit these actions.
If the default_policy is set to deny, the clients could be using the bootstrap token (or any other token with
permissions) to make the requests.
Note – the bootstrap token should never be provided to clients to make requests. Specific policies and
tokens should be created for applications and client requests depending on the requirements.
https://www.consul.io/docs/agent/options.html#acl
https://learn.hashicorp.com/consul/security-networking/production-acls
Latest Consul Associate Dumps Valid Version with 171 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund