The following three policies exist in Vault.
What do these policies allow an organization to do?
A . Separates permissions allowed on actions associated with the transit secret engine
B . Nothing, as the minimum permissions to perform useful tasks are not present
C . Encrypt, decrypt, and rewrap data using the transit engine all in one policy
D . Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data
Answer: A
Explanation:
These policies allow organizations to:
Separates permissions allowed on actions associated with the transit secret engine
Here’s how to do it:
app.hcl The policy allows the entity to perform cryptographic operations using a specific key () of the Transit secret engine.my_app_key
callcenter.hcl The policy allows decryption operations to be performed on the same.my_app_key
rewrap.hcl Policies allow the key to be read and the data to be reencapsulated, which essentially decrypts and re-encrypts the data without displaying plaintext, which is useful for rotating the underlying encryption key.
Each policy targets specific operations of the Transit secret engine, enabling fine-grained access control to encryption, decryption, and key management functions. This is important for maintaining a strict separation of duties within the organization.
Latest VA-002-P Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund