Which of the following cannot define the maximum time-to-live (TTL) for a token?
Which of the following cannot define the maximum time-to-live (TTL) for a token?
A . By the authentication method t natively provide a method of expiring credentials
B . By the client system f credentials leaking
C . By the mount endpoint configuration very password used
D . A parent token TTL e password rotation tools and practices
E . System max TTL
Answer: B
Explanation:
The maximum time-to-live (TTL) for a token is defined by the lowest value among the following factors:
The authentication method that issued the token. Each auth method can have a default and a maximum TTL for the tokens it generates. These values can be configured by the auth method’s mount options or by the auth method’s specific endpoints.
The mount endpoint configuration that the token is accessing. Each secrets engine can have a default and a maximum TTL for the leases it grants. These values can be configured by the secrets engine’s
mount options or by the secrets engine’s specific endpoints.
A parent token TTL. If a token is created by another token, it inherits the remaining TTL of its parent token, unless the parent token has an infinite TTL (such as the root token). A child token cannot outlive its parent token.
System max TTL. This is a global limit for all tokens and leases in Vault. It can be configured by the system backend’s max_lease_ttl option.
The client system that uses the token cannot define the maximum TTL for the token, as this is determined by Vault’s configuration and policies. The client system can only request a specific TTL for the token, but this request is subject to the limits imposed by the factors above.
Reference:
https://developer.hashicorp.com/vault/docs/concepts/tokens3, https://developer.hashicorp.com/vault/docs/concepts/lease2, https://developer.hashicorp.com/vault/docs/commands/auth/tune4, https://developer.hashicorp.com/vault/docs/commands/secrets/tune5, https://developer.hashicorp.com/vault/docs/commands/token/create6
Latest VA-002-P Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund