ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
An authentication method should be selected for a use case based on:
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?

Question 1 - Vault Associate 002 discussion

Report
Export

The following three policies exist in Vault. What do these policies allow an organization to do?

A.
Separates permissions allowed on actions associated with the transit secret engine
Answers
A.
Separates permissions allowed on actions associated with the transit secret engine
B.
Nothing, as the minimum permissions to perform useful tasks are not present
Answers
B.
Nothing, as the minimum permissions to perform useful tasks are not present
C.
Encrypt, decrypt, and rewrap data using the transit engine all in one policy
Answers
C.
Encrypt, decrypt, and rewrap data using the transit engine all in one policy
D.
Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data
Answers
D.
Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data
Suggested answer: C

Explanation:

The three policies that exist in Vault are:

admins: This policy grants full access to all secrets and operations in Vault. It can be used by administrators or operators who need to manage all aspects of Vault.

default: This policy grants access to all secrets and operations in Vault except for those that require specific policies. It can be used as a fallback policy when no other policy matches.

transit: This policy grants access only to the transit secrets engine, which handles cryptographic functions on data in-transit. It can be used by applications or services that need to encrypt or decrypt data using Vault.

These policies allow an organization to perform useful tasks such as:

Encrypting, decrypting, and rewrapping data using the transit engine all in one policy: This policy grants access to both the transit secrets engine and the default policy, which allows performing any operation on any secret in Vault.

Creating a transit encryption key for encrypting, decrypting, and rewrapping encrypted data: This policy grants access only to the transit secrets engine and its associated keys, which are used for encrypting and decrypting data in transit using AES-GCM with a 256-bit AES key or other supported key types.

Separating permissions allowed on actions associated with the transit secret engine: This policy grants access only to specific actions related to the transit secrets engine, such as creating keys or wrapping requests. It does not grant access to other operations or secrets in Vault.

Show Answer
asked 18/09/2024
Yasser Mohamed Mohamed
45 questions
NextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms