ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?
When looking at Vault token details, which key helps you find the paths the token is able to access?

Question 7 - Vault Associate 002 discussion

Report
Export

Which of these is not a benefit of dynamic secrets?

A.
Supports systems which do not natively provide a method of expiring credentials
Answers
A.
Supports systems which do not natively provide a method of expiring credentials
B.
Minimizes damage of credentials leaking
Answers
B.
Minimizes damage of credentials leaking
C.
Ensures that administrators can see every password used
Answers
C.
Ensures that administrators can see every password used
D.
Replaces cumbersome password rotation tools and practices
Answers
D.
Replaces cumbersome password rotation tools and practices
Suggested answer: C

Explanation:

Dynamic secrets are generated on-demand by Vault and have a limited time-to-live (TTL). They do not ensure that administrators can see every password used, as they are often encrypted and ephemeral. The benefits of dynamic secrets are:

They support systems that do not natively provide a method of expiring credentials, such as databases, cloud providers, SSH, etc. Vault can revoke the credentials when they are no longer needed or when the lease expires.

They minimize the damage of credentials leaking, as they are short-lived and can be easily rotated or revoked. If a credential is compromised, the attacker has a limited window of opportunity to use it before it becomes invalid.

They replace cumbersome password rotation tools and practices, as Vault can handle the generation and revocation of credentials automatically and securely. This reduces the operational overhead and complexity of managing secrets.

Show Answer
asked 18/09/2024
Geetanjali Singh
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms