ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
Which statement describes the results of this command: $ vault secrets enable transit
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
An authentication method should be selected for a use case based on:
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

Question 8 - Vault Associate 002 discussion

Report
Export

Which of the following cannot define the maximum time-to-live (TTL) for a token?

A.
By the authentication method t natively provide a method of expiring credentials
Answers
A.
By the authentication method t natively provide a method of expiring credentials
B.
By the client system f credentials leaking
Answers
B.
By the client system f credentials leaking
C.
By the mount endpoint configuration very password used
Answers
C.
By the mount endpoint configuration very password used
D.
A parent token TTL e password rotation tools and practices
Answers
D.
A parent token TTL e password rotation tools and practices
E.
System max TTL
Answers
E.
System max TTL
Suggested answer: B

Explanation:

The maximum time-to-live (TTL) for a token is defined by the lowest value among the following factors:

The authentication method that issued the token. Each auth method can have a default and a maximum TTL for the tokens it generates. These values can be configured by the auth method's mount options or by the auth method's specific endpoints.

The mount endpoint configuration that the token is accessing. Each secrets engine can have a default and a maximum TTL for the leases it grants. These values can be configured by the secrets engine's mount options or by the secrets engine's specific endpoints.

A parent token TTL. If a token is created by another token, it inherits the remaining TTL of its parent token, unless the parent token has an infinite TTL (such as the root token). A child token cannot outlive its parent token.

System max TTL. This is a global limit for all tokens and leases in Vault. It can be configured by the system backend's max_lease_ttl option.

The client system that uses the token cannot define the maximum TTL for the token, as this is determined by Vault's configuration and policies. The client system can only request a specific TTL for the token, but this request is subject to the limits imposed by the factors above.

Show Answer
asked 18/09/2024
Robbie Shen
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms