ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
When looking at Vault token details, which key helps you find the paths the token is able to access?
Which statement describes the results of this command: $ vault secrets enable transit
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
An authentication method should be selected for a use case based on:
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:

Question 32 - Vault Associate 002 discussion

Report
Export

When unsealing Vault, each Shamir unseal key should be entered:

A.
Sequentially from one system that all of the administrators are in front of
Answers
A.
Sequentially from one system that all of the administrators are in front of
B.
By different administrators each connecting from different computers
Answers
B.
By different administrators each connecting from different computers
C.
While encrypted with each administrators PGP key
Answers
C.
While encrypted with each administrators PGP key
D.
At the command line in one single command
Answers
D.
At the command line in one single command
Suggested answer: B

Explanation:

When unsealing Vault, each Shamir unseal key should be entered by different administrators each connecting from different computers. This is because the Shamir unseal keys are split into shares that are distributed to trusted operators, and no single operator should have access to more than one share. This way, the unseal process requires the cooperation of a quorum of key holders, and enhances the security and availability of Vault. The unseal keys can be entered via multiple mechanisms from multiple client machines, and the process is stateful. The order of the keys does not matter, as long as the threshold number of keys is reached. The unseal keys should not be entered at the command line in one single command, as this would expose them to the history and compromise the security.The unseal keys should not be encrypted with each administrator's PGP key, as this would prevent Vault from decrypting them and reconstructing the master key.Reference: https://developer.hashicorp.com/vault/docs/concepts/seal3, https://developer.hashicorp.com/vault/docs/commands/operator/unseal

Show Answer
asked 18/09/2024
Arindam Sinha
26 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms