ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
When looking at Vault token details, which key helps you find the paths the token is able to access?
Which statement describes the results of this command: $ vault secrets enable transit
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
An authentication method should be selected for a use case based on:
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:

Question 38 - Vault Associate 002 discussion

Report
Export

You are using Vault's Transit secrets engine to encrypt your dat

a. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would you do this?

A.
Use 4096-bit RSA key to encrypt the data
Answers
A.
Use 4096-bit RSA key to encrypt the data
B.
Upgrade to Vault Enterprise and integrate with HSM
Answers
B.
Upgrade to Vault Enterprise and integrate with HSM
C.
Periodically re-key the Vault's unseal keys
Answers
C.
Periodically re-key the Vault's unseal keys
D.
Periodically rotate the encryption key
Answers
D.
Periodically rotate the encryption key
Suggested answer: D

Explanation:

The Transit secrets engine supports the rotation of encryption keys, which allows you to change the key that is used to encrypt new data without affecting the ability to decrypt data that was already encrypted. This reduces the amount of content encrypted with a single key in case the key gets compromised, and also helps you comply with the NIST guidelines for key rotation. You can rotate the encryption key manually by invoking the /transit/keys/<name>/rotate endpoint, or you can configure the key to automatically rotate based on a time interval or a number of encryption operations. When you rotate a key, Vault generates a new key version and increments the key's latest_version metadata. The new key version becomes the encryption key used for encrypting any new data. The previous key versions are still available for decrypting the existing data, unless you specify a minimum decryption version to archive the old key versions.You can also delete or disable old key versions if you want to revoke access to the data encrypted with those versions.Reference: https://developer.hashicorp.com/vault/docs/secrets/transit1, https://developer.hashicorp.com/vault/api-docs/secret/transit2

Show Answer
asked 18/09/2024
Venkataramanan R
32 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms