ExamGecko
Search Search Login
Home Home / HashiCorp / Vault Associate 002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault. Which Vault command will revoke the lease and remove the credential from AWS?
What can be used to limit the scope of a credential breach?
What does the following policy do?
When looking at Vault token details, which key helps you find the paths the token is able to access?
Which statement describes the results of this command: $ vault secrets enable transit
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
The Vault encryption key is stored in Vault's backend storage.
An authentication method should be selected for a use case based on:
Where can you set the Vault seal configuration? Choose two correct answers.
When unsealing Vault, each Shamir unseal key should be entered:

Question 53 - Vault Associate 002 discussion

Report
Export

Examine the command below. Output has been trimmed.

Which of the following statements describe the command and its output?

A.
Missing a default token policy
Answers
A.
Missing a default token policy
B.
Generated token's TTL is 60 hours
Answers
B.
Generated token's TTL is 60 hours
C.
Generated token is an orphan token which can be renewed indefinitely
Answers
C.
Generated token is an orphan token which can be renewed indefinitely
D.
Configures the AppRole auth method with user specified role ID and secret ID
Answers
D.
Configures the AppRole auth method with user specified role ID and secret ID
Suggested answer: B, C

Explanation:

The command shown in the image is:

vault token create -policy=approle -orphan -period=60h

This command creates a new token with the following characteristics:

It has the policy ''approle'' attached to it, which grants or denies access to certain paths and operations in Vault according to the policy rules.The policy can be defined by using the vault policy write command or the sys/policy API endpoint12.

It is an orphan token, which means it has no parent token and it will not be revoked when its parent token is revoked.Orphan tokens can be useful for creating long-lived tokens that are not affected by the token hierarchy3.

It has a period of 60 hours, which means it has a renewable TTL of 60 hours. This means that the token can be renewed indefinitely as long as it does not go past the 60-hour mark from the last renewal time. The token's TTL will be reset to 60 hours upon each renewal.Periodic tokens are useful for creating tokens that have a fixed lifetime and can be easily revoked4.

Show Answer
asked 18/09/2024
Delano van Kleinwee
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms