If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

VA-002-P 0 Comments

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?
A . path "secret/apps/confidential/*" {
capabilities = ["deny"]
}
B . path "secret/apps/*" {
capabilities = ["deny"]
}
C . path "secret/apps/confidential" {
capabilities = ["deny"]
}
D . path "secret/apps/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/*" {
capabilities = ["read", "deny"]
}

Answer: C

Explanation:

"Deny" capability generally takes precedence over "allow" capability.

Therefore, if you add the correct deny statement, the user will be able to read all secrets except for the data stored at secret/apps/confidential

Latest VA-002-P Dumps Valid Version with 200 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download VA-002-P PDF     VA-002-P Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments