Exam4Training

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?
A . path "secret/apps/confidential/*" {
capabilities = ["deny"]
}
B . path "secret/apps/*" {
capabilities = ["deny"]
}
C . path "secret/apps/confidential" {
capabilities = ["deny"]
}

D . path "secret/apps/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/*" {
capabilities = ["read", "deny"]
}

Answer: C

Explanation:

"Deny" capability generally takes precedence over "allow" capability.

Therefore, if you add the correct deny statement, the user will be able to read all secrets except for the data stored at secret/apps/confidential

Latest VA-002-P Dumps Valid Version with 200 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version