- All Exams Instant Download
How would you describe the value of using the Vault transit secrets engine?
How would you describe the value of using the Vault transit secrets engine?A . Vault has an API that can be programmatically consumed by applicationsB . The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wideC . Encryption for application data is best handled by a storage...
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?A . updateB . readC . sudoD . listE . None of the aboveView AnswerAnswer: D Explanation: In Vault, permission is required to...
Which of the following best describes the transit secrets engine?
You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?A . A data key encrypts the blob locally, and the same key decrypts the blob locally.B . To process such a large blob. Vault will temporarily...
Where do you define the Namespace to log into using the Vault Ul?
HOTSPOT Where do you define the Namespace to log into using the Vault Ul? To answer this question Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer" button once you have positioned the arrow...
Which of the following cannot define the maximum time-to-live (TTL) for a token?
Which of the following cannot define the maximum time-to-live (TTL) for a token?A . By the authentication method t natively provide a method of expiring credentialsB . By the client system f credentials leakingC . By the mount endpoint configuration very password usedD . A parent token TTL e password...
Which secrets engine would you recommend?
Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?A . Google Cloud Secrets EngineB . Identity secrets engineC . Key/Value secrets engine version 2D ....
What environment variable overrides the CLI's default Vault server address?
What environment variable overrides the CLI's default Vault server address? A. VAULT_ADDR B. VAULT_HTTP_ADORESS C. VAULT_ADDRESS D. VAULT _HTTPS_ ADDRESSView AnswerAnswer: A Explanation: Option A. VAULT_ADDR is an environment variable that overrides the CLI's default Vault server address. This environment variable can be set to the URL of the Vault...
What can be used to limit the scope of a credential breach?
What can be used to limit the scope of a credential breach?A . Storage of secrets in a distributed ledgerB . Enable audit loggingC . Use of a short-lived dynamic secretsD . Sharing credentials between applicationsView AnswerAnswer: C Explanation: Using a short-lived dynamic secrets can help limit the scope of...
What are orphan tokens?
What are orphan tokens?A . Orphan tokens are tokens with a use limit so you can set the number of uses when you create themB . Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent doesC . Orphan tokens are tokens with...
You can build a high availability Vault cluster with any storage backend.
You can build a high availability Vault cluster with any storage backend.A . TrueB . FalseView AnswerAnswer: B Explanation: Not all storage backends support high availability mode for Vault. Only the storage backends that support locking can enable Vault to run in a multi-server mode where one server is active...
