Page: 1
/ 7
Total 93 questions
HOTSPOT -
For the following statements, choose which secrets engine enables the use case.
Each answer should only be used once.
Answer :
To encrypt your secret with the transit secrets engine, you must send the Base32-encoded plaintext to Vault.
- A. True
- B. False
Answer : B
Vault Agent supports which of the following? (Choose two.)
- A. Secrets Cachin
- B. Local key/value store
- C. Local replica of transit encryption key
- D. Auto-unseal Vault
- E. Auto authentication
Answer : AE
Which is not true of Vault tokens?
- A. Vault tokens are the core method for authentication in Vault
- B. Vault tokens are generated by every authentication method login
- C. Vault tokens map to information including polices the token holder has, TTL and max usage, metadata, creation and last renewal time, and more
- D. Vault tokens are required for every Vault call
Answer : D
When using Integrated Storage, which of the following should you do to recover from possible data loss?
- A. Use local storage
- B. Enable audit device
- C. Use snapshot
- D. Use external storage
Answer : C
Which of the following is a reason to rekey a Vault cluster? (Choose two.)
- A. A keyholder joins or leaves the organization
- B. Adding additional Vault nodes to a cluster
- C. The rook token is lost
- D. A compliance mandate to rotate the master key at a regular interval
- E. Upgrading Vault Community Edition to Vault Enterprise
Answer : AD
What information is required to revoke a Vault lease?
- A. Secret ID
- B. User ID
- C. Lease ID
- D. Token ID
Answer : C
Use this screenshot to answer the question below:
Which statement describes this AppRole auth method configuration?
- A. Generates batch tokens with TTL set to 5 minutes
- B. Generates multiple tokens with TTL set to 5 minutes
- C. It is enabled at “App1” path
- D. It is enabled at “auth_approle_f23dd79f” path
Answer : A
What is a secret in the context of Vault?
- A. HTTP session token that provides authorization to Vault
- B. Threshold of keys required to unseal the Vault
- C. Anything stored or returned that contains confidential material
- D. Engine responsible for logging all requests and responses
Answer : C
What methods of authentication does Vault support? (Choose four.)
- A. JWT/OIDC
- B. AppRole
- C. GitHub
- D. MMSQL
- E. PostgreSQL
- F. Nomad
- G. LDAP
Answer : ABCG
Vault Agent allows client-side caching of tokens and leases. If the agent is shut down, those tokens and leases cached will be revoked.
- A. True
- B. False
Answer : B
Which kind of token can be renewed indefinitely?
- A. Periodic token
- B. Orphan token
- C. Use-limit token
- D. Root token
- E. All of the above
Answer : A
You can use a response-wrapping token more than once for as long as it has not expired.
- A. True
- B. False
Answer : B
Which statement describes the results of this command: $ vault secrets enable -version=2 kv (Choose two.)
- A. Enables the secrets engine at path kv2/
- B. The -version is an invalid flag
- C. Enables the secrets engine at path kv/
- D. Enables K/V v1 secrets engine
- E. Enables K/V v2 secrets engine
Answer : CE
30 days access 