Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

While installing the first CP in an environment, errors that occurred when the environment was created are displayed; however, the installation procedure continued and finished successfully.

What should you do?

A.

Continue configuring the application to use the CP. No further action is needed since the successful installation makes the error message benign.

B.

Review the lag file 'CreateEnv.loq' and investigate any error messages it contains.

C.

Run setup.exe again and select 'Recreate Vault Environment'. Provide the details of a user with more privileges when prompted by the installer.

D.

Review the PV WA lags to determine which REST API call used during the installation failed.

Full Access
Question # 5

When an application is retrieving a credential from Conjur, the application authenticates to Follower A. Follower B receives the next request to retrieve the credential.

What happens next?

A.

The Coniur Token is stateless and Follower B is able to validate the Token and satisfy the request.

B.

The Coniur Token is stateful and Follower B is unable to validate the Token promptinq the application to re-authenticate.

C.

The Coryur Token is stateless and Follower B redirects the request to Follower A to satisfy the request.

D.

The Coniur Token is stateful and Follower B redirects the request to Follower A to satisfy the request.

Full Access
Question # 6

A customer wants to ensure applications can retrieve secrets from Conjur in three different data centers if the Conjur Leader becomes unavailable. Conjur Followers are already deployed in each of these data centers.

How should you architect the solution to support this requirement?

A.

No changes are required.

B.

Deploy a Standby in each data center that can be promoted to the role of Leader.

C.

Extend the auto failover cluster to include Standby© in each data center and allow for automatic recovery should the Leader become unavailable.

D.

Deploy a CP provider on the Follower server to provide offline caching capabilities for the Follower.

Full Access
Question # 7

In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer than the configured TTL. A Standby has been promoted.

Which steps are required to repair the cluster when the old Leader is brought back online?

A.

On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list.

Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.

B.

Generate a Standby seed for the newly promoted Leader.

Stop and remove the container on the new Leader, then rebuild it as a new Standby.

Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.

C.

Generate standby seeds for the newly-promoted Leader and the 3rd Standby

Stop and remove the containers and then rebuild them as new Standbys.

On both new Standbys, re-enroll the node to the cluster.

D.

On the new Leader, generate a Standby seed for the old Leader node and re-upload the auto-failover policy in “replace” mode.

Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

Full Access
Question # 8

A customer requires high availability in its AWS cloud infrastructure.

What is the minimally viable Conjur deployment architecture to achieve this?

A.

one Follower in each AZ. load balancer for the region

B.

two Followers in each region, load balanced for the region

C.

two Followers in each AZ. load balanced for the region

D.

two Followers in each region, load balanced across all regions

Full Access
Question # 9

When attempting to retrieve a credential, you receive an error 401 – Malformed Authorization Token.

What is the cause of the issue?

A.

The token is not correctly encoded.

B.

The token you are trying to retrieve does not exist.

C.

The host does not have access to the credential with the current token.

D.

The credential has not been initialized.

Full Access
Question # 10

You are diagnosing this log entry:

From Conjur logs:

Given these errors, which problem is causing the breakdown?

A.

The Jenkins certificate chain is not trusted by Conjur.

B.

The Conjur certificate chain is not trusted by Jenkins.

C.

The JWT sent by Jenkins does not match the Conjur host annotations.

D.

The Jenkins certificate is malformed and will not be trusted by Conjur.

Full Access
Question # 11

You are upgrading an HA Conjur cluster consisting of 1x Leader, 2x Standbys & 1x Follower. You stopped replication on the Standbys and Followers and took a backup of the Leader.

Arrange the steps to accomplish this in the correct sequence.

Full Access
Question # 12

When installing the Vault Conjur Synchronizer, you see this error:

Forbidden

Logon Token is Empty – Cannot logon

Unauthorized

What must you ensure to remediate the issue?

A.

This admin user must not be logged in to other sessions during the Vault Conjur Synchronizer installation process.

B.

You specified the correct url for Conjur and it is listed as a SAN on that url’s certificate.

C.

You correctly URI encoded the url in the installation script.

D.

You ran powershell as Administrator and there is sufficient space on the server on which you are running the installation.

Full Access
Question # 13

When working with Summon, what is the purpose of the secrets.yml file?

A.

It is where Summon outputs the secret value after retrieval.

B.

It is where you define which secrets to retrieve.

C.

It is where you store the Conjur URL and host API key.

D.

It is the log file for Summon.

Full Access
Question # 14

Match the correct network port to its function in Conjur.

Full Access
Question # 15

You are enabling synchronous replication on Conjur cluster.

What should you do?

A.

Execute this command on the Leader:

docker exec sh –c”

evoke replication sync that

*

B.

Execute this command on each Standby:

docker exec sh –c”

evoke replication sync that

*

C.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Leader.

D.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Standbys.

Full Access
Question # 16

What is the correct command to import the root CA certificate into Conjur?

A.

docker exec evoke ca import – –no-restart – –root

B.

docker exec evoke import – –no-restart – –root

C.

docker exec evoke ca import – –no-restart

D.

docker exec ca import

Full Access
Question # 17

Which statement is true for the Conjur Command Line Interface (CLI)?

A.

It is supported on Windows, Red Hat Enterprise Linux, and macOS.

B.

It can only be run from the Conjur Leader node.

C.

It is required for working with the Conjur REST API.

D.

It does not implement the Conjur REST API for managing Conjur resources.

Full Access
Question # 18

In the event of a failover of the Vault server from the primary to the DR, which configuration option ensures that a CP will continue being able to refresh its cache?

A.

Add the DR Vault IP address to the “Address” parameter in the file main_appprovider.conf. . found in the AppProviderConf safe.

B.

Add the IP address of the DR vault to the “Address” parameter in the file Vault.ini.file on the machine on which the CP is installed.

C.

In the Password Vault Web Access UI, add the IP address of the DR Vault in the Disaster Recovery section under Applications > Options.

D.

In the Conjur UI, add the IP address of the DR Vault in the Disaster Recovery section under Cluster Config > Credential Provider > Options.

Full Access