New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

What is the Vault CLI command to query information about the token the client is currently using?

A.

vault lookup token

B.

vault token lookup

C.

vault lookup self

D.

vault self-lookup

Full Access
Question # 5

As a best practice, the root token should be stored in which of the following ways?

A.

Should be revoked and never stored after initial setup

B.

Should be stored in configuration automation tooling

C.

Should be stored in another password safe

D.

Should be stored in Vault

Full Access
Question # 6

An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

A.

True

B.

False

Full Access
Question # 7

When an auth method is disabled all users authenticated via that method lose access.

A.

True

B.

False

Full Access
Question # 8

The Vault encryption key is stored in Vault's backend storage.

A.

True

B.

False

Full Access
Question # 9

Which of the following is a machine-oriented Vault authentication backend?

A.

Okta

B.

AppRole

C.

Transit

D.

GitHub

Full Access
Question # 10

An authentication method should be selected for a use case based on:

A.

The auth method that best establishes the identity of the client

B.

The cloud provider for which the client is located on

C.

The strongest available cryptographic hash for the use case

D.

Compatibility with the secret engine which is to be used

Full Access
Question # 11

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.

A.

vault kv get secret/webapp1

B.

vault kv put secret/webapp1 apikey-"ABCDEFGHI] K123M"

C.

vault kv metadata get secret/webapp1

D.

vault kv delete secret/super-secret

E.

vault kv list secret/super-secret

Full Access
Question # 12

What can be used to limit the scope of a credential breach?

A.

Storage of secrets in a distributed ledger

B.

Enable audit logging

C.

Use of a short-lived dynamic secrets

D.

Sharing credentials between applications

Full Access
Question # 13

To make an authenticated request via the Vault HTTP API, which header would you use?

A.

The X-Vault-Token HTTP Header

B.

The x-Vault-Request HTTP Header

C.

The Content-Type HTTP Header

D.

The X-Vault-Namespace HTTP Header

Full Access
Question # 14

A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.

A.

You can rotate the encryption key so that the attacker won’t be able to decrypt the data

B.

The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted

C.

The Vault administrator would need to seal the Vault server immediately

D.

Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)

Full Access
Question # 15

You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like?

A.

B.

C.

D.

Full Access
Question # 16

When looking at Vault token details, which key helps you find the paths the token is able to access?

A.

Meta

B.

Path

C.

Policies

D.

Accessor

Full Access
Question # 17

Vault supports which type of configuration for source limited token?

A.

Cloud-bound tokens

B.

Domain-bound tokens

C.

CIDR-bound tokens

D.

Certificate-bound tokens

Full Access