QUESTION: 45

The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/

False
True

Answer(s): B

Explanation:

The lease command groups subcommands for interacting with leases attached to secrets.
Subcommands:
renew Renews the lease of a secret
revoke Revokes leases and secrets
Using the '-prefix' flag allows you to revoke the entire tree of secrets.

Reveal Solution Next Question

QUESTION: 46

A user has logged into the Vault user interface but cannot browse to a secret located at kv/applications/app3, however, the policy the user is bound by permits read permission to the secret.
Because of the read permission, the user should be able to read the secret in the Vault UI.

False
True

Answer(s): A

Explanation:

To browse Vault paths in the UI, the user must have list permissions on the mount and the paths leading up to the secret.

Reveal Solution Next Question

QUESTION: 47

To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault

False
True

Answer(s): A

Explanation:

It is generally considered a best practice to not persist root tokens. Instead, a root token should be generated using Vault's operator generate-root command only when absolutely necessary. For day-to-day operations, the root token should be deleted after configuring other auth methods which will be used by admins and Vault clients.

Reveal Solution Next Question

QUESTION: 48

The security barrier protects all of the following Vault components except ___.

secret engine
auth method
storage backend
audit devices
token store

Answer(s): C

Explanation:

storage backend and HTTP API are outside of the security barrier hence can't be protected.

Reveal Solution Next Question

Free VA-002-P Exam Braindumps (page: 13)

QUESTION: 45

Explanation:

QUESTION: 46

Explanation:

QUESTION: 47

Explanation:

QUESTION: 48

Explanation:

Exam Discussions & Posts