The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/
Answer(s): B
The lease command groups subcommands for interacting with leases attached to secrets.Subcommands:renew Renews the lease of a secretrevoke Revokes leases and secretsUsing the '-prefix' flag allows you to revoke the entire tree of secrets.
A user has logged into the Vault user interface but cannot browse to a secret located at kv/applications/app3, however, the policy the user is bound by permits read permission to the secret.Because of the read permission, the user should be able to read the secret in the Vault UI.
Answer(s): A
To browse Vault paths in the UI, the user must have list permissions on the mount and the paths leading up to the secret.
To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault
It is generally considered a best practice to not persist root tokens. Instead, a root token should be generated using Vault's operator generate-root command only when absolutely necessary. For day-to-day operations, the root token should be deleted after configuring other auth methods which will be used by admins and Vault clients.
The security barrier protects all of the following Vault components except ___.
Answer(s): C
storage backend and HTTP API are outside of the security barrier hence can't be protected.
Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:
Bruno commented on October 10, 2023 PDF is Vault, EXM is Teraform. UNITED STATES upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the VA-002-P content, but please register or login to continue.