An authentication method should be selected for a use case based on:
A. The auth method that best establishes the identity of the client
B. The cloud provider for which the client is located on
C. The strongest available cryptographic hash for the use case
D. Compatibility with the secret engine which is to be used
Which of the following statements are true about Vault policies? Choose two correct answers.
A. The default policy can not be modified
B. You must use YAML to define policies
C. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault
D. Vault must be restarted in order for a policy change to take an effect
E. Policies deny by default (empty policy grants no permission)
What environment variable overrides the CLI's default Vault server address?
A. VAULT_ADDR
B. VAULT_HTTP_ADORESS
C. VAULT_ADDRESS
D. VAULT _HTTPS_ ADDRESS
Examine the command below. Output has been trimmed.
Which of the following statements describe the command and its output?
A. Missing a default token policy
B. Generated token's TTL is 60 hours
C. Generated token is an orphan token which can be renewed indefinitely
D. Configures the AppRole auth method with user specified role ID and secret ID
Which of the following statements describe the secrets engine in Vault? Choose three correct answers.
A. Some secrets engines simply store and read data
B. Once enabled, you cannot disable the secrets engine
C. You can build your own custom secrets engine
D. Each secrets engine is isolated to its path
E. A secrets engine cannot be enabled at multiple paths
An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.
A. True
B. False
Which of these are a benefit of using the Vault Agent?
A. Vault Agent allows for centralized configuration of application secrets engines
B. Vault Agent will auto-discover which authentication mechanism to use
C. Vault Agent will enforce minimum levels of encryption an application can use
D. Vault Agent will manage the lifecycle of cached tokens and leases automatically
You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?
A. Increase the time-to-live on service tokens
B. Implement batch tokens
C. Establish a rate limit quota
D. Reduce the number of policies attached to the tokens
When looking at Vault token details, which key helps you find the paths the token is able to access?
A. Meta
B. Path
C. Policies
D. Accessor
You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"? This new user will need the power-users policy.
A. Option A
B. Option B
C. Option C
D. Option D