問題1
Which of the following actions can be performed if you only had access to a token's accessor? (Select four)
Which of the following actions can be performed if you only had access to a token's accessor? (Select four)
正確答案: A,C,D,E
說明:(僅 NewDumps 成員可見)
問題2
After encrypting data using the Transit secrets engine, you've received the following output. Which of the following is true based on the output displayed below?
Key: ciphertext Value: vault:v2:
45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
After encrypting data using the Transit secrets engine, you've received the following output. Which of the following is true based on the output displayed below?
Key: ciphertext Value: vault:v2:
45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
正確答案: A
說明:(僅 NewDumps 成員可見)
問題3
Which of the following auth methods is the best choice for human interaction with Vault (as opposed to machine/system authentication)?
Which of the following auth methods is the best choice for human interaction with Vault (as opposed to machine/system authentication)?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題4
True or False? When using the Transit secrets engine, setting the min_decryption_version will determine the minimum key length of the data key (i.e., 2048, 4096, etc.).
True or False? When using the Transit secrets engine, setting the min_decryption_version will determine the minimum key length of the data key (i.e., 2048, 4096, etc.).
正確答案: A
說明:(僅 NewDumps 成員可見)
問題5
Which of the following are considered benefits of using policies in Vault? (Select three)
Which of the following are considered benefits of using policies in Vault? (Select three)
正確答案: B,C,D
說明:(僅 NewDumps 成員可見)
問題6
Below is a list of parent and child tokens and their associated TTL. Which token(s) will be revoked first?
Below is a list of parent and child tokens and their associated TTL. Which token(s) will be revoked first?
正確答案: E
說明:(僅 NewDumps 成員可見)
問題7
To secure your applications, your organization uses certificates generated by a public CA. However, this strategy has proven expensive and you have to revoke certificates even though they have additional time left.
What Vault plugin can be used to quickly generate X.509 certificates to secure your internal applications?
To secure your applications, your organization uses certificates generated by a public CA. However, this strategy has proven expensive and you have to revoke certificates even though they have additional time left.
What Vault plugin can be used to quickly generate X.509 certificates to secure your internal applications?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題8
A security architect is designing a solution to address the "Secret Zero" problem for a Kubernetes-based application that needs to authenticate to HashiCorp Vault. Which approach correctly leverages Vault features to solve this challenge?
A security architect is designing a solution to address the "Secret Zero" problem for a Kubernetes-based application that needs to authenticate to HashiCorp Vault. Which approach correctly leverages Vault features to solve this challenge?
正確答案: A
說明:(僅 NewDumps 成員可見)
問題9
Which of the following best describes a token accessor?
Which of the following best describes a token accessor?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題10
When using Integrated Storage, which of the following should you do to recover from possible data loss?
When using Integrated Storage, which of the following should you do to recover from possible data loss?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題11
The key/value v2 secrets engine is enabled at secret/ See the following policy:
Which of the following operations are permitted by this policy? Choose two correct answers.
The key/value v2 secrets engine is enabled at secret/ See the following policy:
Which of the following operations are permitted by this policy? Choose two correct answers.
正確答案: A,D
說明:(僅 NewDumps 成員可見)
問題12
Your organization uses a CI/CD pipeline to deploy its applications on Azure. During testing, you generate new credentials to validate Vault can create new credentials. The result of this command is below:
text
CollapseWrapCopy
$ vault read azure/creds/bryan-krausen
Key Value
--- -----
lease_id azure/creds/bryan-krausen/9eed0373-ca92-99b6-b914-779b7bb0e1d9 lease_duration 60m lease_renewable true client_id 532bf678-ee4e-6be1-116b-4e4221e445dd client_secret be60395b-4e6b-2b7e-a4b3-c449a5c00973 What commands can be used to revoke this secret after you have finished testing? (Select three)
Your organization uses a CI/CD pipeline to deploy its applications on Azure. During testing, you generate new credentials to validate Vault can create new credentials. The result of this command is below:
text
CollapseWrapCopy
$ vault read azure/creds/bryan-krausen
Key Value
--- -----
lease_id azure/creds/bryan-krausen/9eed0373-ca92-99b6-b914-779b7bb0e1d9 lease_duration 60m lease_renewable true client_id 532bf678-ee4e-6be1-116b-4e4221e445dd client_secret be60395b-4e6b-2b7e-a4b3-c449a5c00973 What commands can be used to revoke this secret after you have finished testing? (Select three)
正確答案: B,D,E
說明:(僅 NewDumps 成員可見)