Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

From the options below, select the benefits of using the PKI (certificates) secrets engine: (select three)

A.

TTLs on Vault certs are longer to ensure certificates are valid for a longer period of time

B.

Vault can act as an intermediate CA

C.

reducing, or eliminating certificate revocations

D.

reduces time to get a certificate by eliminating the need to generate a private key and CSR

Which of the following cloud providers are not supported by Vault secrets engines?

A.

Oracle

B.

Azure

C.

AWS

D.

GCP

E.

AliCloud

In order to extend a Consul storage backend, Consul nodes should be provisioned across multiple data centers or cloud regions.

A.

True

B.

False

Which of the following secrets engine can generate dynamic credentials? (select three)

A.

Azure

B.

database

C.

key/value

D.

Transit

E.

AWS

Select the most accurate statement to describe the Terraform language from the following list.

A.

Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.

B.

Terraform is a mutable, declarative, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

C.

Terraform is an immutable, procedural, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

D.

Terraform is a mutable, procedural, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally YAML.

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

A.

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

B.

path "secret/apps/*" {

capabilities = ["deny"]

}

C.

path "secret/apps/confidential" {

capabilities = ["deny"]

}

D.

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

What is the result of the following terraform function call?

index(["a", "b", "c"], "c")

A.

1

B.

true

C.

2

D.

0

An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like?

Requirement: Each user can perform all operations on their allocated key/value secret path

A.

path "user-kv/data/{{identity.entity.name}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

B.

path "user-kv/data/{{identity.entity.id.name}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

C.

path "user-kv/data/{{identity.entity.aliases.<>.id}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

D.

path "user-kv/data/{{user}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

The Vault Agent provides which of the following benefits? (select three)

A.

client-side caching of responses

B.

automatically creates secrets in the desired storage backend

C.

authentication to Vault

D.

token renewal

Select all Operating Systems that Terraform is available for. (select five)

A.

Linux

B.

Windows

C.

Unix

D.

FreeBSD

E.

Solaris

F.

macOS