Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HashiCorp Exam Vault-Associate Topic 3 Question 21 Discussion

Actual exam question for HashiCorp's Vault-Associate exam
Question #: 21
Topic #: 3
[All Vault-Associate Questions]

Examine the command below. Output has been trimmed.

Which of the following statements describe the command and its output?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Vault secret engine that can be used to build your own internal certificate authority is the PKI secret engine. The PKI secret engine generates dynamic X.509 certificates on-demand, without requiring manual processes of generating private keys and CSRs, submitting to a CA, and waiting for verification and signing. The PKI secret engine can act as a root CA or an intermediate CA, and can issue certificates for various purposes, such as TLS, code signing, email encryption, etc. The PKI secret engine can also manage the certificate lifecycle, such as rotation, revocation, renewal, and CRL generation. The PKI secret engine can also integrate with external CAs, such as Venafi or Entrust, to delegate the certificate issuance and management.Reference:PKI - Secrets Engines | Vault | HashiCorp Developer,Build Your Own Certificate Authority (CA) | Vault - HashiCorp Learn


by Murray at Jul 11, 2024, 06:39 PM

Limited Time Offer

25%

Off

Get Premium Vault-Associate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dell
10 days ago
Missing a default token policy? Sounds like the dev team needs to brush up on their Vault bedtime stories.
upvoted 0 times
...
Kimberlie
12 days ago
60 hours is a pretty long TTL for a token. I wonder if that's intentional or if there's a good reason for that specific duration.
upvoted 0 times
...
Jose
13 days ago
Hmm, the token being an orphan token that can be renewed indefinitely is interesting. That could be a useful feature, but it's important to understand the security implications.
upvoted 0 times
...
Jani
19 days ago
The command is definitely missing a default token policy, which is important for setting the token's behavior. I'm curious about why that was left out.
upvoted 0 times
...
Paz
2 months ago
The command appears to be setting up an AppRole auth method with a specified role ID and secret ID. The output shows that a token was generated, but I'm not sure about the TTL or renewal policies.
upvoted 0 times
Zona
30 days ago
The output seems to indicate that a token was generated, but I'm not sure about the TTL or renewal policies.
upvoted 0 times
...
Mirta
1 months ago
I think the command is configuring the AppRole auth method with a specific role ID and secret ID.
upvoted 0 times
...
...
Della
2 months ago
I agree, the command configures the AppRole auth method with user specified role ID and secret ID.
upvoted 0 times
...
Catarina
2 months ago
I believe the generated token's TTL is 60 hours.
upvoted 0 times
...
Della
2 months ago
I think the command is missing a default token policy.
upvoted 0 times
...

Save Cancel