Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HashiCorp Exam Vault-Associate Topic 7 Question 15 Discussion

Actual exam question for HashiCorp's Vault-Associate exam
Question #: 15
Topic #: 7
[All Vault-Associate Questions]

Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

Show Suggested Answer Hide Answer
Suggested Answer: A

The command vault secrets enable transit enables the transit secrets engine at the transit path. The transit secrets engine is a secrets engine that handles cryptographic functions on data in-transit, such as encryption, decryption, signing, verification, hashing, and random bytes generation. The transit secrets engine does not store the data sent to it, but only performs the requested operations and returns the results. The transit secrets engine can also be viewed as ''cryptography as a service'' or ''encryption as a service''. The command vault secrets enable transit uses the default path of transit for the secrets engine, but this can be changed by using the -path option. For example, vault secrets enable -path=my-transit transit would enable the transit secrets engine at the my-transit path.Reference:Transit - Secrets Engines | Vault | HashiCorp Developer,vault secrets enable - Command | Vault | HashiCorp Developer


by Ciara at Apr 28, 2024, 11:05 AM

Limited Time Offer

25%

Off

Get Premium Vault-Associate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kristal
1 days ago
I think the best option is A) PKI because it is specifically designed for managing X.509 certificates.
upvoted 0 times
...
Royce
2 days ago
I see your point, but I think D) Transit would be the most secure option for removing long lived X.509 certificates.
upvoted 0 times
...
Bong
3 days ago
I disagree, I believe B) Key/Value secrets engine version 2 with TTL defined is the best choice as it allows for expiration of certificates.
upvoted 0 times
...
Bethanie
5 days ago
I think the best option is A) PKI because it deals with certificates.
upvoted 0 times
...
Blair
6 days ago
I was initially drawn to A) PKI, but the question specifically asks for the secrets engine that best supports the use case. B) is the clear winner here.
upvoted 0 times
...
Ora
7 days ago
B) Key/Value secrets engine version 2, with TTL defined seems like the best option to support the initiative to reduce long-lived X.509 certificates. The ability to set a TTL aligns with the goal of removing long-lived certificates.
upvoted 0 times
...

Save Cancel