Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HashiCorp Vault-Associate Exam - Topic 7 Question 34 Discussion

The key/value v2 secrets engine is enabled at secret/ See the following policy:Which of the following operations are permitted by this policy? Choose two correct answers.
A) vault kv get secret/webapp1
B) vault kv put secret/webapp1 apikey-'ABCDEFGHI] K123M'
C) vault kv metadata get secret/webapp1
D) vault kv delete secret/super-secret
E) vault kv list secret/super-secret

HashiCorp Vault-Associate Exam - Topic 7 Question 34 Discussion

Actual exam question for HashiCorp's Vault-Associate exam
Question #: 34
Topic #: 7
[All Vault-Associate Questions]

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.

Show Suggested Answer Hide Answer
Suggested Answer: A

An authentication method should be selected for a use case based on the auth method that best establishes the identity of the client. The identity of the client is the basis for assigning a set of policies and permissions to the client in Vault. Different auth methods have different ways of verifying the identity of the client, such as using passwords, tokens, certificates, cloud credentials, etc. Depending on the use case, some auth methods may be more suitable or convenient than others. For example, for human users, the userpass or ldap auth methods may be easy to use, while for machines or applications, the approle or aws auth methods may be more secure and scalable. The choice of the auth method should also consider the trade-offs between security, performance, and usability.Reference:Auth Methods | Vault | HashiCorp Developer,Authentication - Concepts | Vault | HashiCorp Developer


by Justine at Jan 13, 2025, 05:00 AM

Limited Time Offer

25%

Off

Get Premium Vault-Associate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Joseph
6 months ago
I thought you could delete secrets too, but I guess not!
upvoted 0 times
...
Avery
6 months ago
B is definitely not permitted, just checked the policy.
upvoted 0 times
...
Lovetta
7 months ago
Wait, can you really do a metadata get on that? Seems off.
upvoted 0 times
...
Nickolas
7 months ago
Totally agree, those are the only ones allowed!
upvoted 0 times
...
Honey
7 months ago
A and C are the correct answers.
upvoted 0 times
...
Amira
7 months ago
I’m confused about option E; I thought listing secrets was allowed, but I can't recall if it was specifically mentioned in the policy we studied.
upvoted 0 times
...
Dana
8 months ago
I feel like option D is definitely not allowed because it mentions deleting a secret, which seems too risky for this policy.
upvoted 0 times
...
Benedict
8 months ago
I'm not entirely sure, but I remember a practice question where we had to identify allowed operations. I think C could be a possibility too.
upvoted 0 times
...
Marvel
8 months ago
I think options A and B might be correct since they involve getting and putting secrets, which seems to align with the policy.
upvoted 0 times
...
Candida
8 months ago
Alright, time to put on my thinking cap. Based on the policy, I believe A and B are the correct answers, as they involve operations on the `secret/webapp1` path, which is explicitly allowed.
upvoted 0 times
...
Kate
8 months ago
I think I've got it! The policy allows read and write access to `secret/webapp1`, so A and B are the correct answers. The other options don't seem to be permitted by this policy.
upvoted 0 times
...
Delmy
8 months ago
I'm a bit confused by the metadata and delete operations. Do those fall under the permissions granted in this policy? I'll need to double-check the documentation to be sure.
upvoted 0 times
...
Ezekiel
8 months ago
Okay, let me see here. The policy seems to grant read and write access to the `secret/webapp1` path, so I'm guessing A and B are the correct answers.
upvoted 0 times
...
Tamekia
8 months ago
Hmm, this looks like a tricky one. I'll need to carefully read through the policy and think about which operations are allowed based on the permissions granted.
upvoted 0 times
...
Peggy
1 year ago
Hey, I heard the Vault team is hiring a new Peggy to write their test questions. Looks like they nailed it with this one! Bet they're sitting back, sipping their lattes, and waiting for the chaos to unfold. I wonder if they'll accept 'D and E' as the right answers... just to see who's brave enough to try it.
upvoted 0 times
...
Louvenia
1 year ago
Well, well, well, look at that fancy policy. Let me guess, A and C are the winners here. No putting or deleting, but you can get and check the metadata. Though I'm pretty sure the devs who wrote this policy were just messing with us. They're probably laughing their butts off right now, watching us struggle with this one.
upvoted 0 times
Valentine
11 months ago
Haha, those devs sure know how to make things interesting. They're probably having a good laugh at our expense.
upvoted 0 times
...
Rasheeda
12 months ago
Yeah, A and C are the correct answers. No putting or deleting allowed.
upvoted 0 times
...
Hailey
1 year ago
C) vault kv metadata get secret/webapp1
upvoted 0 times
...
Deonna
1 year ago
A) vault kv get secret/webapp1
upvoted 0 times
...
...
Selma
1 year ago
Ha! D and E, huh? Not a chance, buddy. The policy clearly states you can't delete or list that 'super-secret' folder. Looks like A and C are the way to go. Though I'm tempted to try B just to see what happens... Might as well go out with a bang, right?
upvoted 0 times
Micheal
12 months ago
C) vault kv metadata get secret/webapp1
upvoted 0 times
...
Vonda
12 months ago
B) vault kv put secret/webapp1 apikey-\'ABCDEFGHI] K123M\'
upvoted 0 times
...
Hollis
1 year ago
A) vault kv get secret/webapp1
upvoted 0 times
...
...
Eliz
1 year ago
Whoa, hold up! B and D? No way, that policy ain't gonna let you do that. Gotta stick to A and C, my friend. Though I'm kind of curious what's in that 'super-secret' folder... Bet it's juicy!
upvoted 0 times
Huey
12 months ago
Whoa, hold up! B and D? No way, that policy ain't gonna let you do that. Gotta stick to A and C, my friend. Though I'm kind of curious what's in that 'super-secret' folder... Bet it's juicy!
upvoted 0 times
...
Malcom
1 year ago
B) vault kv put secret/webapp1 apikey-\'ABCDEFGHI] K123M\'
upvoted 0 times
...
Marya
1 year ago
A) vault kv get secret/webapp1
upvoted 0 times
...
...
Melvin
1 year ago
Alright, let's see here. Based on the policy, I'm guessing A and C are the correct answers. Get and metadata operations seem to be allowed, but no putting or deleting. Though I wonder if that means I can't update anything either... Hmm, tricky one.
upvoted 0 times
Aleta
1 year ago
Exactly, it's important to understand the limitations of the policy.
upvoted 0 times
...
Aracelis
1 year ago
So we can view and get metadata for secrets, but can't make any changes.
upvoted 0 times
...
Brigette
1 year ago
Yeah, I agree. Get and metadata operations are permitted, but not put or delete.
upvoted 0 times
...
Clay
1 year ago
I think you're right, A and C are the correct answers. No putting or deleting allowed.
upvoted 0 times
...
...
Billi
1 year ago
I'm not sure, I think C and E might also be permitted.
upvoted 0 times
...
Ryann
1 year ago
I agree with Whitley, A and B make sense based on the policy.
upvoted 0 times
...
Whitley
1 year ago
I think A and B are permitted.
upvoted 0 times
...

Save Cancel