MultipleChoice
You need to write a new policy for Vault for a group of users on the automation team. The requirements stipulate that each user (and all future users) get access to their own private section of a KV secrets engine at the path kv/team/ and be able to manage their own secrets. Which policy below meets these requirements while minimizing the administrative effort and following the principle of least privilege?
OptionsMultipleChoice
You are trying to create a new orphan token but receiving a Permission Denied error. What capabilities are required to create this token without using a root token?
OptionsMultipleChoice
Your team uses the Transit secrets engine to encrypt all data before writing it to a MySQL database server. During testing, you manually retrieve ciphertext from the database and decrypt it to ensure the data can be read. After decrypting the data, you are worried something is wrong because the plaintext data isn't legible. Why can you not read the original plaintext data after decrypting the ciphertext?
$ vault write transit/decrypt/krausen-key ciphertext=vault:v1:8SDd3WHDOjf7mq69C.....
Key Value
--- -----
plaintext Zml2ZSBzdGFyIHByYWN0aWNlIGV4YW1zIGJ5IGJyeWFuIGtyYXVzZW4=
OptionsMultipleChoice
What is the difference between the TTL and the Max TTL (select two)?
OptionsMultipleChoice
You have TBs of data encrypted by Vault stored in a database and are worried about Vault becoming unavailable and not being able to decrypt the dat
a. Is it possible to export the encryption key to store it somewhere else in the event Vault becomes unavailable?
OptionsMultipleChoice
Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?
Options