After a client has authenticated, what security feature is used to make subsequent calls?
A. key shard
B. ldap
C. pgp
D. token
E. listener
F. path
Which of the following commands will remove all secrets at a specific path?
A. vault lease revoke -prefix
B. vault delete lease -all
C. vault lease revoke -all
D. vault revoke -all
The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/
A. False
B. True
Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/ app01/api_key?
A. path "secrets/applications/+/api_*" { capabilities = ["read"] }
B. path "secrets/applications/" { capabilities = ["read"] allowed_parameters = { "certificate" = [] } }
C. path "secrets/*" { capabilities = ["list"] }
D. path "secrets/applications/app01/api_key" { capabilities = ["update", "list"] }
You've decided to use AWS KMS to automatically unseal Vault on private EC2 instances. After deploying your Vault cluster, and running vault operator init, Vault responds with an error and cannot be unsealed. You've determined that the subnet you've deployed Vault into doesn't have internet access. What can you do to enable Vault to communicate with AWS KMS in the most secure way?
A. ask the networking team to provide Vault with inbound access from the internet
B. deploy Vault in a public subnet and provide the Vault nodes with public IP addresses
C. add a VPC endpoint
D. change the permissions on the Internet Gateway to allow the Vault nodes to communicate over the Internet
You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource's current state, what must you do in order to prepare to manage these resources using Terraform?
A. run terraform refresh to ensure that the state file has the latest information for existing resources.
B. update the configuration file to include the new resources
C. modify the Terraform state file to add the new resources
D. shut down or stop using the resources being imported so no changes are inadvertently missed
Which of the following is an invalid variable name?
A. instance_name
B. web
C. var1
D. count