Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

HashiCorp Exam Vault-Associate Topic 4 Question 10 Discussion

Actual exam question for HashiCorp's Vault-Associate exam
Question #: 10
Topic #: 4
[All Vault-Associate Questions]

A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.

Show Suggested Answer Hide Answer
Suggested Answer: B

Running the second command in the GUI CLI will fail. The second command is vault kv put secret/creds passcode=my-long-passcode. This command attempts to write a secret named creds with the value passcode=my-long-passcode to the secret path, which is the default path for the kv secrets engine. However, the kv secrets engine is not enabled at the secret path, as shown by the first command vault secrets list, which lists the enabled secrets engines and their paths. The only enabled secrets engine is the transit secrets engine at the transit path. Therefore, the second command will fail with an error message saying that no secrets engine is mounted at the path secret/. To make the second command succeed, the kv secrets engine must be enabled at the secret path or another path, using the vault secrets enable command. For example, vault secrets enable -path=secret kv would enable the kv secrets engine at the secret path.Reference:kv - Command | Vault | HashiCorp Developer,vault secrets enable - Command | Vault | HashiCorp Developer


by Nickolas at Feb 13, 2024, 05:55 PM

Limited Time Offer

25%

Off

Get Premium Vault-Associate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Sue
3 hours ago
Gotta love these Vault questions! They really make you think about the security implications of your infrastructure. I'm just glad I don't have to worry about sealing the Vault server every time someone sniffs the network.
upvoted 0 times
...
Bette
2 days ago
Exactly, even if the attacker got their hands on the raw data, all they'd have is a bunch of encrypted bits. It's like trying to read a book written in a language you don't understand.
upvoted 0 times
...
Galen
3 days ago
Haha, sealing the Vault server? That's a bit of an overkill, don't you think? I mean, the data is already encrypted in transit, so the attacker wouldn't be able to read it anyway.
upvoted 0 times
...
Ora
5 days ago
Yup, those are the right answers. Rotating the encryption key and moving the min_decryption_version forward is the way to go if an attacker intercepts the data in transit.
upvoted 0 times
...
Irma
19 days ago
But wouldn't sealing the Vault server also be a good option to prevent further access by the attacker?
upvoted 0 times
...
Chara
21 days ago
I agree with you, Lea. Rotating the encryption key and having only encrypted bits would protect the data.
upvoted 0 times
...
Cristen
26 days ago
Wow, this question is really testing our knowledge of Vault's transit secrets engine! I think options A and B are the correct answers here.
upvoted 0 times
...
Lea
26 days ago
I think the correct answers are A and D.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a