- (Topic 4)
A new application is being provisioned in your environment. The application requires the generation of dynamic credentials against the Oracle database in order to read reporting data. Which is the best auth method to use to permit the application to authenticate to Vault?
Correct Answer:D
- (Topic 1)
Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?
Correct Answer:A
- (Topic 3)
What command can be used to revoke all leases associated with a database role named prod-mysql?
Correct Answer:B
- (Topic 1)
You are deploying Vault in a local data center, but want to be sure you have a secondary Vault cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?
Correct Answer:B
- (Topic 3)
Which of the following secrets engines can store static secrets in Vault for future retrieval?
Correct Answer:A