After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to coerce Vault to remove the secret?
A. vault lease -renew
B. vault lease revoke -force -prefix
C. vault revoke -apply
D. vault lease revoke -enforce
Which of the following secrets engine can generate dynamic credentials? (select three)
A. Azure
B. database
C. key/value
D. Transit
E. AWS
Vault secrets engines are used to do what with data? (select three)
A. copy
B. generate
C. store
D. transmit
E. encrypt
Which two characters can be used when writing a policy to reflect a wildcard or path segment? (select two)
A. @
B. $
C. and
D. *
E. +
True or False:
Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to
include the features of a KV v2 secrets engine.
A. True
B. False
By default, how long does the transit secrets engine store the resulting ciphertext?
A. 24 hours
B. 32 days
C. transit does not store data
D. 30 days
Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/ my_secret (select two)
A. path "secrets/apps/my_secret" { capabilities = ["create"] allowed_parameters = { "foo" = [] } }
B. path "secrets/+/my_secret" { capabilities = ["create"] allowed_parameters = { "*" = ["bar"] } }
C. path "secrets/apps/my_secret" { capabilities = ["update"] }
D. path "secrets/apps/*" { capabilities = ["create"] allowed_parameters = { "foo" = ["bar", "zip"] } }
In the example below, where is the value of the DNS record's IP address originating from?
1.
resource "aws_route53_record" "www" {
2.
zone_id = aws_route53_zone.primary.zone_id
3.
name = "www.helloworld.com"
4.
type = "A"
5.
ttl = "300"
6.
records = [module.web_server.instance_ip_addr]
7.
}
A. value of the web_server parameter from the variables.tf file
B. the output of a module named web_server
C. the regular expression named module.web_server
D. by querying the AWS EC2 API to retrieve the IP address
Which of the following variable declarations is going to result in an error?
A. variable "example" { type = object({}) }
B. variable "example" {}
C. variable "example" { description = "This is a test" type = map default = {"one" = 1, "two" = 2, "Three" = "3"} }
D. variable "example" { description = "This is a variable description" type = list(string) default = {} }
True or False? By default, Terraform destroy will prompt for confirmation before proceeding.
A. True
B. False