Question 1mediummultiple choice
Read the full NAT/PAT explanation →VA-003 Utilize Vault CLI and API • Complete Question Bank
Complete VA-003 Utilize Vault CLI and API question bank — all 0 questions with answers and detailed explanations.
$ vault read -format=json secret/data/team
{
"data": {
"data": {
"api_key": "abc123"
},
"metadata": {
"created_time": "2023-01-01T00:00:00Z",
"deletion_time": "",
"destroyed": false,
"version": 1
}
}
}$ vault policy list admin-policy default readonly $ vault token capabilities secret/data/team read, list $ vault token capabilities -policy=readonly secret/data/team read, list $ vault token capabilities -policy=admin-policy secret/data/team create, read, update, delete, list
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Allow creating data at a path
Allow reading data at a path
Allow modifying existing data
Allow deleting data
Allow listing keys
path "secret/data/team/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/data/team/admin" {
capabilities = ["deny"]
}Key Value --- ----- accessor xyz123 creation_time 1625000000 creation_ttl 72h display_name root entity_id abc456 expire_time 2021-07-02T12:00:00Z explicit_max_ttl 0s id s.abc123def456 issue_time 2021-06-29T12:00:00Z meta map[] num_uses 0 orphan true path auth/token/root policies [root] renewable true type service
$ vault secrets enable -path=shared -version=2 kv
Refer to the exhibit. $ vault read -field=value database/creds/readonly Error reading database/creds/readonly: Error making API request. URL: GET http://127.0.0.1:8200/v1/database/creds/readonly Code: 403. Errors: * permission denied
Refer to the exhibit.
auto_auth {
method {
type = "aws"
config = {
role = "my-role"
}
}
}Refer to the exhibit.
path "secret/data/team/*" {
capabilities = ["create", "update", "read"]
}$ vault login -method=userpass username=jdoe Password (will be hidden): Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token. Key Value --- ----- token hvs.abc123... token_accessor abc123... token_duration 768h token_renewable true token_policies [default] identity_policies [] policies [default] token_meta_username jdoe