VA-003 Manage Vault leases • Complete Question Bank
Complete VA-003 Manage Vault leases question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` $ vault read database/creds/my-role Key Value --- ----- lease_id database/creds/my-role/abc123... lease_duration 1h lease_renewable true password ... username v-token-my-role-... $ vault lease renew database/creds/my-role/abc123... Key Value --- ----- lease_id database/creds/my-role/abc123... lease_duration 1h lease_renewable true ```
A company runs a microservices application on Kubernetes. Each service authenticates to Vault using the Kubernetes auth method and obtains a short-lived token with a TTL of 15 minutes. The services use these tokens to read secrets from the KV v2 secrets engine. Recently, the operations team noticed that Vault's lease count has been steadily increasing, and some services are experiencing 'lease not found' errors when trying to renew their tokens. Investigation reveals that the services are not renewing tokens before they expire because the token TTL is too short to complete some long-running tasks. The team wants to fix the issue without compromising security. They are considering the following actions:
A. Increase the default lease TTL for the KV v2 mount to 1 hour. B. Increase the token TTL for the Kubernetes auth role to 1 hour. C. Implement a renewal loop in each service to renew tokens every 10 minutes. D. Use periodic tokens with a period of 1 hour for all services.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Encrypted state requiring unseal
Decrypt master key to access data
Encryption layer protecting storage
Key splitting for unseal
Superuser token with full access
Key Value --- ----- lease_id database/creds/readonly/xyz789 lease_duration 30m lease_renewable true password ... username ...
path "database/creds/readonly" {
capabilities = ["read"]
}Error renewing lease: lease not found
Refer to the exhibit. ``` $ vault lease lookup database/creds/readonly/abc123 Key Value --- ----- id database/creds/readonly/abc123 issue_time 2023-10-05T14:30:00Z renewable true ttl 30m max_ttl 1h ```
Refer to the exhibit.
```
vault write database/roles/mydb \
db_name=mysql \
creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';" \
default_ttl=1h \
max_ttl=24h \
renewable=false
```Refer to the exhibit. ``` $ vault lease lookup database/creds/my-role/abc123 Key Value --- ----- id database/creds/my-role/abc123 issue_time 2024-03-15T10:00:00Z renewable true ttl 1h expire_time 2024-03-15T11:00:00Z ```