By default, what TCP port does Vault replication use?

• A.tcp/8200
• B.tcp/8300
• C.tcp/8201
• D.tcp/8301

Comment: *

Name: *

Email: *

Verification: *

Which statement describes the results of this command: $ vault secrets enable transit

• A.Enables the transit secrets engine at transit path
• B.Requires a root token to execute the command successfully
• C.Enables the transit secrets engine at secret path
• D.Fails due to missing -path parameter
• E.Fails because the transit secrets engine is enabled by default

Comment: *

Name: *

Email: *

Verification: *

Without logging into another interface, what feature can Chad use to execute a simple CLI command to enable a new secrets engine?

• A.CLI emulation in the Vault UI (Feature 1)
• B.User information button (Feature 2)
• C.Client count details (Feature 3)
• D.Access management link (Feature 4)

Comment: *

Name: *

Email: *

Verification: *

If Bobby is currently assigned the following policy, what additional policy can be added to ensure Bobby cannot access the data stored at secret/apps/confidential but still read all other secrets?
path "secret/apps/*" { capabilities = ["create", "read", "update", "delete", "list"] }

• A.path "secret/apps/confidential" { capabilities = ["deny"] }
• B.path "secret/*" { capabilities = ["read", "deny"] }
• C.path "secret/apps/*" { capabilities = ["deny"] }
• D.path "secret/apps/confidential/*" { capabilities = ["deny"] }

Comment: *

Name: *

Email: *

Verification: *

Over a few years, you have a lot of data that has been encrypted by older versions of a Transit encryption key.
Due to compliance regulations, you have to re-encrypt the data using the newest version of the encryption key. What is the easiest way to complete this task without putting the data at risk?

• A.Rotate the encryption key used to encrypt the data
• B.Decrypt the data manually and encrypt it with the latest version
• C.Use the transit rewrap feature
• D.Create a new master key used by Vault

Comment: *

Name: *

Email: *

Verification: *