Exam Vault Associate 002 topic 1 question 59 discussion

Actual exam question from HashiCorp's Vault Associate 002

Question #: 59
Topic #: 1

The ‘alpha’ secrets are stored in the team-based paths using this convention: secret/<team_name>/alpha. For example, secret/team01/alpha and /secrets/team02/alpha.
Which Vault policy would not allow reading paths with the word “beta” in them, such as secrets/team01/beta?

A.
B.
C.
D. None of the above

Show Suggested Answer

Suggested Answer: B 🗳️

by daz_rekka at Jan. 22, 2024, 9:10 p.m.

Comments

Submit Cancel

Stokvisss

3 months, 1 week ago

Selected Answer: B

While indeed B allows reads on 'secrets/beta/alpha', the question asks about reads on nested secrets under the secrets/teamX/beta path. 'secrets/beta/' itself has nothing to do with the question. B doesn't give access to the teamX/beta path and is correct.

upvoted 1 times

...

gvyecvlc

11 months, 2 weeks ago

D. Additional deny pattern to be set for beta

upvoted 2 times

...

Mark1000

1 year, 1 month ago

C A would allow secrets/team01/beta and B /secrets/team01/beta/alpha

upvoted 2 times

...

daz_rekka

1 year, 1 month ago

Selected Answer: C

A would allow "secrets/beta" and B would allow "secrets/beta/alpha" so C seems correct.

upvoted 2 times

...

Exam Vault Associate 002 All Questions

View all questions & answers for the Vault Associate 002 exam

Exam Vault Associate 002 topic 1 question 59 discussion

Comments

Stokvisss

gvyecvlc

Mark1000

daz_rekka

SY0-701