872 お客様のコメント
質問 1:
Compared to service tokens, batch tokens are ideal for what type of action?
A. For daily batch jobs requesting secrets from Vault
B. Generating dynamic credentials
C. Renewing other tokens
D. Short-lived, high-volume, or "ephemeral" tasks
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Your team uses the Transit secrets engine to encrypt all data before writing it to a MySQL database server.
During testing, you manually retrieve ciphertext from the database and decrypt it to ensure the data can be read. After decrypting the data, you are worried something is wrong because the plaintext data isn't legible.
Why can you not read the original plaintext data after decrypting the ciphertext?
* $ vault write transit/decrypt/krausen-key ciphertext=vault:v1:8SDd3WHDOjf7mq69C.....
* Key Value
* --- -----
* plaintext Zml2ZSBzdGFyIHByYWN0aWNlIGV4YW1zIGJ5IGJyeWFuIGtyYXVzZW4=
A. The incorrect key was selected when decrypting the ciphertext. Use the correct key to successfully read the data
B. The plaintext is Base64 encoded. Decode the plaintext to see the original data
C. The data was also encrypted on the database. Therefore Vault cannot decrypt the original data
D. The incorrect key version was used to decrypt the data. Update the ciphertext and change the v1 to v3 to use the latest key version
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.
A. The Vault administrator would need to seal the Vault server immediately
B. The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted
C. You can rotate the encryption key so that the attacker won't be able to decrypt the data
D. Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)
正解:B,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Using the Vault CLI, there are several ways to create a new policy. Select the valid commands (Select three)
A. vault policy write my-policy - << EOF
path "secret/data/*" {
capabilities = ["create", "update"]
}
EOF
B. $ cat user.hcl | vault policy write my-policy -
C. vault policy write my-policy /tmp/policy.hcl
D. vault policy create my-policy /tmp/policy.hcl
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
In regards to the Transit secrets engine, which of the following is true given the following command and output (select three):
$ vault write encryption/encrypt/creditcard plaintext=$(base64 <<< "1234 5678 9101 1121") Key: ciphertext Value: vault:v3:cZNHVx+sxdMErXRSuDa1q
/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=
A. The Transit secrets engine is mounted at the encryption path
B. The name of the keyring used to encrypt the data is creditcard
C. The data was written to the encryption path, which is provided by default when enabling the Transit secrets engine
D. There are at least three data keys associated with this keyring
正解:A,B,D
解説: (Pass4Test メンバーにのみ表示されます)
Compared to service tokens, batch tokens are ideal for what type of action?
A. For daily batch jobs requesting secrets from Vault
B. Generating dynamic credentials
C. Renewing other tokens
D. Short-lived, high-volume, or "ephemeral" tasks
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Your team uses the Transit secrets engine to encrypt all data before writing it to a MySQL database server.
During testing, you manually retrieve ciphertext from the database and decrypt it to ensure the data can be read. After decrypting the data, you are worried something is wrong because the plaintext data isn't legible.
Why can you not read the original plaintext data after decrypting the ciphertext?
* $ vault write transit/decrypt/krausen-key ciphertext=vault:v1:8SDd3WHDOjf7mq69C.....
* Key Value
* --- -----
* plaintext Zml2ZSBzdGFyIHByYWN0aWNlIGV4YW1zIGJ5IGJyeWFuIGtyYXVzZW4=
A. The incorrect key was selected when decrypting the ciphertext. Use the correct key to successfully read the data
B. The plaintext is Base64 encoded. Decode the plaintext to see the original data
C. The data was also encrypted on the database. Therefore Vault cannot decrypt the original data
D. The incorrect key version was used to decrypt the data. Update the ciphertext and change the v1 to v3 to use the latest key version
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.
A. The Vault administrator would need to seal the Vault server immediately
B. The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted
C. You can rotate the encryption key so that the attacker won't be able to decrypt the data
D. Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)
正解:B,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Using the Vault CLI, there are several ways to create a new policy. Select the valid commands (Select three)
A. vault policy write my-policy - << EOF
path "secret/data/*" {
capabilities = ["create", "update"]
}
EOF
B. $ cat user.hcl | vault policy write my-policy -
C. vault policy write my-policy /tmp/policy.hcl
D. vault policy create my-policy /tmp/policy.hcl
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
In regards to the Transit secrets engine, which of the following is true given the following command and output (select three):
$ vault write encryption/encrypt/creditcard plaintext=$(base64 <<< "1234 5678 9101 1121") Key: ciphertext Value: vault:v3:cZNHVx+sxdMErXRSuDa1q
/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=
A. The Transit secrets engine is mounted at the encryption path
B. The name of the keyring used to encrypt the data is creditcard
C. The data was written to the encryption path, which is provided by default when enabling the Transit secrets engine
D. There are at least three data keys associated with this keyring
正解:A,B,D
解説: (Pass4Test メンバーにのみ表示されます)
Kasuga -
合格力が効率的に身に付きます。そういうところもやはりPass4Test素敵だと思う点です