VAULT-ASSOCIATE-002 Question #26: Real Exam Question with Answer & Explanation

Question

Which of the following statements describe the secrets engine in Vault? (Choose three.)

Options

• ASome secrets engines simply store and read data
• BOnce enabled, you cannot disable the secrets engine
• CYou can build your own custom secrets engine
• DEach secrets engine is isolated to its path
• EA secrets engine cannot be enabled at multiple paths

Explanation

Vault's secrets engines are modular components that provide diverse functionalities, from simple key-value storage to dynamic secret generation, are isolated by their mount paths, and can be customized.

Common mistakes.

• B. Secrets engines can be disabled using the vault secrets disable command, which removes the engine and all its associated data.
• E. Many secrets engines, particularly the KV secrets engine, can be enabled multiple times at different paths, with each instance having its own isolated data and configuration.

Concept tested. Vault secrets engine characteristics and flexibility

Reference. https://developer.hashicorp.com/vault/docs/concepts/secrets-engines

No community discussion yet for this question.