VAULT-ASSOCIATE-002 Question #78: Real Exam Question with Answer & Explanation

Question

Which of the following describes usage of an identity group?

Options

• ALimit the policies that would otherwise apply to an entity in the group
• BWhen they want to revoke the credentials for a whole set of entities simultaneously
• CAudit token usage
• DConsistently apply the same set of policies to a collection of entities

Explanation

Identity groups in Vault are primarily used to consistently apply a defined set of access policies to a collection of entities, streamlining access management.

Common mistakes.

• A. Identity groups primarily function to apply policies to entities within them, not to limit policies that would otherwise apply; an entity's effective policies are a combination of its direct policies and those inherited from its groups.
• B. While identity groups can facilitate mass revocation by revoking the group's associated access, their fundamental purpose is to simplify policy assignment and management, not primarily to enable credential revocation.
• C. Auditing token usage is a function of Vault's audit devices, which log requests and responses, and is not a direct usage or purpose of identity groups.

Concept tested. Vault identity group purpose

Reference. https://developer.hashicorp.com/vault/docs/concepts/identity#groups

No community discussion yet for this question.