Vault Associate 002 Exam

Exam Vault Associate 002 All QuestionsBrowse all questions from this exam

Question 85

You are managing a Vault implementation that has been integrated with Azure SQL database to provide dynamic credentials. You have created a role that will provide database credentials for database administrators (DBAs) to use for managing their database in Azure SQL. A DBA has requested a new credential by issuing the following Vault CLI command: vault read azuresql/creds/dba_access. The following output is returned:

The DBA has completed their work and would like to proactively remove the credential now that their work is complete.

Which of the following commands should the DBA execute?

vault delete azuresql/creds/dba_access

vault lease revoke v-token-dba_acccss-tr2t4x9pxvqlz8878s9s-1513446795

vault delete azuresql/creds/dba_access/2e5b1e0b-a081-c7el-5622-39f58e79a7l9

vault lease revoke azuresql/creds/dba_access/2e5b1e0b-a081-c7el-5622-39f58e79a719

Correct Answer: D

To proactively remove the credential, the DBA needs to execute the command to revoke the lease associated with the dynamic credential. The correct command for this task is 'vault lease revoke' followed by the lease_id. Based on the output, the lease_id provided is azuresql/creds/dba_access/2e5b1e0b-a081-c7el-5622-39f58e79a719. Therefore, the correct command is 'vault lease revoke azuresql/creds/dba_access/2e5b1e0b-a081-c7el-5622-39f58e79a719'. This ensures that the specific dynamic credentials are proactively revoked.

Discussion

daz_rekkaOption: D

D is correct not B, Revoke and Lease ID are the two key elements.

jlankfoOption: D

Lease Id and revoke. Should be D

Mark1000Option: D

D Revoke and Lease Id are the 'keys'