Access control lists (ACLs) Questions
Practice questions for Access control lists (ACLs) topic in HashiCorp Certified: Consul Associate (003). 24 questions covering this domain.
A security engineer needs to assign multiple ACL policies to a single Consul token so that a service identity has all the permissions it needs. Which ...
Which command initializes the Consul ACL system for the first time and returns the initial management token?
A Consul operator wants to run CLI commands without specifying a token on every command. Which environment variable should they set to provide the tok...
An operator creates a Consul ACL policy with the rule below. Which operations does this policy permit on the `web` service?\n\n```hcl\nservice "web" {...
A Consul operator wants agent ACL tokens to survive agent restarts so they are not lost when the agent process is stopped and restarted. Which agent c...
A team discovers that a Consul agent's ACL token was compromised. They immediately want to revoke that token and replace it with a new one. What is th...
During an outage, servers are unavailable to validate normal tokens. Which token is intended for operators who still need access to privileged agent e...
Why does the ACL reference strongly recommend configuring a dedicated `dns` token instead of relying on the `default` token for DNS responses?
Why would an ACL administrator attach policies to a role and then attach the role to tokens instead of attaching every policy directly to each token?
A secondary datacenter cannot reach the primary ACL authority. Its `down_policy` is `extend-cache`. How does Consul evaluate requests?
An operator preconfigures `acl.tokens.initial_management` on all servers in the primary datacenter. When is that token installed?
ACLs are enabled and a service is registered from a local config file without a `token` field inside the service definition. Which token does the agen...
What is the main purpose of a node identity in Consul ACLs?
An agent is configured with acl.tokens.default. What happens when a request does not provide any explicit token?
Why would an ACL administrator attach a service identity to a token or role?
A team tunes ACL caches and wants to understand the default staleness tradeoff. Which statement matches the reference?
What changes when acl.enable_key_list_policy is set to true?
When an application sends a Consul API request and ACLs are enabled, which token field is the credential that authenticates the request?
When ACLs are enabled, which ACL token field is the credential that authenticates API and CLI requests, while the other is mainly useful for audit ide...
A primary datacenter server has acl.tokens.initial_management configured. When is that well-known initial management token installed?
Sign in to see all 24 questions
Create a free account to browse all questions — completely free during our launch phase.