How would you define a role in Elasticsearch that grants read access to all indices except those prefixed with secret-?

hard🚀 Application Q8 of Q15

Elasticsearch - Security

How would you define a role in Elasticsearch that grants read access to all indices except those prefixed with secret-?

A{ "indices": [{ "names": ["*", "-secret-*"] , "privileges": ["read"] }] }

B{ "indices": [{ "names": ["*"], "privileges": ["read"] }], "except": ["secret-*"] }

C{ "indices": [{ "names": ["*"], "privileges": ["read"], "allow_restricted_indices": false, "except": ["secret-*"] }] }

D{ "indices": [{ "names": ["*"], "privileges": ["read"] }], "exclude": ["secret-*"] }

Step-by-Step Solution

Solution:

Step 1: Understand Index Patterns
Elasticsearch supports negative patterns by prefixing with a minus sign to exclude indices.
Step 2: Apply Exclusion
Using "names": ["*", "-secret-*"] grants access to all indices except those starting with 'secret-'.
Step 3: Verify JSON Syntax
{ "indices": [{ "names": ["*", "-secret-*"] , "privileges": ["read"] }] } correctly uses an array with inclusion and exclusion patterns.
Final Answer:
{ "indices": [{ "names": ["*", "-secret-*"] , "privileges": ["read"] }] } -> Option A
Quick Check:
Use negative patterns with '-' to exclude indices [OK]

Quick Trick: Exclude indices using '-' prefix in names array [OK]

Common Mistakes:

MISTAKES

Master "Security" in Elasticsearch

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Elasticsearch Quizzes