New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

HashiCorp Vault-Associate HashiCorp Certified: Vault Associate (002) Exam Practice Test

Page: 1 / 6
Total 57 questions

HashiCorp Certified: Vault Associate (002) Questions and Answers

Question 1

You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like?

Options:

A.

Option A1

B.

Option B1

C.

Option C1

D.

Option D1

Question 2

Which of the following vault lease operations uses a lease_id as an argument? Choose two correct answers.

Options:

A.

renew

B.

revoke -prefix

C.

create

D.

describe

E.

revoke

Question 3

What does the following policy do?

Question # 3

Options:

A.

Grants access for each user to a KV folder which shares their id

B.

Grants access to a special system entity folder

C.

Allows a user to read data about the secret endpoint identity

D.

Nothing, this is not a valid policy

Question 4

Which of the following is a machine-oriented Vault authentication backend?

Options:

A.

Okta

B.

AppRole

C.

Transit

D.

GitHub

Question 5

Which Vault secret engine may be used to build your own internal certificate authority?

Options:

A.

Transit

B.

PKI

C.

PostgreSQL

D.

Generic

Question 6

When using Integrated Storage, which of the following should you do to recover from possible data loss?

Options:

A.

Failover to a standby node

B.

Use snapshot

C.

Use audit logs

D.

Use server logs

Question 7

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Question # 7

Which of the following operations are permitted by this policy? Choose two correct answers.

Options:

A.

vault kv get secret/webapp1

B.

vault kv put secret/webapp1 apikey-"ABCDEFGHI] K123M"

C.

vault kv metadata get secret/webapp1

D.

vault kv delete secret/super-secret

E.

vault kv list secret/super-secret

Question 8

Where do you define the Namespace to log into using the Vault Ul?

To answer this question

Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer" button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.

Question # 8

Options:

Question 9

Which of these is not a benefit of dynamic secrets?

Options:

A.

Supports systems which do not natively provide a method of expiring credentials

B.

Minimizes damage of credentials leaking

C.

Ensures that administrators can see every password used

D.

Replaces cumbersome password rotation tools and practices

Question 10

Which of the following describes usage of an identity group?

Options:

A.

Limit the policies that would otherwise apply to an entity in the group

B.

When they want to revoke the credentials for a whole set of entities simultaneously

C.

Audit token usage

D.

Consistently apply the same set of policies to a collection of entities

Question 11

Where can you set the Vault seal configuration? Choose two correct answers.

Options:

A.

Cloud Provider KMS

B.

Vault CLI

C.

Vault configuration file

D.

Environment variables

E.

Vault API

Question 12

Which of the following cannot define the maximum time-to-live (TTL) for a token?

Options:

A.

By the authentication method t natively provide a method of expiring credentials

B.

By the client system f credentials leaking

C.

By the mount endpoint configurationvery password used

D.

A parent token TTL e password rotation tools and practices

E.

System max TTL

Question 13

An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion. What auth-associated Vault object should be tracked to enable this behavior?

Options:

A.

Token accessor

B.

Token ID

C.

Lease ID

D.

Authentication method

Question 14

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Options:

A.

Cluster sharding

B.

Namespaces

C.

Performance Replication

D.

Disaster Recovery Replication

Question 15

How would you describe the value of using the Vault transit secrets engine?

Options:

A.

Vault has an API that can be programmatically consumed by applications

B.

The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide

C.

Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault

D.

The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault

Question 16

When creating a policy, an error was thrown:

Question # 16

Which statement describes the fix for this issue?

Options:

A.

Replace write with create in the capabilities list

B.

You cannot have a wildcard (" • ") in the path

C.

sudo is not a capability

Question 17

Which of these are a benefit of using the Vault Agent?

Options:

A.

Vault Agent allows for centralized configuration of application secrets engines

B.

Vault Agent will auto-discover which authentication mechanism to use

C.

Vault Agent will enforce minimum levels of encryption an application can use

D.

Vault Agent will manage the lifecycle of cached tokens and leases automatically

Page: 1 / 6
Total 57 questions