HashiCorp Certified: Vault Associate (002) v1.0

Page:    1 / 7   
Exam contains 99 questions
Expand All

Where can you set the Vault seal configuration? (Choose two.)

  • A. Cloud Provider KMS
  • B. Vault CLI
  • C. Vault configuration file
  • D. Environment variables
  • E. Vault API


Answer : CD

Which of the following vault lease operations uses a lease_id as an argument? (Choose two.)

  • A. renew
  • B. revoke -prefix
  • C. create
  • D. describe
  • E. revoke


Answer : AE

An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

  • A. True
  • B. False


Answer : B

You are using Vault’s Transit secrets engine to encrypt your data. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would you do this?

  • A. Use 4096-bit RSA key to encrypt the data
  • B. Upgrade to Vault Enterprise and integrate with HSM
  • C. Periodically re-key the Vault's unseal keys
  • D. Periodically rotate the encryption key


Answer : D

What does the following policy do?

  • A. Grants access for each user to a KV folder which shares their id
  • B. Grants access to a special system entity folder
  • C. Allows a user to read data about the secret endpoint identity
  • D. Nothing, this is not a valid policy


Answer : A

To make an authenticated request via the Vault HTTP API, which header would you use?

  • A. The X-Vault-Token HTTP Header
  • B. The X-Vault-Request HTTP Header
  • C. The Content-Type HTTP Header
  • D. The X-Vault-Namespace HTTP Header


Answer : A

Which of the following are replication methods available in Vault Enterprise? (Choose two.)

  • A. Cluster sharding
  • B. Namespaces
  • C. Performance Replication
  • D. Disaster Recovery Replication


Answer : CD

Use this screenshot to answer the question below:

When are you shown these options in the GUI?

  • A. Enabling policies
  • B. Enabling authentication engines
  • C. Enabling secret engines
  • D. Enabling authentication methods


Answer : C

Examine the command below. Output has been trimmed.

Which of the following statements describe the command and its output?

  • A. Missing a default token policy
  • B. Generated token’s TTL is 60 hours
  • C. Generated token is an orphan token which can be renewed indefinitely
  • D. Configures the AppRole auth method with user specified role ID and secret ID


Answer : D

The key/value v2 secrets engine is enabled at secret/. See the following policy:

Which of the following operations are permitted by this policy? (Choose two.)

  • A. vault kv get secret/webapp1
  • B. vault kv put secret/webapp1 apikey-"ABCDEFGHIDK123W"
  • C. vault kv metadata get secret/webapp1
  • D. vault kv delete secret/super-secret
  • E. vault kv list secret/super-secret


Answer : AB

You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?

  • A. Increase the time-to-live on service tokens
  • B. Implement batch tokens
  • C. Establish a rate limit quota
  • D. Reduce the number of policies attached to the tokens


Answer : B

When looking at Vault token details, which key helps you find the paths the token is able to access?

  • A. Meta
  • B. Path
  • C. Policies
  • D. Accessor


Answer : C

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault’s AWS secrets engine and the developer received the following output when requesting a credential from Vault.

Which Vault command will revoke the lease and remove the credential from AWS?

  • A. vault lease revoke aws/creds/s3-access/f3e92392-7d9c-09c8-c921-575d62fe80d8
  • B. vault lease revoke AKIAIOMQXTLW36DV7IEA
  • C. vault lease revoke f3e92392-7d9c-09c8-c921-575d62fe80d8
  • D. vault lease revoke access_key=AKIAIOWQXTLW36DV7IEA


Answer : A

When an auth method is disabled, all users authenticated via that method lose access.

  • A. True
  • B. False


Answer : A

An authentication method should be selected for a use case based on:

  • A. The auth method that best establishes the identity of the client
  • B. The cloud provider for which the client is located on
  • C. The strongest available cryptographic hash for the use case
  • D. Compatibility with the secret engine which is to be used


Answer : A

Page:    1 / 7   
Exam contains 99 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy