New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

HashiCorp Vault-Associate HashiCorp Certified: Vault Associate (002) Exam Practice Test

HashiCorp Certified: Vault Associate (002) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which of the following vault lease operations uses a lease_id as an argument? Choose two correct answers.

Options:

A.

renew

B.

revoke -prefix

C.

create

D.

describe

E.

revoke

Question 2

An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion. What auth-associated Vault object should be tracked to enable this behavior?

Options:

A.

Token accessor

B.

Token ID

C.

Lease ID

D.

Authentication method

Question 3

What are orphan tokens?

Options:

A.

Orphan tokens are tokens with a use limit so you can set the number of uses when you create them

B.

Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent does

C.

Orphan tokens are tokens with no policies attached

D.

Orphan tokens do not expire when their own max TTL is reached

Question 4

You can build a high availability Vault cluster with any storage backend.

Options:

A.

True

B.

False

Question 5

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.

Options:

A.

vault kv get secret/webapp1

B.

vault kv put secret/webapp1 apikey-"ABCDEFGHI] K123M"

C.

vault kv metadata get secret/webapp1

D.

vault kv delete secret/super-secret

E.

vault kv list secret/super-secret

Question 6

An authentication method should be selected for a use case based on:

Options:

A.

The auth method that best establishes the identity of the client

B.

The cloud provider for which the client is located on

C.

The strongest available cryptographic hash for the use case

D.

Compatibility with the secret engine which is to be used

Question 7

How would you describe the value of using the Vault transit secrets engine?

Options:

A.

Vault has an API that can be programmatically consumed by applications

B.

The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide

C.

Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault

D.

The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault

Question 8

Which of these are a benefit of using the Vault Agent?

Options:

A.

Vault Agent allows for centralized configuration of application secrets engines

B.

Vault Agent will auto-discover which authentication mechanism to use

C.

Vault Agent will enforce minimum levels of encryption an application can use

D.

Vault Agent will manage the lifecycle of cached tokens and leases automatically

Question 9

To make an authenticated request via the Vault HTTP API, which header would you use?

Options:

A.

The X-Vault-Token HTTP Header

B.

The x-Vault-Request HTTP Header

C.

The Content-Type HTTP Header

D.

The X-Vault-Namespace HTTP Header

Question 10

Which of the following cannot define the maximum time-to-live (TTL) for a token?

Options:

A.

By the authentication method t natively provide a method of expiring credentials

B.

By the client system f credentials leaking

C.

By the mount endpoint configurationvery password used

D.

A parent token TTL e password rotation tools and practices

E.

System max TTL

Question 11

Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?

Options:

A.

Google Cloud Secrets Engine

B.

Identity secrets engine

C.

Key/Value secrets engine version 2

D.

SSH secrets engine

Question 12

Where do you define the Namespace to log into using the Vault Ul?

To answer this question

Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer" button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.

Options:

Question 13

Running the second command in the GUI CLI will succeed.

Options:

A.

True

B.

False

Question 14

Which of the following is a machine-oriented Vault authentication backend?

Options:

A.

Okta

B.

AppRole

C.

Transit

D.

GitHub

Question 15

When looking at Vault token details, which key helps you find the paths the token is able to access?

Options:

A.

Meta

B.

Path

C.

Policies

D.

Accessor

Question 16

The following three policies exist in Vault. What do these policies allow an organization to do?

Options:

A.

Separates permissions allowed on actions associated with the transit secret engine

B.

Nothing, as the minimum permissions to perform useful tasks are not present

C.

Encrypt, decrypt, and rewrap data using the transit engine all in one policy

D.

Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data

Question 17

A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.

Options:

A.

You can rotate the encryption key so that the attacker won’t be able to decrypt the data

B.

The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted

C.

The Vault administrator would need to seal the Vault server immediately

D.

Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)