New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

HashiCorp Vault-Associate HashiCorp Certified: Vault Associate (002) Exam Practice Test

Demo: 17 questions
Total 57 questions

HashiCorp Certified: Vault Associate (002) Questions and Answers

Question 1

Use this screenshot to answer the question below:

When are you shown these options in the GUI?

Options:

A.

Enabling policies

B.

Enabling authentication engines

C.

Enabling secret engines

D.

Enabling authentication methods

Question 2

An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

Options:

A.

True

B.

False

Question 3

What command creates a secret with the key "my-password" and the value "53cr3t" at path "my-secrets" within the KV secrets engine mounted at "secret"?

Options:

A.

vault kv put secret/my-secrets/my-password 53cr3t

B.

vault kv write secret/my-secrets/my-password 53cr3t

C.

vault kv write 53cr3t my-secrets/my-password

D.

vault kv put secret/my-secrets »y-password-53cr3t

Question 4

An authentication method should be selected for a use case based on:

Options:

A.

The auth method that best establishes the identity of the client

B.

The cloud provider for which the client is located on

C.

The strongest available cryptographic hash for the use case

D.

Compatibility with the secret engine which is to be used

Question 5

What is a benefit of response wrapping?

Options:

A.

Log every use of a secret

B.

Load balanc secret generation across a Vault cluster

C.

Provide error recovery to a secret so it is not corrupted in transit

D.

Ensure that only a single party can ever unwrap the token and see what's inside

Question 6

Which of the following statements are true about Vault policies? Choose two correct answers.

Options:

A.

The default policy can not be modified

B.

You must use YAML to define policies

C.

Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault

D.

Vault must be restarted in order for a policy change to take an effect

E.

Policies deny by default (empty policy grants no permission)

Question 7

Which of these are a benefit of using the Vault Agent?

Options:

A.

Vault Agent allows for centralized configuration of application secrets engines

B.

Vault Agent will auto-discover which authentication mechanism to use

C.

Vault Agent will enforce minimum levels of encryption an application can use

D.

Vault Agent will manage the lifecycle of cached tokens and leases automatically

Question 8

Which of the following is a machine-oriented Vault authentication backend?

Options:

A.

Okta

B.

AppRole

C.

Transit

D.

GitHub

Question 9

You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?

Options:

A.

Increase the time-to-live on service tokens

B.

Implement batch tokens

C.

Establish a rate limit quota

D.

Reduce the number of policies attached to the tokens

Question 10

What are orphan tokens?

Options:

A.

Orphan tokens are tokens with a use limit so you can set the number of uses when you create them

B.

Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent does

C.

Orphan tokens are tokens with no policies attached

D.

Orphan tokens do not expire when their own max TTL is reached

Question 11

When creating a policy, an error was thrown:

Which statement describes the fix for this issue?

Options:

A.

Replace write with create in the capabilities list

B.

You cannot have a wildcard (" • ") in the path

C.

sudo is not a capability

Question 12

When unsealing Vault, each Shamir unseal key should be entered:

Options:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

Question 13

When an auth method is disabled all users authenticated via that method lose access.

Options:

A.

True

B.

False

Question 14

Which of the following statements describe the CLI command below?

S vault login -method-1dap username-mitche11h

Options:

A.

Generates a token which is response wrapped

B.

You will be prompted to enter the password

C.

By default the generated token is valid for 24 hours

D.

Fails because the password is not provided

Question 15

The following three policies exist in Vault. What do these policies allow an organization to do?

Options:

A.

Separates permissions allowed on actions associated with the transit secret engine

B.

Nothing, as the minimum permissions to perform useful tasks are not present

C.

Encrypt, decrypt, and rewrap data using the transit engine all in one policy

D.

Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data

Question 16

Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

Options:

A.

generate-password | vault kv put secret/password value

B.

vault kv put secret/password value-itsasecret

C.

vault kv put secret/password value=@data.txt

D.

vault kv put secret/password value-SSECRET_VALUE

Question 17

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Options:

A.

Cluster sharding

B.

Namespaces

C.

Performance Replication

D.

Disaster Recovery Replication

Demo: 17 questions
Total 57 questions