Valentine Day Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

Vault-Associate HashiCorp Certified: Vault Associate (002) Questions and Answers

Questions 4

Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

Options:

A.

generate-password | vault kv put secret/password value

B.

vault kv put secret/password value-itsasecret

C.

vault kv put secret/password value=@data.txt

D.

vault kv put secret/password value-SSECRET_VALUE

Buy Now
Questions 5

You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like?

Options:

A.

B.

C.

D.

Buy Now
Questions 6

How many Shamir's key shares are required to unseal a Vault instance?

Options:

A.

All key shares

B.

A quorum of key shares

C.

One or more keys

D.

The threshold number of key shares

Buy Now
Questions 7

Which Vault secret engine may be used to build your own internal certificate authority?

Options:

A.

Transit

B.

PKI

C.

PostgreSQL

D.

Generic

Buy Now
Questions 8

When using Integrated Storage, which of the following should you do to recover from possible data loss?

Options:

A.

Failover to a standby node

B.

Use snapshot

C.

Use audit logs

D.

Use server logs

Buy Now
Questions 9

Use this screenshot to answer the question below:

Where on this page would you click to view a secret located at secret/my-secret?

Options:

A.

A

B.

B

C.

C

D.

D

E.

E

Buy Now
Questions 10

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Options:

A.

Cluster sharding

B.

Namespaces

C.

Performance Replication

D.

Disaster Recovery Replication

Buy Now
Questions 11

Where can you set the Vault seal configuration? Choose two correct answers.

Options:

A.

Cloud Provider KMS

B.

Vault CLI

C.

Vault configuration file

D.

Environment variables

E.

Vault API

Buy Now
Questions 12

When unsealing Vault, each Shamir unseal key should be entered:

Options:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

Buy Now
Questions 13

To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?

Options:

A.

update

B.

read

C.

sudo

D.

list

E.

None of the above

Buy Now
Questions 14

Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

Options:

A.

PKI

B.

Key/Value secrets engine version 2, with TTL defined

C.

Cloud KMS

D.

Transit

Buy Now
Questions 15

What command creates a secret with the key "my-password" and the value "53cr3t" at path "my-secrets" within the KV secrets engine mounted at "secret"?

Options:

A.

vault kv put secret/my-secrets/my-password 53cr3t

B.

vault kv write secret/my-secrets/my-password 53cr3t

C.

vault kv write 53cr3t my-secrets/my-password

D.

vault kv put secret/my-secrets »y-password-53cr3t

Buy Now
Questions 16

Which of these is not a benefit of dynamic secrets?

Options:

A.

Supports systems which do not natively provide a method of expiring credentials

B.

Minimizes damage of credentials leaking

C.

Ensures that administrators can see every password used

D.

Replaces cumbersome password rotation tools and practices

Buy Now
Questions 17

Which of these are a benefit of using the Vault Agent?

Options:

A.

Vault Agent allows for centralized configuration of application secrets engines

B.

Vault Agent will auto-discover which authentication mechanism to use

C.

Vault Agent will enforce minimum levels of encryption an application can use

D.

Vault Agent will manage the lifecycle of cached tokens and leases automatically

Buy Now
Exam Code: Vault-Associate
Exam Name: HashiCorp Certified: Vault Associate (002)
Last Update: Feb 27, 2024
Questions: 57
Vault-Associate pdf

Vault-Associate PDF

$28  $80
Vault-Associate Engine

Vault-Associate Testing Engine

$33.25  $95
Vault-Associate PDF + Engine

Vault-Associate PDF + Testing Engine

$45.5  $130