New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > HashiCorp > HashiCorp Security Automation Certification > Vault-Associate

Vault-Associate HashiCorp Certified: Vault Associate (002) Question and Answers

Question # 4

Where can you set the Vault seal configuration? Choose two correct answers.

A.

Cloud Provider KMS

B.

Vault CLI

C.

Vault configuration file

D.

Environment variables

E.

Vault API

Full Access
Question # 5

You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?

A.

Increase the time-to-live on service tokens

B.

Implement batch tokens

C.

Establish a rate limit quota

D.

Reduce the number of policies attached to the tokens

Full Access
Question # 6

An authentication method should be selected for a use case based on:

A.

The auth method that best establishes the identity of the client

B.

The cloud provider for which the client is located on

C.

The strongest available cryptographic hash for the use case

D.

Compatibility with the secret engine which is to be used

Full Access
Question # 7

How would you describe the value of using the Vault transit secrets engine?

A.

Vault has an API that can be programmatically consumed by applications

B.

The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide

C.

Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault

D.

The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault

Full Access
Question # 8

What is the Vault CLI command to query information about the token the client is currently using?

A.

vault lookup token

B.

vault token lookup

C.

vault lookup self

D.

vault self-lookup

Full Access
Question # 9

Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

A.

PKI

B.

Key/Value secrets engine version 2, with TTL defined

C.

Cloud KMS

D.

Transit

Full Access
Question # 10

Which of these is not a benefit of dynamic secrets?

A.

Supports systems which do not natively provide a method of expiring credentials

B.

Minimizes damage of credentials leaking

C.

Ensures that administrators can see every password used

D.

Replaces cumbersome password rotation tools and practices

Full Access
Question # 11

Use this screenshot to answer the question below:

Where on this page would you click to view a secret located at secret/my-secret?

A.

A

B.

B

C.

C

D.

D

E.

E

Full Access
Question # 12

Which Vault secret engine may be used to build your own internal certificate authority?

A.

Transit

B.

PKI

C.

PostgreSQL

D.

Generic

Full Access
Question # 13

When unsealing Vault, each Shamir unseal key should be entered:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

Full Access
Question # 14

Where do you define the Namespace to log into using the Vault Ul?

To answer this question

Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer" button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.

Full Access
Question # 15

What command creates a secret with the key "my-password" and the value "53cr3t" at path "my-secrets" within the KV secrets engine mounted at "secret"?

A.

vault kv put secret/my-secrets/my-password 53cr3t

B.

vault kv write secret/my-secrets/my-password 53cr3t

C.

vault kv write 53cr3t my-secrets/my-password

D.

vault kv put secret/my-secrets »y-password-53cr3t

Full Access
Question # 16

Which of the following vault lease operations uses a lease_id as an argument? Choose two correct answers.

A.

renew

B.

revoke -prefix

C.

create

D.

describe

E.

revoke

Full Access
Question # 17

Which of the following statements describe the CLI command below?

S vault login -method-1dap username-mitche11h

A.

Generates a token which is response wrapped

B.

You will be prompted to enter the password

C.

By default the generated token is valid for 24 hours

D.

Fails because the password is not provided

Full Access