HashiCorp vault associate 002 practice test

hashicorp certified: vault associate (002)

Last exam update: Sep 12 ,2024
Page 1 out of 9. Viewing questions 1-10 out of 93

Question 1

Which of these are names of the replication methods available in Vault Enterprise? (Choose two.)

  • A. Disaster Recovery
  • B. Cluster sharping
  • C. Namespaces
  • D. Seal-Wrap
  • E. Performance
Answer:

ae

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 2

What is a secret in the context of Vault?

  • A. HTTP session token that provides authorization to Vault
  • B. Threshold of keys required to unseal the Vault
  • C. Anything stored or returned that contains confidential material
  • D. Engine responsible for logging all requests and responses
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of these is not a benefit of dynamic secrets?

  • A. Supports systems which do not natively provide a method of expiring credentials
  • B. Minimizes damage of credentials leaking
  • C. Ensures that administrators can see every password used
  • D. Replaces cumbersome password rotation tools and practices
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named sally with password h0wN0wB4r0wnC0w? This new user will need the power-users policy.

  • D. None
Answer:

d

User Votes:
D
50%
Discussions
vote your answer:
D
0 / 1000

Question 5

What command creates a secret with the key my-password and the value 53cr3t at path my-secrets within the KV secrets engine mounted at secret?

  • A. vault kv put secret/my-secrets/my-password 53cr3t
  • B. vault kv write secret/my-secrets/my-password 53cr3t
  • C. vault kv write 53cr3t my-secrets/my-password
  • D. vault kv put secret/my-secrets my-password-53cr3t
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion.
What auth-associated Vault object should be tracked to enable this behavior?

  • A. Token accessor
  • B. Token ID
  • C. Lease ID
  • D. Authentication method
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

When an auth method is disabled, all users authenticated via that method lose access.

  • A. True
  • B. False
Answer:

a

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 8

You have manually created some usernames and passwords for a Microsoft SQL database on Azure, and need to store these credentials in Vault. What secrets engine should you use for this?

  • A. MSSQL database secrets engine
  • B. Key/Value secrets engine version 2
  • C. Azure secrets engine
  • D. Transit engine
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

When creating a policy, an error was thrown:

Which statement describes the fix for this issue?

  • A. Replace write with create in the capabilities list
  • B. You cannot have a wildcard (*) in the path
  • C. sudo is not a capability
Answer:

a

User Votes:
A
50%
B
50%
C
50%
Discussions
vote your answer:
A
B
C
0 / 1000

Question 10

To encrypt your secret with the transit secrets engine, you must send the Base32-encoded plaintext to Vault.

  • A. True
  • B. False
Answer:

b

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000
To page 2