Average Score In Real
Exam At Testing Centre
Questions came word by
word from this dump
Try a free demo of our HashiCorp Vault-Associate PDF and practice exam software before the purchase to get a closer look at practice questions and answers.
We provide up to 3 months of free after-purchase updates so that you get HashiCorp Vault-Associate practice questions of today and not yesterday.
We have a long list of satisfied customers from multiple countries. Our HashiCorp Vault-Associate practice questions will certainly assist you to get passing marks on the first attempt.
CramTick offers HashiCorp Vault-Associate PDF questions, and web-based and desktop practice tests that are consistently updated.
CramTick has a support team to answer your queries 24/7. Contact us if you face login issues, payment, and download issues. We will entertain you as soon as possible.
Thousands of customers passed the HashiCorp HashiCorp Certified: Vault Associate (002) exam by using our product. We ensure that upon using our exam products, you are satisfied.
You can build a high availability Vault cluster with any storage backend.
Not all storage backends support high availability mode for Vault. Only the storage backends that support locking can enable Vault to run in a multi-server mode where one server is active and the others are standby. Some examples of storage backends that support high availability mode are Consul, Integrated Storage, and ZooKeeper. Some examples of storage backends that do not support high availability mode are Filesystem, MySQL, and PostgreSQL. References: https://developer.hashicorp.com/vault/docs/concepts/ha 1, https://developer.hashicorp.com/vault/docs/configuration/storage 2
To make an authenticated request via the Vault HTTP API, which header would you use?
To make an authenticated request via the Vault HTTP API, you need to use the X-Vault-Token HTTP Header or the Authorization HTTP Header using the Bearer
Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?
The Google Cloud Secrets Engine is the best option for the DevOps team to provision VMs in GCP via a CICD pipeline and integrate Vault to protect the credentials used by the tool. The Google Cloud Secrets Engine can dynamically generate GCP service account keys or OAuth tokens based on IAM policies, which can be used to authenticate and authorize the CICD tool to access GCP resources. The credentials are automatically revoked when they are no longer used or when the lease expires, ensuring that the credentials are short-lived and secure. The DevOps team can configure rolesets or static accounts in Vault to define the scope and permissions of the credentials, and use the Vault API or CLI to request credentials on demand. The Google Cloud Secrets Engine also supports generating access tokens for impersonated service accounts,which can be useful for delegating access to other service accounts without storing or managing their keys1.
The Identity Secrets Engine is not a good option for this use case, because it does not generate GCP credentials, but rather generates identity tokens that can be used to access other Vault secrets engines or namespaces2. The Key/Value Secrets Engine version 2 is also not a good option, because it does not generate dynamic credentials, but rather stores and manages static secrets that the user provides3. The SSH Secrets Engine is not a good option either, because it does not generate GCP credentials, but rather generates SSH keys or OTPs that can be used to access remote hosts via SSH4.