Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

Vault-Associate HashiCorp Certified: Vault Associate (002) Questions and Answers

Questions 4

An authentication method should be selected for a use case based on:

Options:

A.

The auth method that best establishes the identity of the client

B.

The cloud provider for which the client is located on

C.

The strongest available cryptographic hash for the use case

D.

Compatibility with the secret engine which is to be used

Buy Now
Questions 5

You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?

Options:

A.

Increase the time-to-live on service tokens

B.

Implement batch tokens

C.

Establish a rate limit quota

D.

Reduce the number of policies attached to the tokens

Buy Now
Questions 6

A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.

Options:

A.

You can rotate the encryption key so that the attacker won’t be able to decrypt the data

B.

The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted

C.

The Vault administrator would need to seal the Vault server immediately

D.

Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)

Buy Now
Questions 7

The vault lease renew command increments the lease time from:

Options:

A.

The current time

B.

The end of the lease

Buy Now
Questions 8

Which of the following vault lease operations uses a lease_id as an argument? Choose two correct answers.

Options:

A.

renew

B.

revoke -prefix

C.

create

D.

describe

E.

revoke

Buy Now
Questions 9

When using Integrated Storage, which of the following should you do to recover from possible data loss?

Options:

A.

Failover to a standby node

B.

Use snapshot

C.

Use audit logs

D.

Use server logs

Buy Now
Questions 10

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Options:

A.

Cluster sharding

B.

Namespaces

C.

Performance Replication

D.

Disaster Recovery Replication

Buy Now
Questions 11

Which of the following cannot define the maximum time-to-live (TTL) for a token?

Options:

A.

By the authentication method t natively provide a method of expiring credentials

B.

By the client system f credentials leaking

C.

By the mount endpoint configurationvery password used

D.

A parent token TTL e password rotation tools and practices

E.

System max TTL

Buy Now
Questions 12

When unsealing Vault, each Shamir unseal key should be entered:

Options:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

Buy Now
Questions 13

What environment variable overrides the CLI's default Vault server address?

Options:

A.

VAULT_ADDR

B.

VAULT_HTTP_ADORESS

C.

VAULT_ADDRESS

D.

VAULT _HTTPS_ ADDRESS

Buy Now
Questions 14

Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

Options:

A.

generate-password | vault kv put secret/password value

B.

vault kv put secret/password value-itsasecret

C.

vault kv put secret/password value=@data.txt

D.

vault kv put secret/password value-SSECRET_VALUE

Buy Now
Questions 15

What are orphan tokens?

Options:

A.

Orphan tokens are tokens with a use limit so you can set the number of uses when you create them

B.

Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent does

C.

Orphan tokens are tokens with no policies attached

D.

Orphan tokens do not expire when their own max TTL is reached

Buy Now
Questions 16

Where can you set the Vault seal configuration? Choose two correct answers.

Options:

A.

Cloud Provider KMS

B.

Vault CLI

C.

Vault configuration file

D.

Environment variables

E.

Vault API

Buy Now
Questions 17

How many Shamir's key shares are required to unseal a Vault instance?

Options:

A.

All key shares

B.

A quorum of key shares

C.

One or more keys

D.

The threshold number of key shares

Buy Now
Exam Code: Vault-Associate
Exam Name: HashiCorp Certified: Vault Associate (002)
Last Update: Oct 14, 2024
Questions: 57
Vault-Associate pdf

Vault-Associate PDF

$28  $80
Vault-Associate Engine

Vault-Associate Testing Engine

$33.25  $95
Vault-Associate PDF + Engine

Vault-Associate PDF + Testing Engine

$45.5  $130