New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium HashiCorp Vault-Associate Dumps Questions Answers

HashiCorp Certified: Vault Associate (002) Questions and Answers

Question 1

What environment variable overrides the CLI's default Vault server address?

Options:

A.

VAULT_ADDR

B.

VAULT_HTTP_ADORESS

C.

VAULT_ADDRESS

D.

VAULT _HTTPS_ ADDRESS

Buy Now
Question 2

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Options:

A.

Cluster sharding

B.

Namespaces

C.

Performance Replication

D.

Disaster Recovery Replication

Question 3

Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would you recommend?

Options:

A.

Google Cloud Secrets Engine

B.

Identity secrets engine

C.

Key/Value secrets engine version 2

D.

SSH secrets engine

Question 4

The Vault encryption key is stored in Vault's backend storage.

Options:

A.

True

B.

False

Question 5

You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"? This new user will need the power-users policy.

Options:

A.

B.

C.

D.

Question 6

An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

Options:

A.

True

B.

False

Question 7

Which statement describes the results of this command: $ vault secrets enable transit

Options:

A.

Enables the transit secrets engine at transit path

B.

Requires a root token to execute the command successfully

C.

Enables the transit secrets engine at secret path

D.

Fails due to missing -path parameter

E.

Fails because the transit secrets engine is enabled by default

Question 8

Use this screenshot to answer the question below:

When are you shown these options in the GUI?

Options:

A.

Enabling policies

B.

Enabling authentication engines

C.

Enabling secret engines

D.

Enabling authentication methods

Question 9

What are orphan tokens?

Options:

A.

Orphan tokens are tokens with a use limit so you can set the number of uses when you create them

B.

Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent does

C.

Orphan tokens are tokens with no policies attached

D.

Orphan tokens do not expire when their own max TTL is reached

Question 10

You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

Options:

A.

A data key encrypts the blob locally, and the same key decrypts the blob locally.

B.

To process such a large blob. Vault will temporarily store it in the storage backend.

C.

Vault will store the blob permanently. Be sure to run Vault on a compute optimized machine

D.

The transit engine is not a good solution for binaries of this size.

Question 11

What is the Vault CLI command to query information about the token the client is currently using?

Options:

A.

vault lookup token

B.

vault token lookup

C.

vault lookup self

D.

vault self-lookup

Question 12

Running the second command in the GUI CLI will succeed.

Options:

A.

True

B.

False

Question 13

A user issues the following cURL command to encrypt data using the transit engine and the Vault AP:

Which payload.json file has the correct contents?

Options:

A.

B.

C.

D.

Question 14

The following three policies exist in Vault. What do these policies allow an organization to do?

Options:

A.

Separates permissions allowed on actions associated with the transit secret engine

B.

Nothing, as the minimum permissions to perform useful tasks are not present

C.

Encrypt, decrypt, and rewrap data using the transit engine all in one policy

D.

Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data

Question 15

Which of the following statements describe the CLI command below?

S vault login -method-1dap username-mitche11h

Options:

A.

Generates a token which is response wrapped

B.

You will be prompted to enter the password

C.

By default the generated token is valid for 24 hours

D.

Fails because the password is not provided

Question 16

Where can you set the Vault seal configuration? Choose two correct answers.

Options:

A.

Cloud Provider KMS

B.

Vault CLI

C.

Vault configuration file

D.

Environment variables

E.

Vault API

Question 17

Which of the following is a machine-oriented Vault authentication backend?

Options:

A.

Okta

B.

AppRole

C.

Transit

D.

GitHub