New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

HashiCorp VA-002-P Based on Real Exam Environment

Page: 5 / 8
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Question 17

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

Options:

A.

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

B.

path "secret/apps/*" {

capabilities = ["deny"]

}

C.

path "secret/apps/confidential" {

capabilities = ["deny"]

}

D.

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

Question 18

You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

Options:

A.

a vault policy is preventing you from logging in

B.

the vault configuration file has an incorrect configuration

C.

the consul storage backend was not configured correctly

D.

vault needs to be initialized before it can be used

Question 19

What is a downside to using a Terraform provider, such as the Vault provider, to interact with sensitive data, such as reading secrets from Vault?

Options:

A.

Terraform and Vault must be running on the same physical host

B.

Terraform and Vault must be running on the same version

C.

Terraform requires a unique auth method to work with Vault

D.

Secrets are persisted to the state file and plans

Question 20

By default, the max TTL for a token is how many days?

Options:

A.

14 days

B.

32 days

C.

31 days

D.

7 days

Page: 5 / 8
Total 200 questions