New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

VA-002-P Leak Questions

Page: 2 / 8
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Question 5

After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?

1. Key Value

2. --- -----

3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

Options:

A.

the original encryption key has been rotated at least once

B.

this is the second version of the encrypted data

C.

similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option

D.

the data is stored in Vault using a KV v2 secrets engine

Question 6

In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)

Options:

A.

issuing a vault kv destroy statement permanently deletes a single version of a secret

B.

issuing a vault kv destroy statement deletes all versions of a secret

C.

issuing a vault kv delete statement permanently deletes the secret

D.

issuing a vault kv metadata delete statement permanently deletes the secret

E.

issuing a vault kv delete statement performs a soft delete

Question 7

Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?

Options:

A.

path "secrets/applications/+/api_*" {

capabilities = ["read"]

}

B.

path "secrets/applications/" {

capabilities = ["read"]

allowed_parameters = {

"certificate" = []

}

}

C.

path "secrets/*" {

capabilities = ["list"]

}

D.

path "secrets/applications/app01/api_key" {

capabilities = ["update", "list"]

}

Question 8

When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

Options:

A.

the root token isn't a secure way of logging into Vault

B.

the root token is attached to the root policy, which likely provides too many privileges to a user

C.

the root token should be revoked and not used on a day-to-day basis

D.

It's easier to just use the root token than to configure additional auth methods

Page: 2 / 8
Total 200 questions