Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
• For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates. • SkillCertPro assures 100% pass guarantee in first attempt
Typology: Exercises
1 / 9
HashiCorp Certified Vault Associate Practice Tests 2022. Contains 150+ exam questions to pass the exam in first attempt. SkillCertPro offers real exam questions for practice for all major IT certifications.
For a full set of 150 + questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.
Below are the free 10 sample questions.
True or False? After the lease has expired for a dynamic secret, Vault revokes the credentials on the backend platform for which they were created (i.e., database, AWS, Consul)
When a lease expires, Vault does indeed revoke the credentials on the platform for which they were created. This not only invalidates the credentials being used, but it also eliminates technical debt on the backend platform.
https://www.vaultproject.io/docs/concepts/lease
Industrial Robot Corp is running applications active/active in multiple data centers for high availability. Vault has been selected as the secrets management tool for tight integration with its applications. What Vault feature should be used in the secondary data center to ensure applications have local access to secrets?
A. federated Consul clusters B. performance standby C. disaster recovery cluster D. performance replication cluster
Performance replication clusters should be used in an active/active scenario to ensure applications in both data centers can easily access Vault secrets. This provides local access while providing high availability for both the applications and Vault itself.
https://www.vaultproject.io/docs/enterprise/replication#performance- replication-and-disaster-recovery-dr-replication
Which of the following secrets engines can store static secrets in Vault for future retrieval?
B. PKI (certificates) C. transit D. database
Beyond Cubbyhole, the KV secrets engine is the ONLY secrets engine that will store static data in Vault for future retrieval. All other secrets engines either generate or encrypt data.
https://www.vaultproject.io/docs/secrets#secrets-engines
What command can be used to update a Vault policy named web-app-1 using the command line?
A. vault policy fmt web.hcl B. vault policy update web-app-1 web.hcl C. vault policy write web-app-1 web.hcl D. vault policy create web-app-1 web.hcl
This one is tricky and the policy command trips me up sometimes. For one, there is no update command, only write. So when you need to update a Vault policy, you just write it again using the same name as the policy that already exists.
Personally, I mix this up with create all the time but create is NOT a valid command.
https://www.vaultproject.io/docs/commands/policy/write
You need to decrypt customer data to provide it to an application. When you run the decryption command, you get the output below. Why does the response not directly review the cleartext data? $ vault write transit/decrypt/phone_number
ciphertext=”vault:v1:tgx2vsxtlQRfyLSKvem…” Key Value — —– plaintext aGFzaGljb3JwIGNlcnRpZmllZDogdmF1bHQgYXNzb2NpYXRl
A. the original data must have been encrypted B. the user does not have permission to view the cleartext data C. the output is base64 encoded D. the output is actually a response wrapped token that needs to be unwrapped to reveal the original cleartext data
All plaintext data must be base64-encoded before being encrypted by Vault. As a result, decrypted data is always base64 encoded. You can decode the output to reveal the original cleartext data.
https://www.vaultproject.io/docs/secrets/transit#usage
For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.
True or False? Although AppRole is designed for machines, humans can use it to authenticate to Vault if you wish.
Yeah, absolutely. Although it’s not super friendly for us humans to remember the values or a ROLE_ID or SECRET_ID, you could use it if you wanted to.
https://www.vaultproject.io/docs/auth/approle
True or False? The root and default policies can be deleted if they are not needed or being used.
A. FALSE B. TRUE
The default and root policy cannot be deleted. You don’t have to use them, but you can’t delete them. For the default policy, you can instruct Vault to not assign new tokens the default policy by tuning the Vault configuration by issuing the following command:
$ vault token create -no-default-policy
https://www.vaultproject.io/docs/concepts/policies#built-in-policies
Based on the output below, how many policies have been added to Vault? $ vault policy list base default root web-app- automation-team
A. 4 B. 2 C. 3 D. 1
Vault has two default policies, root and default:
-root policy is created by default – it is a superuser with all permissions -default policy is created by default – common permissions
This means that the base, web-app-1, and automation-team policies have been added to Vault.
https://www.vaultproject.io/docs/concepts/policies#built-in-policies
You are enabling a secrets engine in Vault using the CLI. What subcommands are available when using the vault secrets command? (select five)
A. enable B. disable C. list D. migrate E. move F. tune
The vault secrets command has several subcommands to use when working with secrets engines, including:
https://www.vaultproject.io/docs/commands/secrets#usage
Complete the sentence: Unsealing Vault is the process of ___________________________.
A. reconstructing the master key B. creating the unseal or recovery keys C. exporting the encryption key D. decrypting the Vault data
Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key to decrypt the data, allowing access to the Vault.
Decrypting the Vault data is a result of unsealing Vault, but the process of unsealing Vault does not directly decrypt the Vault data.
https://www.vaultproject.io/docs/concepts/seal#seal-unseal
For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.