Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

HashiCorp Certified Vault Associate Exam Dumps 2022, Exercises of Computer Science

• For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates. • SkillCertPro assures 100% pass guarantee in first attempt

Typology: Exercises

2021/2022

Uploaded on 02/25/2022

smith-alecia-h
smith-alecia-h 🇮🇳

4.1

(19)

20 documents

1 / 9

Toggle sidebar

Related documents


Partial preview of the text

Download HashiCorp Certified Vault Associate Exam Dumps 2022 and more Exercises Computer Science in PDF only on Docsity!

HashiCorp Certified Vault Associate Exam Dumps 2022

HashiCorp Certified Vault Associate Practice Tests 2022. Contains 150+ exam questions to pass the exam in first attempt. SkillCertPro offers real exam questions for practice for all major IT certifications.

 For a full set of 150 + questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/  SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.  It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.  SkillCertPro updates exam questions every 2 weeks.  You will get life time access and life time free updates  SkillCertPro assures 100% pass guarantee in first attempt.

Below are the free 10 sample questions.

Question 1:

True or False? After the lease has expired for a dynamic secret, Vault revokes the credentials on the backend platform for which they were created (i.e., database, AWS, Consul)

A. TRUE

B. FALSE

Answer: A

Explanation:

When a lease expires, Vault does indeed revoke the credentials on the platform for which they were created. This not only invalidates the credentials being used, but it also eliminates technical debt on the backend platform.

https://www.vaultproject.io/docs/concepts/lease

Question 2:

Industrial Robot Corp is running applications active/active in multiple data centers for high availability. Vault has been selected as the secrets management tool for tight integration with its applications. What Vault feature should be used in the secondary data center to ensure applications have local access to secrets?

A. federated Consul clusters B. performance standby C. disaster recovery cluster D. performance replication cluster

Answer: D

Explanation:

Performance replication clusters should be used in an active/active scenario to ensure applications in both data centers can easily access Vault secrets. This provides local access while providing high availability for both the applications and Vault itself.

  • DR clusters won’t respond to clients – useful for active/passive scenarios
  • performance standby nodes are used to scale out a single Vault cluster, not across multiple data centers
  • federated Consul clusters should NEVER be used as a backend for Vault. Please don’t do this if you value your time.

https://www.vaultproject.io/docs/enterprise/replication#performance- replication-and-disaster-recovery-dr-replication

Question 3:

Which of the following secrets engines can store static secrets in Vault for future retrieval?

A. KV

B. PKI (certificates) C. transit D. database

Answer: A

Explanation:

Beyond Cubbyhole, the KV secrets engine is the ONLY secrets engine that will store static data in Vault for future retrieval. All other secrets engines either generate or encrypt data.

https://www.vaultproject.io/docs/secrets#secrets-engines

Question 4:

What command can be used to update a Vault policy named web-app-1 using the command line?

A. vault policy fmt web.hcl B. vault policy update web-app-1 web.hcl C. vault policy write web-app-1 web.hcl D. vault policy create web-app-1 web.hcl

Answer: C

Explanation:

This one is tricky and the policy command trips me up sometimes. For one, there is no update command, only write. So when you need to update a Vault policy, you just write it again using the same name as the policy that already exists.

Personally, I mix this up with create all the time but create is NOT a valid command.

https://www.vaultproject.io/docs/commands/policy/write

Question 5:

You need to decrypt customer data to provide it to an application. When you run the decryption command, you get the output below. Why does the response not directly review the cleartext data? $ vault write transit/decrypt/phone_number
ciphertext=”vault:v1:tgx2vsxtlQRfyLSKvem…” Key Value — —– plaintext aGFzaGljb3JwIGNlcnRpZmllZDogdmF1bHQgYXNzb2NpYXRl

A. the original data must have been encrypted B. the user does not have permission to view the cleartext data C. the output is base64 encoded D. the output is actually a response wrapped token that needs to be unwrapped to reveal the original cleartext data

Answer: C

Explanation:

All plaintext data must be base64-encoded before being encrypted by Vault. As a result, decrypted data is always base64 encoded. You can decode the output to reveal the original cleartext data.

https://www.vaultproject.io/docs/secrets/transit#usage

 For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/  SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.

 It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.  SkillCertPro updates exam questions every 2 weeks.  You will get life time access and life time free updates  SkillCertPro assures 100% pass guarantee in first attempt.

Question 6:

True or False? Although AppRole is designed for machines, humans can use it to authenticate to Vault if you wish.

A. FALSE

B. TRUE

Answer: B

Explanation:

Yeah, absolutely. Although it’s not super friendly for us humans to remember the values or a ROLE_ID or SECRET_ID, you could use it if you wanted to.

https://www.vaultproject.io/docs/auth/approle

Question 7:

True or False? The root and default policies can be deleted if they are not needed or being used.

A. FALSE B. TRUE

Answer: A

Explanation:

The default and root policy cannot be deleted. You don’t have to use them, but you can’t delete them. For the default policy, you can instruct Vault to not assign new tokens the default policy by tuning the Vault configuration by issuing the following command:

$ vault token create -no-default-policy

https://www.vaultproject.io/docs/concepts/policies#built-in-policies

Question 8:

Based on the output below, how many policies have been added to Vault? $ vault policy list base default root web-app- automation-team

A. 4 B. 2 C. 3 D. 1

Answer: C

Explanation:

Vault has two default policies, root and default:

-root policy is created by default – it is a superuser with all permissions -default policy is created by default – common permissions

This means that the base, web-app-1, and automation-team policies have been added to Vault.

https://www.vaultproject.io/docs/concepts/policies#built-in-policies

Question 9:

You are enabling a secrets engine in Vault using the CLI. What subcommands are available when using the vault secrets command? (select five)

A. enable B. disable C. list D. migrate E. move F. tune

Answer: A, B, C, E, F

Explanation:

The vault secrets command has several subcommands to use when working with secrets engines, including:

  • disable – Disable a secrets engine
  • enable – Enable a secrets engine
  • list – List enabled secrets engines
  • move – Move a secrets engine to a new path
  • tune – Tune a secrets engine configuration

https://www.vaultproject.io/docs/commands/secrets#usage

Question 10:

Complete the sentence: Unsealing Vault is the process of ___________________________.

A. reconstructing the master key B. creating the unseal or recovery keys C. exporting the encryption key D. decrypting the Vault data

Answer: A

Explanation:

Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key to decrypt the data, allowing access to the Vault.

Decrypting the Vault data is a result of unsealing Vault, but the process of unsealing Vault does not directly decrypt the Vault data.

https://www.vaultproject.io/docs/concepts/seal#seal-unseal

 For a full set of 150+ questions. Go to https://skillcertpro.com/product/hashicorp-certified-vault-associate-exam- questions/  SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.  It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.  SkillCertPro updates exam questions every 2 weeks.  You will get life time access and life time free updates  SkillCertPro assures 100% pass guarantee in first attempt.