HashiCorp vault associate 002 practice test

hashicorp certified: vault associate (002)

Last exam update: May 17 ,2024
Page 1 out of 10. Viewing questions 1-10 out of 93

Question 1

Which statement describes the results of this command: vault kv list secret/test?

  • A. Check the status of a specific key/value secrets engine
  • B. List the existing key names at the secret/test path
  • C. Output all key/value secrets engines
  • D. Output all key names from all key/value secrets engine
Mark Question:
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of these options does not allow the creation of a root token?

  • A. By using batch tokens
  • B. By using another root token
  • C. The initial root token generated at the vault operator init time
  • D. By using vault operator generate-root with the permission of a quorum of unseal key holders
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following storage backends supports high availability?

  • A. Azure Storage Container
  • B. Manta
  • C. Amazon S3
  • D. Consul
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which is not true of Vault tokens?

  • A. Vault tokens are the core method for authentication in Vault
  • B. Vault tokens are generated by every authentication method login
  • C. Vault tokens map to information including polices the token holder has, TTL and max usage, metadata, creation and last renewal time, and more
  • D. Vault tokens are required for every Vault call
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following are replication methods available in Vault Enterprise? (Choose two.)

  • A. Cluster sharding
  • B. Namespaces
  • C. Performance Replication
  • D. Disaster Recovery Replication
Mark Question:
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following statements are true about Vault policies? (Choose two.)

  • A. The default policy can not be modified
  • B. You must use YAML to define policies
  • C. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault
  • D. Vault must be restarted in order for a policy change to take an effect
  • E. Policies deny by default (empty policy grants no permission)
Mark Question:
Answer:

ce

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

What information is required to revoke a Vault lease?

  • A. Secret ID
  • B. User ID
  • C. Lease ID
  • D. Token ID
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Why might an application be mapped to an identity entity?

  • A. To prohibit Vault administrators from revoking tokens associated with that application
  • B. To get around cloud license limitations
  • C. To allow an application deployed with multiple authentication methods have a consistent set of policies
  • D. To allow the same application in one cloud to access already provisioned Vault tokens for that application in another cloud
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

You manage two Vault dusters: vaultduster1.acme.corp and vaultduster2.acme.corp. You want to write a secret to the first Vaultcluster vaultcluster1.acme.corp and run vault kv put secret/foo value=bar. The command times out and the error references the Vault cluster, vaultcluster2.acme.corp.
You run the command again with the following address flag:
vault kv put -address=https://vaultcluster1.acme.corp secret/foo value=bar
The command completes successfully. You find that the terminal session defines the environment variable VAULT_ADDR=https://vaultcluster2.acxe.corp:8200
Why was the second attempt successful?

  • A. Environment variables take precedence over flags
  • B. VAULT_CLUSTER_ADDR needs to be provided
  • C. Flags take precedence over environment variables
  • D. Vault listener is misconfigured
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Where can you set the Vault seal configuration? (Choose two.)

  • A. Cloud Provider KMS
  • B. Vault CLI
  • C. Vault configuration file
  • D. Environment variables
  • E. Vault API
Mark Question:
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
To page 2