Vault Associate 002 Exam

Exam Vault Associate 002 All QuestionsBrowse all questions from this exam

Question 4

You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

A data key encrypts the blob locally, and the same key decrypts the blob locally.

To process such a large blob. Vault will temporarily store it in the storage backend.

Vault will store the blob permanently. Be sure to run Vault on a compute optimized machine.

The transit engine is not a good solution for binaries of this size.

Correct Answer: A

A data key encrypts the blob locally, and the same key decrypts the blob locally. The transit secrets engine in Vault is designed specifically for encrypting and decrypting data without storing the data. It provides encryption-as-a-service, which means it offloads the encryption workloads but does not temporarily or permanently store the data. Therefore, option A correctly describes the operation of the transit engine for encrypting and decrypting the blob locally using a data key.

Discussion

daz_rekkaOption: A

Answer: A https://developer.hashicorp.com/vault/tutorials/encryption-as-a-service/eaas-transit#additional-discussion-bring-your-own-key

Mark1000Option: A

A https://developer.hashicorp.com/vault/tutorials/encryption-as-a-service/eaas-transit