HashiCorp Certified: Vault Associate (002)

Here you have the best Hashicorp Vault Associate 002 practice exam questions

  • You have 93 total questions to study from
  • Each page has 5 questions, making a total of 19 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on November 24, 2024
Question 1 of 93

You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"? This new user will need the power-users policy.

    Correct Answer: D

    To create a new user named 'sally' with the password 'h0wN0wB4r0wnC0w' and assign the 'power-users' policy using the Vault userpass auth method, you need to use the appropriate command for creating a user and setting the policy. The correct option clearly depicts this command with proper syntax, ensuring that the user 'sally' is created and the 'power-users' policy is applied.

Question 2 of 93

The vault lease renew command increments the lease time from:

    Correct Answer: A

    The vault lease renew command increments the lease time from the current time. This means that the renewal period starts from the moment the command is executed, rather than from the original end of the lease.

Question 3 of 93

HOTSPOT -

Where do you define the Namespace to log into using the Vault UI?

To answer this question -

Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer” button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.

    Correct Answer:

Question 4 of 93

You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

    Correct Answer: A

    A data key encrypts the blob locally, and the same key decrypts the blob locally. The transit secrets engine in Vault is designed specifically for encrypting and decrypting data without storing the data. It provides encryption-as-a-service, which means it offloads the encryption workloads but does not temporarily or permanently store the data. Therefore, option A correctly describes the operation of the transit engine for encrypting and decrypting the blob locally using a data key.

Question 5 of 93

How would you describe the value of using the Vault transit secrets engine?

    Correct Answer: D

    The transit secrets engine in Vault provides encryption and decryption as a service, which means that application developers do not need to implement encryption themselves. Instead, they can offload this task to the operators of Vault who manage the encryption keys. This simplifies the process for developers and ensures that encryption is handled correctly and securely by a centralized service.