HashiCorp Certified: Vault Associate (002)

Here you have the best HashiCorp Vault Associate 002 practice exam questions

You have 93 total questions to study from
Each page has 5 questions, making a total of 19 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on October 22, 2025
This site is not affiliated with or endorsed by HashiCorp.

Question 1 of 93

You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named "sally" with password "h0wN0wB4r0wnC0w"? This new user will need the power-users policy.

Exam Vault Associate 002: Question 1 - Image 1

Exam Vault Associate 002: Question 1 - Image 2

Exam Vault Associate 002: Question 1 - Image 3

Exam Vault Associate 002: Question 1 - Image 4

Correct Answer: D

To create a new user named 'sally' with the password 'h0wN0wB4r0wnC0w' and assign the 'power-users' policy using the Vault userpass auth method, you need to use the appropriate command for creating a user and setting the policy. The correct option clearly depicts this command with proper syntax, ensuring that the user 'sally' is created and the 'power-users' policy is applied.

Question 2 of 93

The vault lease renew command increments the lease time from:

The current time

The end of the lease

Correct Answer: A

The vault lease renew command increments the lease time from the current time. This means that the renewal period starts from the moment the command is executed, rather than from the original end of the lease.

Question 3 of 93

HOTSPOT -
Where do you define the Namespace to log into using the Vault UI?

To answer this question -
Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer” button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.
Exam Vault Associate 002: Question 3 - Image 1

Exam Vault Associate 002: Question 3 - Image 1

Correct Answer:

Exam Vault Associate 002: Question 3 - Image 2

Question 4 of 93

You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

A data key encrypts the blob locally, and the same key decrypts the blob locally.

To process such a large blob. Vault will temporarily store it in the storage backend.

Vault will store the blob permanently. Be sure to run Vault on a compute optimized machine.

The transit engine is not a good solution for binaries of this size.

Correct Answer: A

A data key encrypts the blob locally, and the same key decrypts the blob locally. The transit secrets engine in Vault is designed specifically for encrypting and decrypting data without storing the data. It provides encryption-as-a-service, which means it offloads the encryption workloads but does not temporarily or permanently store the data. Therefore, option A correctly describes the operation of the transit engine for encrypting and decrypting the blob locally using a data key.

Question 5 of 93

How would you describe the value of using the Vault transit secrets engine?

Vault has an API that can be programmatically consumed by applications

The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide

Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault

The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault

Correct Answer: D

The transit secrets engine in Vault provides encryption and decryption as a service, which means that application developers do not need to implement encryption themselves. Instead, they can offload this task to the operators of Vault who manage the encryption keys. This simplifies the process for developers and ensures that encryption is handled correctly and securely by a centralized service.