Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 10 / 10
Total 324 questions

You have enabled the Transit secrets engine and want to start encrypting data to store in Azure Blob storage. What is the next step that needs to be completed before you can encrypt data? (Select two)

A.

Export the encryption key and upload it to the application server

B.

Enable the Transit secrets engine API

C.

Create an encryption key for the application to use

D.

Write a policy that permits the application to use the encryption key

Which of the following are considered benefits of using policies in Vault? (Select three)

A.

Policies are assigned to a token on a 1:1 basis to eliminate conflicting policies

B.

Provides granular access control to paths within Vault

C.

Policies have an implicit deny, meaning that policies are deny by default

D.

Policies provide Vault operators with role-based access control

You are using the Vault API to test authentication before modifying your CI/CD pipeline to properly authenticate to Vault. You manually authenticate to Vault and receive the response below. Based on the provided options, which of the following are true? (Select four)

    $ curl \

    --request POST \

    --data @payload.json \

    https://vault.krausen.com:8200/v1/auth/userpass/login/bryan.krausen | jq

     

    *******************************************************************************

    ******* RESPONSE BELOW ********************************************************

    *******************************************************************************

     

    {

    " request_id " : " f758e8da-11b6-8341-d404-56f0c370a7fa " ,

    " lease_id " : " " ,

    " renewable " : false,

    " lease_duration " : 0,

    " data " : null,

    " wrap_info " : null,

    " warnings " : null,

    " auth " : {

    " client_token " : " hvs.CbzCNJCVWt63jyzyaJakgDwz " ,

    " accessor " : " rffwXzKFcxvaQi6Vgo8tY4Lt " ,

    " policies " : [

    " training " ,

    " default "

    ],

    " token_policies " : [

    " training " ,

    " default "

    ],

    " metadata " : {

    " username " : " bryan.krausen "

    },

    " lease_duration " : 84600,

    " renewable " : true,

    " entity_id " : " f1795f6a-c576-d619-b2d5-74c0aee08edb " ,

    " token_type " : " service " ,

    " orphan " : true

    }

    }

A.

The token required to retrieve a secret is hvs.CbzCNJCVWt63jyzyaJakgDwz

B.

The returned token is a batch token

C.

The user needs to retrieve .auth.client_token in order to perform other actions

D.

The accessor will be used to authenticate to Vault to retrieve secrets

E.

The user is using the userpass auth method

F.

The user’s password is stored in a file named payload.json

Frapps, Inc. is a coffee startup specializing in frozen caffeinated beverages. Their new customer loyalty web app uses Vault to store sensitive information, choosing Integrated Storage for its benefits. Select the benefits the organization would see by using Integrated Storage over other storage backends (Select four)

A.

Eliminates network communication between hosts, requiring no open ports between hosts

B.

Uses the SERF gossip protocol to enable communication between cluster nodes

C.

Eliminates the requirement to deploy and manage a separate platform for storing encrypted data

D.

Simplified troubleshooting since Integrated Storage is a built-in solution

E.

Reduces operational overhead since all configuration is within Vault itself

F.

Immediate access to storage since the data is stored locally on disk

You are using Vault to generate dynamic credentials for a Microsoft SQL server to perform queries for a month-end report. The report seems to be taking much longer than expected due to degradation on the underlying server, and you are afraid that Vault might automatically revoke the credentials. How can you extend the time the credentials are valid to ensure your month-end query is successful?

A.

Renew the lease

B.

Generate a new lease

C.

Create a new role within the secrets engine for the database

D.

Revoke the lease

Your co-worker has asked you to perform certain operations in Vault and has provided you with a token accessor (not the token itself). What Vault operations would you be allowed to perform using only the provided accessor? (Select three)

A.

Renew the token to extend the TTL

B.

Revoke the token in Vault to make it invalid

C.

Create child tokens associated with the same policies as the related token

D.

Lookup properties of the token, such as the TTL, policies, and metadata

Before data is written to the storage backend, the data is encrypted by which Vault feature?

A.

TLS certificate

B.

Cryptographic barrier

C.

Unseal keys

D.

Transit secrets engine