Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 2 / 10
Total 324 questions

Which of the following best describes a token accessor?

A.

A value that describes which clients have access to the attached token

B.

Describes the value associated with the token’s TTL

C.

A token used for clients to access Vault secrets engines

D.

A value that acts as a reference to a token which can be used to perform limited actions against the token

You have deployed an application that needs to encrypt data before writing to a database. What secrets engine should you use?

A.

Transit

B.

SSH

C.

PKI

D.

TOTP

You are using Azure Key Vault for the auto-unseal configuration on your cluster. After the Vault service restarts, what command must you run to unseal Vault?

A.

You don’t need to run a command when using auto-unseal

B.

vault operator members

C.

vault operator unseal

D.

vault operator init

Which of the following statements are true about HCP Vault Dedicated? (Select three)

A.

Provides 100% feature parity compared to Vault self-managed clusters

B.

Helps reduce operational overhead for organizations with push-button deployment and fully managed upgrades

C.

Increases reliability and ease of use so you can onboard applications and teams easily

D.

Increases security across clouds and machines through a single interface

Which two interfaces automatically assume the token for subsequent requests after successfully authenticating? (Select two)

A.

CLI

B.

API

C.

UI

Beyond encryption and decryption of data, which of the following is not a function of the Transit secrets engine?

A.

Generate hashes and HMACs of data

B.

Sign and verify data

C.

Store the encrypted data securely in Vault for retrieval

D.

Act as a source of random bytes

What is the result of the following Vault command?

$ vault auth enable kubernetes

A.

Allows Vault to access usernames and passwords stored in a Kubernetes cluster

B.

Mounts the Kubernetes auth method to the default path of kubernetes/

C.

Imports Kubernetes secrets to the local KV database

D.

Enables Vault to host an IdP for Kubernetes workloads

Which is not a capability that can be used when writing a Vault policy?

A.

delete

B.

modify

C.

create

D.

list

E.

read

F.

update

Without logging into another interface, what feature can Chad use to execute a simple CLI command to enable a new secrets engine?

A.

CLI emulation in the Vault UI (Feature 1)

B.

User information button (Feature 2)

C.

Client count details (Feature 3)

D.

Access management link (Feature 4)

True or False? All Vault policies are deny by default.

A.

True

B.

False