Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 3 / 10
Total 324 questions

After a client has authenticated to Vault, what security feature is used to make all subsequent calls?

A.

ldap

B.

pgp

C.

path

D.

key shard

E.

listener

F.

token

True or False? After initializing Vault or restarting the Vault service, each individual node in the cluster needs to be unsealed.

A.

True

B.

False

By default, what happens to child tokens when a parent token is revoked?

A.

The child tokens are revoked

B.

The child tokens are renewed

C.

The child tokens are converted to parent tokens

D.

The child tokens create their own child tokens to be used

Christy has created a token and needs to use that token to access Vault. What command can she use to authenticate and access secrets stored in Vault?

$ vault token create -policy=christy

Key Value

--- -----

token hvs.hxDIPd8RPVtxu4AzSGS1lArP

token_accessor AxwxpDs6LbdFQbWGmBDnwIK3

token_duration 24h

token_renewable true

token_policies [ " christy " " default " ]

identity_policies []

policies [ " christy " " default " ]

A.

vault login hvs.hxDIPd8RPVtxu4AzSGS1lArP

B.

vault login -method=password

C.

vault login -method=token christy

D.

vault login -accessor=AxwxpDs6LbdFQbWGmBDnwIK3

After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to make Vault remove the secret?

A.

vault lease revoke -force -prefix < lease_path >

B.

vault lease -renew

C.

vault lease revoke -enforce

D.

vault revoke -apply

An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?

A.

Go back to using static credentials

B.

Renew the lease before expiration

C.

Revoke the lease before expiration

D.

Use a different auth method

Before the following command can be run to encrypt data, what (three) commands must be run to enable and configure the transit secrets engine in Vault? (Select three)

text

CollapseWrapCopy

$ vault write transit/encrypt/vendor \

plaintext= " aGFzaGljb3JwIGNlcnRpZmllZA== "

A.

base64 < < < " hashicorp certified "

B.

vault write transit/encrypt/vendor

C.

vault secrets list

D.

vault secrets enable transit

E.

vault write -f transit/keys/vendor

A new Vault administrator is writing a CURL command (shown below) to retrieve a secret stored in a KV v2 secrets engine at secret/audio/soundbooth but is receiving an error. What could be the cause of the error?

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v1/secret/audio/soundbooth

A.

The VAULT_ADDR environment variable wasn’t set, so it should be configured: export VAULT_ADDR= " https://vault.unlimited.com:8200 "

B.

The request is being made on the incorrect endpoint and should be:

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v1/secret/data/audio/soundbooth

C.

The user’s token doesn’t permit access to the Vault API, only the UI

D.

The endpoint should point to v2 since this is a KV v2 secrets engine:

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v2/secret/audio/soundbooth

Which of the following statements best describes the difference between static and dynamic credentials in a secrets management system?

A.

They are functionally identical—the only difference is what secrets engine creates them.

B.

Static credentials only apply to specific use cases, while dynamic credentials can be used everywhere.

C.

Static credentials often remain persistent for long periods of time, while dynamic are short-lived and auto-rotated.

D.

Static credentials are ephemeral and rotated frequently, while dynamic credentials remain unchanged indefinitely.

Which of the following auth methods is the best choice for human interaction with Vault (as opposed to machine/system authentication)?

A.

Kubernetes

B.

AppRole

C.

TLS

D.

OIDC