HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam
After a client has authenticated to Vault, what security feature is used to make all subsequent calls?
True or False? After initializing Vault or restarting the Vault service, each individual node in the cluster needs to be unsealed.
By default, what happens to child tokens when a parent token is revoked?
Christy has created a token and needs to use that token to access Vault. What command can she use to authenticate and access secrets stored in Vault?
$ vault token create -policy=christy
Key Value
--- -----
token hvs.hxDIPd8RPVtxu4AzSGS1lArP
token_accessor AxwxpDs6LbdFQbWGmBDnwIK3
token_duration 24h
token_renewable true
token_policies [ " christy " " default " ]
identity_policies []
policies [ " christy " " default " ]
After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to make Vault remove the secret?
An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?
Before the following command can be run to encrypt data, what (three) commands must be run to enable and configure the transit secrets engine in Vault? (Select three)
text
CollapseWrapCopy
$ vault write transit/encrypt/vendor \
plaintext= " aGFzaGljb3JwIGNlcnRpZmllZA== "
A new Vault administrator is writing a CURL command (shown below) to retrieve a secret stored in a KV v2 secrets engine at secret/audio/soundbooth but is receiving an error. What could be the cause of the error?
$ curl \
--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \
https://vault.unlimited.com:8200/v1/secret/audio/soundbooth
Which of the following statements best describes the difference between static and dynamic credentials in a secrets management system?
Which of the following auth methods is the best choice for human interaction with Vault (as opposed to machine/system authentication)?
