Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 4 / 10
Total 324 questions

Vault operators can create two types of groups in Vault. What are the two types?

A.

External groups

B.

Security groups

C.

Policy groups

D.

Internal groups

True or False? A token can be renewed up until the max TTL, even if the TTL has been reached.

A.

True

B.

False

After setting up a new HashiCorp Vault server with the default configurations, which method can be used to unseal Vault?

A.

Log on to each Vault node and provide the root token

B.

Running vault operator init to regenerate unseal keys and automatically unseal the Vault

C.

Submit a threshold of unseal keys to reconstruct the root key

D.

Restart the Vault service, which will automatically unseal it

Your organization operates active/active applications across multiple data centers for high availability. Which Vault feature should be used in the secondary data centers to provide local access to secrets?

A.

Performance standby nodes

B.

Customized plugins for the Vault cluster

C.

Disaster recovery cluster

D.

Performance replication cluster

You need to create a limited-privileged token that isn’t impacted by the TTL of its parent. What type of token should you create?

A.

Service token with a use limit

B.

Orphan token

C.

Periodic token

D.

Root token

Which of the following secrets engines can store static secrets in Vault for future retrieval?

A.

KV

B.

PKI (certificates)

C.

Database

D.

Transit

When you are unsealing Vault using unseal keys, what are you actually doing?

A.

Creating the recovery keys

B.

Exporting the encryption key

C.

Reconstructing the root key

D.

Decrypting the Vault data

Which of the following actions can be performed if you only had access to a token’s accessor? (Select four)

A.

Look up a token’s properties

B.

Renew the token

C.

Retrieve the actual token ID

D.

Revoke the token

E.

Look up a token’s capabilities on a path

You have multiple Kubernetes pods that need frequent access to Vault to retrieve credentials for establishing connectivity to a backend database. You enable the Kubernetes auth method in Vault. What resource do you need to create within Kubernetes to complete this configuration?

A.

Username and password for kubectl

B.

k8s service account token

C.

A Vault token for authentication

D.

An AppRole role_id and secret_id

What command would you use to enable the Kubernetes secrets engine at the path of /k8s-cluster?

A.

vault secrets enable -path=k8s-cluster kubernetes

B.

vault kv put k8s-cluster type=kubernetes

C.

vault write sys/mounts/k8s-cluster

D.

vault secrets enable kubernetes -path=k8s-cluster