Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 5 / 10
Total 324 questions

Which of the following auth methods are intended for machine-to-machine authentication, and not necessarily human (operator) authentication? (Select four)

A.

Okta

B.

Tokens

C.

TLS Certificates

D.

Cloud-based Auth methods (AWS, Azure, GCP)

E.

LDAP

F.

AppRole

Which of the following best describes response wrapping?

A.

The response is Base64 encoded, and the user must decode the response to retrieve the cleartext data

B.

Rather than provide a direct response, Vault returns a token and an accessor

C.

Vault responds with an encrypted version of the response, decrypted via transit

D.

Vault inserts the response into a single-use token’s cubbyhole

Although batch and service tokens share many characteristics, which of the following are true only about batch tokens? (Select three)

A.

Can create child tokens

B.

Are renewable up until the max TTL

C.

Maintain a single fixed TTL

D.

They are valid for either the primary or any secondary clusters

E.

They are not persisted to disk

True or False? The root and default policies can be deleted if they are not needed or being used.

A.

True

B.

False

Short-lived, dynamically generated secrets provide organizations with many benefits. Select the benefits from the options below. (Select four)

A.

Each application instance can generate its own credentials, rather than using a shared credential across all application instances

B.

Credentials only exist when needed

C.

Applications only have access to privileged accounts when needed

D.

Credentials accidentally checked into a code repo or discovered in a text file are likely to be invalid

E.

Dynamic credentials do not change, so legacy applications can easily take advantage of them

What command can be used to revoke all leases associated with a database role named prod-mysql?

A.

vault lease revoke database/role/prod-mysql

B.

vault lease revoke -prefix database/creds/prod-mysql

C.

vault revoke database/role/prod-mysql

D.

vault lease revoke database/creds/prod-mysql

Tanner manages a data processing application and needs to be sure the data being processed is encrypted so it is securely stored post-processing. Which secrets engines can encrypt data? (Select three)

A.

transit

B.

KMIP

C.

SSH

D.

transform

Jarrad is an AWS engineer and has provisioned a new EC2 instance running MySQL since his application requires a specific MySQL version. He wants to integrate Vault into his workflow but is new to Vault. What secrets engine should Jarrad use to integrate this new database running in AWS?

A.

azure

B.

database

C.

kv

D.

aws

True or False? The following policy permits a user to read secrets contained in the path secrets/cloud/apps/jenkins?

text

CollapseWrapCopy

path " secrets/cloud/apps/jenkins/* " {

capabilities = [ " create " , " read " , " update " , " delete " , " list " ]

}

A.

True

B.

False

You have ciphertext stored in an Amazon S3 bucket encrypted by the key named prod-customer. Will Vault decrypt this data with the command vault write transit/decrypt/prod-customer ciphertext= " vault:v4:Xa1f9FIJtn13em/Wb7QCsXsU/kCOn7... " given this output?

    $ vault read transit/keys/prod-customer

    Key Value

    --- -----

    ...

    keys map[4:1549347108 5:1549347109 6:1549347110]

    latest_version 6

    min_available_version 0

    min_decryption_version 4

    min_encryption_version 0

Will Vault decrypt this data for you by running the following command?

    $ vault write transit/decrypt/prod-customer ciphertext= " vault:v4:Xa1f9FIJtn13em/Wb7QCsXsU/kCOn7... "

A.

Yes, because the minimum decryption key configuration is set to 4

B.

No, since the latest version of the key is 6