Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 6 / 10
Total 324 questions

You want to generate a token with a TTL of 24 hours which can be renewed indefinitely.

Which flag would you use on the following command?

vault token create

A.

-explicit-max-ttl=0

B.

-ttl=24h

C.

-period=24h

D.

-orphan

You need to manage access to Vault secrets engines for users that will have multiple accounts with various identity providers with which they will authenticate to Vault, such as GitHub, LDAP, Active Directory, etc.

What would allow them to have a single set of policies across all of these identity providers for each user?

A.

Identity secrets engine

B.

OIDC (OpenID Connect) authentication method

C.

LDAP authentication method

D.

Tokens

Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

A.

generate-password | vault kv put secret/password value

B.

vault kv put secret/password value-itsasecret

C.

vault kv put secret/password value=@data.txt

D.

vault kv put secret/password value-SSECRET_VALUE

A system starts up 1000+ containers, all requiring connection to Vault upon its initial setup.

Which strategy will reduce I/O traffic to the storage backend?

A.

Use Kubernetes auth method.

B.

Use batch tokens.

C.

Use AppRole auth method.

D.

Use service tokens with short TTL.

E.

Use single-use tokens.

You can build a high availability Vault cluster with any storage backend.

A.

True

B.

False

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.

A.

vault kv get secret/webapp1

B.

vault kv put secret/webapp1 apikey- " ABCDEFGHI] K123M "

C.

vault kv metadata get secret/webapp1

D.

vault kv delete secret/super-secret

E.

vault kv list secret/super-secret

Where does the Vault Agent store its cache?

A.

In a file encrypted using the Vault transit secret engine

B.

In the Vault key/value store

C.

In an unencrypted file

D.

In memory

The base namespace for HCP Vault Dedicated clusters is admin.

A.

True

B.

False

Which of the following is a reason to rekey a Vault cluster?

Pick the 2 correct responses below.

A.

A keyholder joins or leaves the organization.

B.

A compliance policy mandates rotating the root key at a regular interval.

C.

Additional Vault nodes are added to a cluster.

D.

Upgrading Vault Community Edition to Vault Enterprise.

E.

The root token is lost.

A user issues the following cURL command to encrypt data using the transit engine and the Vault AP:

Which payload.json file has the correct contents?

A.

B.

C.

D.