Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 7 / 10
Total 324 questions

To make an authenticated request via the Vault HTTP API, which header would you use?

A.

The X-Vault-Token HTTP Header

B.

The x-Vault-Request HTTP Header

C.

The Content-Type HTTP Header

D.

The X-Vault-Namespace HTTP Header

What is Vault’s default REST API port?

A.

443

B.

8200

C.

8201

D.

8500

E.

None of these are Vault’s default REST API port.

What is required to seal Vault?

A.

A single operator with root privileges.

B.

3 Shamir’s keys.

C.

A threshold of operators with root privileges.

D.

The root key.

When an auth method is disabled all users authenticated via that method lose access.

A.

True

B.

False

A user logs into Vault through a configured LDAP auth method and notices that re-authentication is needed after every 8 hours.

Why would the user be required to log in again every 8 hours?

A.

The time-to-live associated with the existing token lease is up, and the lease has been revoked.

B.

The wrong token was provided by the user too many times and has been revoked.

C.

The administrator revoked the root token.

D.

The LDAP password associated with the user has changed.

Which of the following describes usage of an identity group?

A.

Limit the policies that would otherwise apply to an entity in the group

B.

When they want to revoke the credentials for a whole set of entities simultaneously

C.

Audit token usage

D.

Consistently apply the same set of policies to a collection of entities

A policy is shown in the exhibit.

What does this policy do?

Exhibit:

path " secret/data/{{identity.entity.id}}/* " { capabilities = [ " create " , " update " , " read " , " delete " ] }

path " secret/metadata/{{identity.entity.id}}/* " { capabilities = [ " list " ] }

A.

Grants access to a special system entity folder.

B.

Nothing, this is not a valid policy.

C.

Grants access for each user to a KV folder, which shares their ID.

D.

Allows a user to read data about the secret endpoint identity.

Which command implements the AppRole authentication method?

A.

vault auth enable approle

B.

vault mount approle

C.

vault mount enable approle

D.

vault enable approle

When unsealing Vault, each Shamir unseal key should be entered:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

You are building a new CI/CD pipeline which integrates with Vault. You will be building multiple targets: on premises in vSphere, and in AWS. You have already selected the AWS authentication method for the AWS targets.

Which auth method can the CI/CD tool use to authenticate with the on-premises targets?

A.

AWS

B.

GitHub

C.

AppRole

D.

Userpass