HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam
Jason has enabled the userpass auth method at the path users/. What path would Jason and other Vault operators use to interact with this new auth method?
Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?
What are the primary benefits of running Vault in a production deployment over dev server mode (select two)?
Given the following screenshot, how many secrets engines have been enabled by a Vault user?

After encrypting data using the Transit secrets engine, you’ve received the following output. Which of the following is true based on the output displayed below?
Key: ciphertext Value: vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
A user is assigned the following policy, and they can successfully retrieve secrets using the CLI. However, the user reports receiving an error message in the UI. Why can’t the user access the secret in the Vault UI?
path " kv/apps/app01 " { capabilities = [ " read " ] }
Successful retrieval using the CLI

(Error: Permission denied in UI)

You are deploying Vault in a local data center, but want to be sure you have a secondary Vault cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?
Which scenario most strongly indicates a need to run a self-hosted Vault cluster instead of using HCP Vault Dedicated?
After decrypting data using the Transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?
$ vault write transit/decrypt/creditcard ciphertext= " vault:v1:cZNHVx+sxdMEr....... "
Key: plaintext Value: Y3JlZGl0LWNhcmQtbnVtYmVyCg==
From the unseal options listed below, select the options you can use if you ' re deploying Vault on-premises (select four).
