Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam

Page: 8 / 10
Total 324 questions

Jason has enabled the userpass auth method at the path users/. What path would Jason and other Vault operators use to interact with this new auth method?

A.

users/auth/

B.

authentication/users

C.

auth/users

D.

users/

Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?

A.

AWS

B.

Userpass

C.

Token

D.

AppRole

What are the primary benefits of running Vault in a production deployment over dev server mode (select two)?

A.

Faster deployment

B.

Persistent storage

C.

Ability to enable auth methods

D.

Encryption via TLS

Given the following screenshot, how many secrets engines have been enabled by a Vault user?

A.

2

B.

3

C.

4

D.

5

After encrypting data using the Transit secrets engine, you’ve received the following output. Which of the following is true based on the output displayed below?

Key: ciphertext Value: vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

A.

The original encryption key has been rotated at least once

B.

The data is stored in Vault using a KV v2 secrets engine

C.

This is the second version of the encrypted data

D.

Similar to the KV secrets engine, the Transit secrets engine was enabled using the transit v2 option

A user is assigned the following policy, and they can successfully retrieve secrets using the CLI. However, the user reports receiving an error message in the UI. Why can’t the user access the secret in the Vault UI?

path " kv/apps/app01 " { capabilities = [ " read " ] }

Successful retrieval using the CLI

(Error: Permission denied in UI)

A.

The user doesn’t know what they’re doing

B.

The user doesn’t have permissions to retrieve the data from the UI, only the CLI

C.

The user needs list permissions to browse the UI

D.

The user’s token is invalid

You are deploying Vault in a local data center, but want to be sure you have a secondary Vault cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?

A.

Disaster Recovery replication

B.

Performance replication

Which scenario most strongly indicates a need to run a self-hosted Vault cluster instead of using HCP Vault Dedicated?

A.

Your organization doesn’t require any custom security policies or intricate network topologies

B.

You want to offload all operational tasks and rely on HashiCorp to manage patching, upgrades, and infrastructure

C.

You prefer a fully managed environment that is readily scalable with minimal configuration overhead

D.

You must maintain specific compliance or custom integration requirements that demand full control over the Vault environment, including infrastructure provisioning and plugin development

After decrypting data using the Transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?

$ vault write transit/decrypt/creditcard ciphertext= " vault:v1:cZNHVx+sxdMEr....... "

Key: plaintext Value: Y3JlZGl0LWNhcmQtbnVtYmVyCg==

A.

Vault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

B.

The user doesn’t have permission to decrypt the data, therefore Vault returns false data

C.

The resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 --decode command

D.

The data is corrupted. Execute the encryption command again using a different data key

From the unseal options listed below, select the options you can use if you ' re deploying Vault on-premises (select four).

A.

Certificates

B.

Transit

C.

AWS KMS

D.

HSM PKCS11

E.

Key shards