HashiCorp HCVA0-003 - HashiCorp Certified: Vault Associate (003) Exam
Which of the following is true about the token authentication method in Vault? (Select three)
Over a few years, you have a lot of data that has been encrypted by older versions of a Transit encryption key. Due to compliance regulations, you have to re-encrypt the data using the newest version of the encryption key. What is the easiest way to complete this task without putting the data at risk?
Your team uses the Transit secrets engine to encrypt all data before writing it to a MySQL database server. During testing, you manually retrieve ciphertext from the database and decrypt it to ensure the data can be read. After decrypting the data, you are worried something is wrong because the plaintext data isn’t legible. Why can you not read the original plaintext data after decrypting the ciphertext?
$ vault write transit/decrypt/krausen-key ciphertext=vault:v1:8SDd3WHDOjf7mq69C.....
Key Value
--- -----
plaintext Zml2ZSBzdGFyIHByYWN0aWNlIGV4YW1zIGJ5IGJyeWFuIGtyYXVzZW4=
You have a CI/CD pipeline using Terraform to provision AWS resources with static privileged credentials. Your security team requests that you use Vault to limit AWS access when needed. How can you enhance this process and increase pipeline security?
You have multiple Vault clusters in your environment, one for test and one for production. You have the CLI installed on your local machine and need to target the production cluster to make configuration changes. What environment variable can you set to target the production cluster?
Your organization is integrating its legacy application with Vault to improve its security. However, you have discovered that the application has issues when the token changes for authentication during testing. What type of token could be used to help alleviate this issue without compromising security?
To secure your applications, your organization uses certificates generated by a public CA. However, this strategy has proven expensive and you have to revoke certificates even though they have additional time left. What Vault plugin can be used to quickly generate X.509 certificates to secure your internal applications?
Sara uses the Vault CLI for administrative tasks on the production cluster. However, she encounters permission-denied errors when making changes and needs to check which policies are attached to her token to view and adjust permissions. What command can she run on the Vault node to see the attached policies?
What of the following features are true about batch tokens in Vault? (Select two)
By default, what methods of authentication does Vault support? (Select four)
