Vault-Associate Practice Online

Question 1

Your organization recently suffered a security breach on a specific application, and the security response team believes that MySQL database credentials were likely obtained during the event. The application generated the credentials using the database secrets engine in Vault mounted the path database/.

How can you quickly revoke all of the secrets generated by this secrets engine?

A : vault token revoke database/*

B : vault secrets disable mysql

C : vault lease renew database/creds/mysql

D : vault lease revoke -prefix database/

Answer: D

Question 2

Which is not a benefit of running HashiCorp Vault in your environment?

A : Integrate with your code repository to pull secrets when deploying your applications

B : Consolidate static, long-lived passwords used throughout your organization

C : Act as root or intermediate certificate authority to automate the generation of PKI certificates

D : The ability to generate dynamic secrets for applications and resource access

Answer: A

Question 3

Smelly Candles, LLC is using Vault to encrypt customer data to ensure it is always stored in a secure fashion. Mostafa is developing a new application integration to send new customer data to be encrypted. He has created the following CURL request:

curl \

--header "X-Vault-Token: s.sf4vj1rFV5PvQSbrxQFsfbXA" \

--request POST \

--data @data.json \

https://prod-vault.smelly.com:8200/v1/transit/encrypt/customer-data

What would be contained within the data.json file?

A : cleartext customer data to be encrypted

B : transit secrets engine configuration file

C : ciphertext to be decrypted

D : the encryption key to be used for encrypting the data

Answer: A

Question 4

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

A :

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

B :

path "secret/apps/*" {

capabilities = ["deny"]

}

C : path "secret/apps/confidential" {

capabilities = ["deny"]

}

D :

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

Answer: C

Question 5

Which auth method is ideal for machine to machine authentication?

A : GitHub

B : UserPass

C : AppRole

D : Okta

Answer: C

Name:	HashiCorp Certified: Vault Associate (002)
Exam Code:	Vault-Associate
Certification:	HashiCorp Security Automation
Vendor:	HashiCorp
Total Questions:	328
Last Updated:	May 09, 2024

Download Demo Vault-Associate Dumps

Create Account

Password Recovery

Vault-Associate Practice Online

Download Demo Vault-Associate Dumps

Member Login

Create Account

Password Recovery

Vault-Associate Practice Online