Browse Exams Pricing

ExamsVAULT-ASSOCIATE-002Questions

VAULT-ASSOCIATE-002 Exam Questions

96 real VAULT-ASSOCIATE-002 exam questions with expert-verified answers and explanations. Page 1 of 2.

Question #1Secure Vault
What can be used to limit the scope of a credential breach?
Dynamic SecretsCredential SecuritySecret ManagementBreach Mitigation
Question #2Operate Vault
What environment variable overrides the CLI's default Vault server address?
Vault CLIEnvironment variablesVault server address configuration
Question #3Operate Vault
Which of the following statements describe the CLI command below? $ vault login -method=ldap username=mitchellh
Vault CLIAuthenticationLDAP Auth MethodInteractive Login
Question #4Understand Vault Concepts
The following three policies exist in Vault. What do these policies allow an organization to do? app.hcl callcenter.hcl rewrap.hcl
Vault PoliciesTransit Secret EnginePermissionsAccess Control
Question #5Integrate Vault
Your DevOps team would like to provision VMs in GCP via a CICD pipeline. They would like to integrate Vault to protect the credentials used by the tool. Which secrets engine would...
Google Cloud Secrets EngineDynamic SecretsCloud CredentialsCICD Integration
Question #6Understand Vault Concepts
Which of these is not a benefit of dynamic secrets?
dynamic secretscredential managementsecret lifecyclesecurity benefits
Question #7Understand Vault Concepts
Which of the following cannot define the maximum time-to-live (TTL) for a token?
Token ManagementTime-to-Live (TTL)LeasesVault Configuration
Question #8Understand Vault Concepts
What are orphan tokens?
Vault TokensToken LifecycleParent-Child TokensToken Expiration
Question #9Secure Vault
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?
Vault PoliciesACL CapabilitiesList CapabilitySecret Paths
Question #11Operate Vault
When using Integrated Storage, which of the following should you do to recover from possible data loss?
Integrated StorageData RecoverySnapshotsBackup and Restore
Question #12Understand Vault Concepts
How many Shamir's key shares are required to unseal a Vault instance?
Shamir's Secret SharingUnsealingKey sharesThreshold
Question #13Integrate Vault
Which of these are a benefit of using the Vault Agent?
Vault AgentToken managementLease managementApplication integration
Question #14Operate Vault
To make an authenticated request via the Vault HTTP API, which header would you use?
Vault APIAuthenticationHTTP HeadersTokens
Question #15Understand Vault Architecture
Which of the following are replication methods available in Vault Enterprise? (Choose two.)
ReplicationVault EnterpriseHigh AvailabilityDisaster Recovery
Question #16Administer Vault
Use this screenshot to answer the question below: When are you shown these options in the GUI?
Vault UISecret EnginesEngine Configuration
Question #17Administer Vault
Examine the command below. Output has been trimmed. Which of the following statements describe the command and its output?
AppRoleAuthentication MethodsRole IDSecret ID
Question #18Secure Vault
The secrets engine is enabled at secret/. See the following policy: key/value v2 Which of the following operations are permitted by this policy? (Choose two.)
Vault PoliciesKV Secrets Engine V2CapabilitiesSecret Operations
Question #19Administer Vault
You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?
Vault TokensBatch TokensPerformance OptimizationAuthentication
Question #20Understand Vault Concepts
When looking at Vault token details, which key helps you find the paths the token is able to access?
Vault tokensVault policiesAccess controlAuthorization
Question #22Understand Vault Concepts
When an auth method is disabled, all users authenticated via that method lose access.
Auth MethodsAuthenticationUser Access
Question #23Understand Vault Concepts
An authentication method should be selected for a use case based on:
Authentication MethodsClient IdentityVault Concepts
Question #24Secure Vault
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit, which of the following statements are true? (Choose...
Vault Transit Secrets EngineKey RotationVault Security OperationsIncident Response
Question #25Understand Vault Architecture
The Vault encryption key is stored in Vault's backend storage.
Vault Key ManagementSeal/UnsealMaster KeyBackend Storage
Question #26Understand Vault Architecture
Which of the following statements describe the secrets engine in Vault? (Choose three.)
secrets engineVault architectureengine extensibilitypath isolation
Question #27Secure Vault
What is a benefit of response wrapping?
Response wrappingSecret deliveryVault securityToken wrapping
Question #28Understand Vault Concepts
Which of the following describes the Vault's auth method component?
Auth MethodsAuthenticationTokens
Question #30Understand Vault Concepts
Which Vault secret engine may be used to build your own internal certificate authority?
Secret EnginesPKI Secret EngineCertificate Authority
Question #31Understand Vault Concepts
Which of the following statements are true about Vault policies? (Choose two.)
Vault PoliciesAccess ControlPolicy StructureDefault Behavior
Question #32Operate Vault
Use this screenshot to answer the question below: Where on this page would you click to view a secret located at secret/my-secret?
Vault UISecrets managementNavigationAccessing secrets
Question #33Operate Vault
An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion. What auth-associated Vault object should be tracked to enable this...
TokensToken ManagementRevocationAuthentication
Question #34Administer Vault
Which statement describes the results of this command: $ vault secrets enable transit?
Secrets EnginesTransit Secrets EngineVault CLIDefault Paths
Question #35Administer Vault
Which of the following is a reason to rekey a Vault cluster? (Choose two.)
RekeyingMaster Key RotationSecurity Best PracticesCompliance
Question #36Understand Vault Concepts
What information is required to revoke a Vault lease?
Vault leasesLease revocationLease ID
Question #37Administer Vault
Use this screenshot to answer the question below: Which statement describes this AppRole auth method configuration?
AppRoleAuth MethodsTokensConfiguration
Question #38Understand Vault Concepts
What is a secret in the context of Vault?
SecretsCore ConceptsConfidential DataVault Terminology
Question #39Understand Vault Concepts
What methods of authentication does Vault support? (Choose four.)
Vault authentication methodsAuth methodsIdentity managementVault features
Question #40Operate Vault
Vault Agent allows client-side caching of tokens and leases. If the agent is shut down, those tokens and leases cached will be revoked.
Vault AgentToken lifecycleLease managementClient-side caching
Question #41Understand Vault Concepts
Which kind of token can be renewed indefinitely?
Vault TokensToken TypesPeriodic TokensToken Renewal
Question #42Understand Vault Concepts
You can use a response-wrapping token more than once for as long as it has not expired.
Response WrappingTokensSecurityToken Usage
Question #43Administer Vault
Which statement describes the results of this command: $ vault secrets enable - version=2 kv (Choose two.)
Vault CLISecrets EnginesK/V Secrets EngineK/V v2
Question #44Operate Vault
Which of these are names of the replication methods available in Vault Enterprise? (Choose two.)
ReplicationVault Enterprise FeaturesDisaster Recovery ReplicationPerformance Replication
Question #45Understand Vault Concepts
What attributes are unique to batch tokens? (Choose three.)
Batch tokensToken attributesToken types
Question #46Understand Vault Concepts
You have manually created some usernames and passwords for a Microsoft SQL database on Azure, and need to store these credentials in Vault. What secrets engine should you use for t...
Key/Value secrets engineStatic secretsStoring credentialsVault secrets engines
Question #47Administer Vault
To create a non-root token with time-to-live (TTL) set to 30 minutes but with no max TTL which flag would you use?
Vault TokensTTLToken ManagementCLI
Question #48Understand Vault Concepts
A user successfully logs into Vault with the following cURL command: curl --request POST --data @payload.json The response will include what information?
Vault AuthenticationAPI ResponseClient TokenPolicies
Question #49Understand Vault Concepts
Which of the following statements are true about the default policy? (Choose two.)
Vault policiesDefault policyBuilt-in policiesToken permissions
Question #50Understand Vault Concepts
Why might an application be mapped to an identity entity?
Vault Identity SystemEntities and AliasesAuthentication MethodsPolicy Consistency
Question #51Understand Vault Architecture
Unsealing a single Vault server in a cluster unseals all Vault servers in that cluster.
UnsealingVault ClusterHigh AvailabilitySeal Status
Question #52Administer Vault
Which endpoint can be used to list all tokens?
Vault APIToken ManagementAuthenticationEndpoints
Question #53Secure Vault
The mechanism to associate an authentication method with access to specific secrets is by specifying a/an:
Vault PoliciesAuthorizationAccess ControlSecrets Management

Page 1 of 2Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.