VAULT-ASSOCIATE-002 Exam Questions
96 real VAULT-ASSOCIATE-002 exam questions with expert-verified answers and explanations. Page 2 of 2.
- Question #54Operate Vault
You are managing a Vault implementation that has been integrated with Azure SQL database to provide dynamic credentials. You have created a role that will provide database credenti...
Dynamic SecretsLeasesVault CLI - Question #55Operate Vault
One of the benefits of using the Vault transit secrets engine is its ability to easily rotate encryption keys. Which of these is true regarding key rotation?
Vault TransitKey RotationSecrets Engine Operations - Question #56Understand Vault Concepts
What is not a function provided by Vault's transit secret engine?
Transit Secret EngineSecret EnginesEncryption-as-a-ServiceData Security - Question #58Understand Vault Architecture
Which of the following storage backends supports high availability?
Vault storage backendsHigh availability (HA)ConsulVault architecture - Question #59Administer Vault
Which command will generate a new transit key?
Transit Secret EngineCLI CommandsKey Management - Question #60Operate Vault
Which of the following is the correct option to authenticate to Vault using a token using the CLI?
Vault CLIAuthenticationTokensvault login - Question #61Understand Vault Concepts
A child token must be assigned the same or a subset the parent token's policies.
TokensPoliciesToken hierarchyPermissions - Question #62Operate Vault
When enabling auto-unseal, how do you specify the seal type? (Choose two.)
Auto-unsealSeal configurationServer configurationVault operator commands - Question #63Understand Vault Concepts
An organization needs to protect sensitive application data currently stored in a database as plaintext. Which secrets engine provides a solution?
Transit Secrets EngineData EncryptionSecrets EnginesApplication Security - Question #64Understand Vault Concepts
What is true of Vault tokens? Choose TWO correct answers.
Vault TokensAuthenticationAuth MethodsCore Concepts - Question #65Operate Vault
Using the Vault CLI, what command is used to authenticate to Vault?
Vault CLIAuthenticationLogin command - Question #67Operate Vault
The vault lease renew command increments the lease time from:
Vault LeasesLease RenewalCLI Usage - Question #68Understand Vault Concepts
You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?
Vault Transit EngineEncryptionData Size LimitationsCryptography as a Service - Question #69Understand Vault Concepts
How would you describe the value of using the Vault transit secrets engine?
Transit Secrets EngineEncryption as a ServiceApplication Data EncryptionKey Management - Question #70Operate Vault
What is the Vault CLI command to query information about the token the client is currently using?
Vault CLIToken ManagementAuthentication - Question #71Understand Vault Concepts
Which of the following is a machine-oriented Vault authentication backend?
Vault authenticationAuthentication backendAppRoleMachine authentication - Question #72Secure Vault
Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?
Shell historyCLI securitySecrets managementVault CLI - Question #73Understand Vault Architecture
You can build a high availability Vault cluster with any storage backend.
High AvailabilityStorage BackendsVault ArchitectureHA Requirements - Question #74Operate Vault
What command creates a secret with the key "my-password" and the value "53cr3t" at path "my- secrets" within the KV secrets engine mounted at "secret"?
KV Secrets EngineCLISecrets ManagementVault Commands - Question #75Secure Vault
Which of the following statements explains the benefit of response wrapping? Choose TWO correct answers.
Response WrappingSecret SecurityVault TokensSecure Delivery - Question #76Understand Vault Concepts
Vault operators can create two types of groups in Vault. What are the two types?
Vault groupsInternal groupsExternal groupsGroup management - Question #77Understand Vault Concepts
Where on the page would you click to display the list of available Vault-created encryption keys?
Transit Secret EngineEncryption KeysSecret Engine PathsVault UI - Question #78Understand Vault Concepts
Which of the following describes usage of an identity group?
Identity GroupsVault PoliciesAccess Control - Question #79Administer Vault
Vault supports which type of configuration for source limited token?
Vault tokensToken configurationCIDR restrictionsSecurity policies - Question #80Understand Vault Architecture
Where does the Vault Agent store its cache?
Vault AgentCachingMemory storage - Question #81Understand Vault Concepts
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
PKI Secrets EngineX.509 CertificatesShort-lived CertificatesSecrets Engines - Question #82Secure Vault
When unsealing Vault each Shamir unseal key should be entered:
Vault UnsealingShamir Secret SharingSecurity Best PracticesMulti-administrator Operations - Question #83Secure Vault
As a best practice, the root token should be stored in which of the following ways?
Root tokenSecurity best practicesToken managementVault security - Question #84Administer Vault
When creating a policy, an error was thrown: Which statement describes the fix for this issue?
Vault PoliciesPolicy CapabilitiesPolicy Syntax - Question #85Administer Vault
Where can you set the Vault seal configuration? (Choose two.)
Vault SealVault ConfigurationServer ConfigurationAuto-unseal - Question #86Operate Vault
Which of the following vault lease operations uses a lease_id as an argument? (Choose two.)
Vault LeasesLease ManagementCLI OperationsSecret Lifecycles - Question #87Understand Vault Concepts
An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is A...
AWS EC2 authenticationVault authentication methodsAWS auth methodAppRole - Question #88Secure Vault
You are using Vault's Transit secrets engine to encrypt your data. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would...
Vault TransitKey rotationKey managementData encryption security - Question #89Understand Vault Concepts
What does the following policy do?
Vault PoliciesPolicy TemplatingKV Secret EngineAccess Control - Question #90Secure Vault
Which path will this policy allow? path "kv/+/team_*" { capabilities = [ "read" ] }
Vault PoliciesPolicy Path MatchingWildcards - Question #91Operate Vault
Which statements correctly describe the command below. Choose TWO correct answers. vault write transit/decrypt/password \ ciphertext=vault:v1:8SDd3WHDOjf7mq69CyCqYjBXAiQQAVZRkFM13o...
Transit Secrets EngineDecryptionVault CLIACLs - Question #92Understand Vault Concepts
Which statement is true about an orphan token?
Orphan tokensVault tokensToken expiration - Question #93Secure Vault
You need to edit a policy, but the UI appears as shown. What is the problem?
PermissionsPoliciesVault UIAccess Control - Question #94Operate Vault
Running the second command in the GUI CU will succeed.
Vault operationsCommand executionOperational failure - Question #95Administer Vault
Which of these options does not allow the creation of a root token?
Root TokensBatch TokensToken CreationToken Types - Question #96Operate Vault
You manage two Vault dusters: "vaultduster1.acme.corp" and "vaultduster2.acme.corp". You want to write a secret to the first Vaultcluster vaultcluster1.acme.corp and run vault kv p...
Vault CLIConfiguration precedenceVAULT_ADDRCommand-line flags - Question #98Operate Vault
Which statement describes the results of this command: vault kv list secret/test?
Vault CLIKV Secrets EngineSecrets Listing - Question #100Operate Vault
To encrypt your secret with the transit secrets engine, you must send the Base32-encoded plaintext to Vault.
Transit Secrets EngineEncryptionData EncodingVault API - Question #101Integrate Vault
Vault Agent supports which of the following? (Choose two.)
Vault AgentSecrets CachingAuthenticationApplication Integration - Question #102Understand Vault Concepts
Which is not true of Vault tokens?
Vault TokensAuthenticationAPI CallsLogin Process - Question #103Operate Vault
When using Integrated Storage, which of the following should you do to recover from possible data loss?
Integrated StorageSnapshotsData RecoveryRaft