Free Online HashiCorp Vault-Associate Practice Test

Prepare Your HashiCorp Vault-Associate Exam Questions with Free online Vault-Associate Practice Test. Get Brilliant HashiCorp Certified: Vault Associate (002) Exam Results with Valid Vault Associate Exam Dumps.

Page: 1 / 66

Total 328 Questions | Updated On: May 15, 2024

Add To Cart

Question 1

Smelly Candles, LLC is using Vault to encrypt customer data to ensure it is always stored in a secure fashion. Mostafa is developing a new application integration to send new customer data to be encrypted. He has created the following CURL request:

curl \

--header "X-Vault-Token: s.sf4vj1rFV5PvQSbrxQFsfbXA" \

--request POST \

--data @data.json \

https://prod-vault.smelly.com:8200/v1/transit/encrypt/customer-data

What would be contained within the data.json file?

A : cleartext customer data to be encrypted

B : transit secrets engine configuration file

C : ciphertext to be decrypted

D : the encryption key to be used for encrypting the data

Answer: A

Question 2

Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database.

What auth method should Tommy use in Vault to meet the requirements while not violating security policies?

A : AppRole

B : Token

C : Userpass

D : AWS

Answer: D

Question 3

When architecting a Vault replication configuration, why should you never terminate TLS on a frontend load balancer?

A : If Vault detects that the traffic has been unencrypted and re-encrypted, due to the load balancer, it will automatically drop the traffic as it is no longer trusted

B : Vault generates self-signed mutual TLS for replication. If the LB is performing TLS termination, this will break the mutual TLS between nodes

C : Vault requires that only Consul service discovery can be used to direct traffic to an active Vault node

D : Vault replication won't work with the type of certificates that a traditional load balancer uses

Answer: B

Question 4

Your organization recently suffered a security breach on a specific application, and the security response team believes that MySQL database credentials were likely obtained during the event. The application generated the credentials using the database secrets engine in Vault mounted the path database/.

How can you quickly revoke all of the secrets generated by this secrets engine?

A : vault token revoke database/*

B : vault secrets disable mysql

C : vault lease renew database/creds/mysql

D : vault lease revoke -prefix database/

Answer: D

Question 5

Which of the following secrets engines does NOT issue a lease upon a read request?

A : AWS

B : Consul

C : KV

D : database

Answer: C

Page: 1 / 66

Total 328 Questions | Updated On: May 15, 2024

Add To Cart