Free HashiCorp Vault-Associate Exam Questions

Become HashiCorp Certified with updated Vault-Associate exam questions and correct answers

Page: 1 / 58

Total 288 Questions | Updated On: Jan 27, 2026

Add To Cart

Question 1

Which of these is not a benefit of dynamic secrets?

A : Supports systems which do not natively provide a method of expiring credentials

B : Minimizes damage of credentials leaking

C : Ensures that administrators can see every password used

D : Replaces cumbersome password rotation tools and practices

Answer: C

Question 2

As a best practice, the root token should be stored in which of the following ways?

A : Should be revoked and never stored after initial setup

B : Should be stored in configuration automation tooling

C : Should be stored in another password safe

D : Should be stored in Vault

Answer: A

Question 3

True or False? When encrypting data with the Transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.

A : True

B : False

Answer: B

Question 4

Your organization runs workloads on both AWS and Azure for production applications. The security team has requested that a single Vault authentication mechanism be enabled to support applications on both public cloud platforms. Which of the following would be a valid auth method you can use?

A : AWS

B : GitHub

C : AppRole

D : Azure

Answer: C

Question 5

Which of the following policies would permit a user to generate dynamic credentials on a database?

A : path "database/creds/read_only_role" { capabilities = ["generate"] }

B : path "database/creds/read_only_role" { capabilities = ["update"] }

C : path "database/creds/read_only_role" { capabilities = ["list"] }

D : path "database/creds/read_only_role" { capabilities = ["read"] }

Answer: D

Page: 1 / 58

Total 288 Questions | Updated On: Jan 27, 2026

Add To Cart