Free HashiCorp Vault-Associate Exam Questions

You have a new team member on the Vault operations team. Their first task is to rotate the encryption key in Vault as part of the organization's security policy. However, when they log in, they get an access denied error when attempting to rotate the key. The policy being used is below. Why can't the user rotate the encryption key? path "auth/*" { capabilities = ["create", "read", "update", "delete", "list"] } path "sys/rotate" { capabilities = ["read", "update"] }

True or False? Once the lease for a dynamic secret has expired, Vault revokes the credentials on the backend platform for which they were created (i.e., database, AWS, Kubernetes).

True or False? The Vault Secrets Operator does NOT encrypt client cache, such as Vault tokens and leases, by default in Kubernetes Secrets. 

Your organization runs workloads on both AWS and Azure for production applications. The security team has requested that a single Vault authentication mechanism be enabled to support applications on both public cloud platforms. Which of the following would be a valid auth method you can use?  

Where can you set the Vault seal configuration? Choose two correct answers.