ExamGecko
Home / HashiCorp / Vault Associate 002
Ask Question

Vault Associate 002: HashiCorp Certified: Vault Associate (002)

Vendor:
Exam Questions:
57
 Learners
  2.370
Last Updated
April - 2025
Language
English
2 Quizzes
PDF | VPLUS
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
HashiCorp Vault Associate 002 Practice Tests

Related questions

You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like?

Become a Premium Member for full access
  Unlock Premium Member

A developer mistakenly committed code that contained AWS S3 credentials into a public repository. You have been tasked with revoking the AWS S3 credential that was in the code. This credential was created using Vault's AWS secrets engine and the developer received the following output when requesting a credential from Vault.

HashiCorp Vault Associate 002 image Question 57 30671 09182024192100000000

Which Vault command will revoke the lease and remove the credential from AWS?

Become a Premium Member for full access
  Unlock Premium Member

Use this screenshot to answer the question below:

HashiCorp Vault Associate 002 image Question 48 30662 09182024192100000000

Where on this page would you click to view a secret located at secret/my-secret?

Become a Premium Member for full access
  Unlock Premium Member

A user issues the following cURL command to encrypt data using the transit engine and the Vault AP:

HashiCorp Vault Associate 002 image Question 39 30653 09182024192100000000

Which payload.json file has the correct contents?

Become a Premium Member for full access
  Unlock Premium Member

An authentication method should be selected for a use case based on:

Become a Premium Member for full access
  Unlock Premium Member

What can be used to limit the scope of a credential breach?

Become a Premium Member for full access
  Unlock Premium Member

What does the following policy do?

HashiCorp Vault Associate 002 image Question 3 30617 09182024192100000000

Grants access for each user to a KV folder which shares their id
Grants access for each user to a KV folder which shares their id
Grants access to a special system entity folder
Grants access to a special system entity folder
Allows a user to read data about the secret endpoint identity
Allows a user to read data about the secret endpoint identity
Nothing, this is not a valid policy
Nothing, this is not a valid policy
Suggested answer: C
Explanation:

This policy allows a user to read data about the secret endpoint identity. The policy grants the user the ability to create, update, read, and delete data in the ''secret/data/{identity.entity.id}'' path. Additionally, the user is allowed to list data in the ''secret/metadata/{identity.entity.id}'' path. This policy is useful for users who need to access information about the secret endpoint identity.

The secret endpoint identity is a feature of the Identity Secrets Engine, which allows Vault to generate identity tokens that can be used to access other Vault secrets engines or namespaces. The identity tokens are based on the entity and group information of the user or machine that authenticates with Vault. The entity is a unique identifier for the user or machine, and the group is a collection of entities that share some common attributes. The identity tokens can carry metadata and policies that are associated with the entity and group.

The ''secret/data/{identity.entity.id}'' path is where the user can store and retrieve data that is related to the secret endpoint identity. For example, the user can store some configuration or preferences for the secret endpoint identity in this path. The ''secret/metadata/{identity.entity.id}'' path is where the user can list the metadata of the data stored in the ''secret/data/{identity.entity.id}'' path. For example, the user can list the version, creation time, deletion time, and destroy time of the data in this path.

[Identity - Secrets Engines | Vault | HashiCorp Developer]

[KV - Secrets Engines | Vault | HashiCorp Developer]

asked 18/09/2024
JULIUS BALNEG
42 questions

Which statement describes the results of this command: $ vault secrets enable transit

Become a Premium Member for full access
  Unlock Premium Member

Where does the Vault Agent store its cache?

Become a Premium Member for full access
  Unlock Premium Member

Which of these is not a benefit of dynamic secrets?

Supports systems which do not natively provide a method of expiring credentials
Supports systems which do not natively provide a method of expiring credentials
Minimizes damage of credentials leaking
Minimizes damage of credentials leaking
Ensures that administrators can see every password used
Ensures that administrators can see every password used
Replaces cumbersome password rotation tools and practices
Replaces cumbersome password rotation tools and practices
Suggested answer: C
Explanation:

Dynamic secrets are generated on-demand by Vault and have a limited time-to-live (TTL). They do not ensure that administrators can see every password used, as they are often encrypted and ephemeral. The benefits of dynamic secrets are:

They support systems that do not natively provide a method of expiring credentials, such as databases, cloud providers, SSH, etc. Vault can revoke the credentials when they are no longer needed or when the lease expires.

They minimize the damage of credentials leaking, as they are short-lived and can be easily rotated or revoked. If a credential is compromised, the attacker has a limited window of opportunity to use it before it becomes invalid.

They replace cumbersome password rotation tools and practices, as Vault can handle the generation and revocation of credentials automatically and securely. This reduces the operational overhead and complexity of managing secrets.

asked 18/09/2024
Geetanjali Singh
40 questions