Vault Associate Certification Q11-Q20

  1. Vault Associate Certification Q1-Q10
  2. Vault Associate Certification Q11-Q20
  3. Vault Associate Certification Q21-Q30
  4. Vault Associate Certification Q31-Q40
  5. Vault Associate Certification Q41-Q50
  6. Vault Associate Certification Q51-Q60
  7. Vault Associate Certification Q61-Q70
  8. Vault Associate Certification Q71-Q80
  9. Vault Associate Certification Q81-Q84

Q11. Which of the following is the correct option to authenticate to Vault using a token using the CLI?

A. A token can be used to authenticate to Vault through the API, not the CLI or the UI
B. vault login
C. vault
D. A token cannot be used to authenticate to Vault

Answer

B

Q12. A child token must be assigned the same or a subset of the parent token’s policies.

A. True
B. False

Answer

A

Q13. When enabling auto-unseal, how do you specify the seal type? (Choose two.)

A. Set the VAULT_SEAL_TYPE environment variable
B. Use the /sys/seal endpoint on the Vault API
C. Create a seal block in the server configuration file
D. Configure in the storage block of the server configuration file
E. Use the vault operator command

Answer

C, E

Q14. To encrypt your secret with the transit secrets engine, you must send the Base32-encoded plaintext to Vault.

A. True
B. False

Answer

B

Q15. Vault Agent supports which of the following? (Choose two.)

A. Secrets Cachin
B. Local key/value store
C. Local replica of transit encryption key
D. Auto-unseal Vault
E. Auto authentication

Answer

A, E

Q16. Which is not true of Vault tokens?

A. Vault tokens are the core method for authentication in Vault
B. Vault tokens are generated by every authentication method login
C. Vault tokens map to information including polices the token holder has, TTL and max usage, metadata, creation and last renewal time, and more
D. Vault tokens are required for every Vault call

Answer

D

Q17. When using Integrated Storage, which of the following should you do to recover from possible data loss?

A. Use local storage
B. Enable audit device
C. Use snapshot
D. Use external storage

Answer

D

Q18. Which of the following is a reason to rekey a Vault cluster? (Choose two.)

A. A keyholder joins or leaves the organization
B. Adding additional Vault nodes to a cluster
C. The rook token is lost
D. A compliance mandate to rotate the master key at a regular interval
E. Upgrading Vault Community Edition to Vault Enterprise

Answer

A, D

Q19. What information is required to revoke a Vault lease?

A. Secret ID
B. User ID
C. Lease ID
D. Token ID

Answer

C

Q20. What is a secret in the context of Vault?

A. HTTP session token that provides authorization to Vault
B. Threshold of keys required to unseal the Vault
C. Anything stored or returned that contains confidential material
D. Engine responsible for logging all requests and responses

Answer

C

Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top