Vault Associate Certification Q21-Q30

  1. Vault Associate Certification Q1-Q10
  2. Vault Associate Certification Q11-Q20
  3. Vault Associate Certification Q21-Q30
  4. Vault Associate Certification Q31-Q40
  5. Vault Associate Certification Q41-Q50
  6. Vault Associate Certification Q51-Q60
  7. Vault Associate Certification Q61-Q70
  8. Vault Associate Certification Q71-Q80
  9. Vault Associate Certification Q81-Q84

Q21. What methods of authentication does Vault support? (Choose four.)

A. JWT/OIDC
B. AppRole
C. GitHub
D. MMSQL
E. PostgreSQL
F. Nomad
G. LDAP

Answer

A, B, C, G


Q22. Vault Agent allows client-side caching of tokens and leases. If the agent is shut down, those tokens and leases cached will be revoked.

A. True
B. False

Answer

B


Q23. Which kind of token can be renewed indefinitely?

A. Periodic token
B. Orphan token
C. Use-limit token
D. Root token
E. All of the above

Answer

A


Q24. You can use a response-wrapping token more than once for as long as it has not expired.

A. True
B. False

Answer

B


Q25. Which statement describes the results of this command: $ vault secrets enable -version=2 kv (Choose two.)

A. Enables the secrets engine at path kv2/
B. The -version is an invalid flag
C. Enables the secrets engine at path kv/
D. Enables K/V v1 secrets engine
E. Enables K/V v2 secrets engine

Answer

C, E


Q26. Which of these are names of the replication methods available in Vault Enterprise? (Choose two.)

A. Disaster Recovery
B. Cluster sharping
C. Namespaces
D. Seal-Wrap
E. Performance

Answer

A, E


Q27. What attributes are unique to batch tokens? (Choose three.)

A. Cannot be renewed
B. Are not persisted
C. Can be periodic
D. Have a set time-to-live (TTL)
E. Are persisted

Answer

A, B, D


Q28. You have manually created some usernames and passwords for a Microsoft SQL database on Azure, and need to store these credentials in Vault. What secrets engine should you use for this?

A. MSSQL database secrets engine
B. Key/Value secrets engine version 2
C. Azure secrets engine
D. Transit engine

Answer

B


Q29. To create a non-root token with time-to-live (TTL) set to 30 minutes but with no max TTL which flag would you use?

A. -ttl=30n
B. -explicit-max-ttl=0
C. -orphan
D. None of the above

Answer

A


Q30. A user successfully logs into Vault with the following cURL command: curl –request POST –data @payload.json http://127.0.0.1:8200/v1/auth/ldap/login/mitchellh
The response will include what information?

A. client_token and policies
B. access_key and policies
C. access_key and secrets available
D. client_token and secrets available

Answer

A

Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top