Vault Associate Certification Q61-Q70

  1. Vault Associate Certification Q1-Q10
  2. Vault Associate Certification Q11-Q20
  3. Vault Associate Certification Q21-Q30
  4. Vault Associate Certification Q31-Q40
  5. Vault Associate Certification Q41-Q50
  6. Vault Associate Certification Q51-Q60
  7. Vault Associate Certification Q61-Q70
  8. Vault Associate Certification Q71-Q80
  9. Vault Associate Certification Q81-Q84

Please Subscribe to Access the Premium Content

The remaining premium contents are locked. Please subscribe to the monthly newsletter to unlock the content for free.

We value your privacy and will never send irrelevant information.
Loading...

Q61. How would you describe the value of using the Vault transit secrets engine?

A. Vault has an API that can be programmatically consumed by applications
B. The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide
C. Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault
D. The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault

Answer

D

Q62. What is the Vault CLI command to query information about the token the client is currently using?

A. vault lookup token
B. vault token lookup
C. vault lookup self
D. vault self lookup

Answer

B

Q63. Which of the following is a machine-oriented Vault authentication backend?

A. Okta
B. AppRole
C. Transit
D. GitHub

Answer

B

Q64. Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

A. generate-password | vault kv put secret/password value=-
B. vault kv put secret/password value=itsasecret
C. vault kv put secret/password [email protected]
D. vault kv put secret/password value=$SECRET_VALUE

Answer

B

Q65. You can build a high availability Vault cluster with any storage backend.

A. True
B. False

Answer

B

Q66. What command creates a secret with the key “my-password” and the value “53cr3t” at path “my-secrets” within the KV secrets engine mounted at “secret”?

A. vault kv put secret/my-secrets/my-password 53cr3t
B. vault kv write secret/my-secrets/my-password 53cr3t
C. vault kv write 53cr3t my-secrets/my-password
D. vault kv put secret/my-secrets my-password-53cr3t

Answer

D

Q67. What can be used to limit the scope of a credential breach?

A. Storage of secrets in a distributed ledger
B. Enable audit logging
C. Use of a short-lived dynamic secrets
D. Sharing credentials between applications

Answer

C

Q68. What environment variable overrides the CLI’s default Vault server address?

A. VAULT_ADDR
B. VAULT_HTTP_ADDRESS
C. VAULT_ADDRESS
D. VAULT_HTTPS_ADDRESS

Answer

A

Q69. Which of the following statements describe the CLI command below?

$ vault login -method=ldap username=mitchellh

A. Generates a token which is response wrapped
B. You will be prompted to enter the password
C. By default, the generated token is valid for 24 hours
D. Fails because the password is not provided

Answer

D

Q70. The following three policies exist in Vault. What do these policies allow an organization to do?


path "transit/encrypt/my_app_key" {
   capabilities = ["update"]
}
path "transit/decrypt/my_app_key" {
   capabilities = ["update"]
}
path "transit/keys/my_app_key" {
   capabilities = ["read"]
}
path "transit/rewrap/my_app_key" {
   capabilities = ["update"]
}

A. Separates permissions allowed on actions associated with the transit secret engine
B. Nothing, as the minimum permissions to perform useful tasks are not present
C. Encrypt decrypt, and rewrap data using the transit engine all in one policy
D. Create a transit encryption key for encrypting, decrypting, and rewrapping encrypted data

Answer

A


Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top