HashiCorp Certified: Vault Associate (002) Exam Practice Test

Page: 1 / 14
Total 57 questions
Question 1
Question 2

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.



Answer : A, C

The policy shown in the image is:

path ''secret/data/webapp1'' { capabilities = [''create'', ''read'', ''update'', ''delete'', ''list''] }

path ''secret/data/super-secret'' { capabilities = [''deny''] }

This policy grants or denies access to the key/value v2 secrets engine mounted at secret/ according to the following rules:

The path ''secret/data/webapp1'' has the capabilities of ''create'', ''read'', ''update'', ''delete'', and ''list''. This means that the policy allows performing any of these operations on the secrets stored under this path.The data/ prefix is used to access the actual secret data in the key/value v2 secrets engine5.Therefore, the policy permits the operation of vault kv get secret/webapp1, which reads the secret data at secret/data/webapp16.

The path ''secret/data/super-secret'' has the capability of ''deny''. This means that the policy denies performing any operation on the secrets stored under this path. The policy overrides any other policy that might grant access to this path.Therefore, the policy does not permit the operations of vault kv delete secret/super-secret and vault kv list secret/super-secret, which delete and list the secret data at secret/data/super-secret respectively6.

The policy does not explicitly define any rules for the path ''secret/metadata''.The metadata/ prefix is used to access the metadata of the secrets in the key/value v2 secrets engine, such as the number of versions, the deletion status, the creation time, etc5.By default, if the policy grants any of the capabilities of ''create'', ''read'', ''update'', or ''delete'' on the data/ path, it also grants the same capabilities on the corresponding metadata/ path7.Therefore, the policy permits the operation of vault kv metadata get secret/webapp1, which reads the metadata of the secret at secret/metadata/webapp18.


Question 3
Question 4

Use this screenshot to answer the question below:

When are you shown these options in the GUI?



Answer : D

This screenshot is shown when you are enabling authentication methods in the GUI. Authentication methods are the ways users and applications authenticate with Vault. Vault supports many different authentication methods, including username and password, GitHub, and more. You can enable one or more authentication methods from the grid of options, which are divided into three categories: Generic, Cloud, and Infra. Each option has a name, a description, and a logo. You can also enable authentication methods using the Vault CLI or API.

Enabling policies, authentication engines, and secret engines are different tasks that are not related to this screenshot. Policies are rules that govern the access to Vault resources, such as secrets, authentication methods, and audit devices. Authentication engines are components of Vault that perform authentication and assign policies to authenticated entities. Secret engines are components of Vault that store, generate, or encrypt data. These tasks have different GUI pages and options than the screenshot.


[Authentication | Vault | HashiCorp Developer]

[Policies | Vault | HashiCorp Developer]

[Authentication | Vault | HashiCorp Developer]

[Secrets Engines | Vault | HashiCorp Developer]

Question 5

Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.



Answer : C, D

The replication methods available in Vault Enterprise are performance replication and disaster recovery replication. These methods allow critical data to be replicated across clusters to support horizontally scaling and disaster recovery workloads.

Performance replication enables a primary cluster to replicate data to one or more secondary clusters, which can handle client requests and improve performance and availability. Performance replication replicates most Vault data, such as secrets, policies, auth methods, and leases, but not tokens. Performance secondaries generate their own tokens and leases, which are not replicated back to the primary. Performance replication also supports filtering, which allows selective replication of data based on namespaces or paths.

Disaster recovery replication enables a primary cluster to replicate data to one or more secondary clusters, which act as standby clusters in case of a failure or outage of the primary. Disaster recovery replication replicates all Vault data, including tokens and leases, and maintains the same configuration and state as the primary. Disaster recovery secondaries do not handle client requests, but they can be promoted to a primary in a disaster recovery scenario.Reference:Replication - Vault Enterprise | Vault | HashiCorp Developer,Performance Replication - Vault Enterprise | Vault | HashiCorp Developer,Disaster Recovery Replication - Vault Enterprise | Vault | HashiCorp Developer


Question 6
Question 7
Page:    1 / 14   
Total 57 questions