New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

Vault-Associate Questions and Answers

Question # 6

Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

A.

PKI

B.

Key/Value secrets engine version 2, with TTL defined

C.

Cloud KMS

D.

Transit

Full Access
Question # 7

Which of the following vault lease operations uses a lease_id as an argument? Choose two correct answers.

A.

renew

B.

revoke -prefix

C.

create

D.

describe

E.

revoke

Full Access
Question # 8

To make an authenticated request via the Vault HTTP API, which header would you use?

A.

The X-Vault-Token HTTP Header

B.

The x-Vault-Request HTTP Header

C.

The Content-Type HTTP Header

D.

The X-Vault-Namespace HTTP Header

Full Access
Question # 9

You are using Vault's Transit secrets engine to encrypt your data. You want to reduce the amount of content encrypted with a single key in case the key gets compromised. How would you do this?

A.

Use 4096-bit RSA key to encrypt the data

B.

Upgrade to Vault Enterprise and integrate with HSM

C.

Periodically re-key the Vault's unseal keys

D.

Periodically rotate the encryption key

Full Access
Question # 10

What can be used to limit the scope of a credential breach?

A.

Storage of secrets in a distributed ledger

B.

Enable audit logging

C.

Use of a short-lived dynamic secrets

D.

Sharing credentials between applications

Full Access
Question # 11

When unsealing Vault, each Shamir unseal key should be entered:

A.

Sequentially from one system that all of the administrators are in front of

B.

By different administrators each connecting from different computers

C.

While encrypted with each administrators PGP key

D.

At the command line in one single command

Full Access
Question # 12

As a best practice, the root token should be stored in which of the following ways?

A.

Should be revoked and never stored after initial setup

B.

Should be stored in configuration automation tooling

C.

Should be stored in another password safe

D.

Should be stored in Vault

Full Access
Question # 13

Where do you define the Namespace to log into using the Vault Ul?

To answer this question

Use your mouse to click on the screenshot in the location described above. An arrow indicator will mark where you have clicked. Click the "Answer" button once you have positioned the arrow to answer the question. You may need to scroll down to see the entire screenshot.

Full Access
Question # 14

You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

A.

A data key encrypts the blob locally, and the same key decrypts the blob locally.

B.

To process such a large blob. Vault will temporarily store it in the storage backend.

C.

Vault will store the blob permanently. Be sure to run Vault on a compute optimized machine

D.

The transit engine is not a good solution for binaries of this size.

Full Access
Question # 15

Which of these is not a benefit of dynamic secrets?

A.

Supports systems which do not natively provide a method of expiring credentials

B.

Minimizes damage of credentials leaking

C.

Ensures that administrators can see every password used

D.

Replaces cumbersome password rotation tools and practices

Full Access
Question # 16

Which of the following describes the Vault's auth method component?

A.

It verifies a client against an internal or external system, and generates a token with the appropriate policies attached

B.

It verifies a client against an internal or external system, and generates a token with root policy

C.

It is responsible for durable storage of client tokens

D.

It dynamically generates a unique set of secrets with appropriate permissions attached

Full Access
Question # 17

A user issues the following cURL command to encrypt data using the transit engine and the Vault AP:

Which payload.json file has the correct contents?

A.

B.

C.

D.

Full Access