Free HashiCorp Vault-Associate Exam Questions
Try our Free Demo Practice Tests for Comprehensive Vault-Associate Exam Preparation
-
HashiCorp Vault-Associate Exam Questions
-
Provided By: HashiCorp
- Exam: HashiCorp Certified: Vault Associate (002)
- Certification: HashiCorp Security Automation
-
Total Questions: 288
-
Updated On: Jun 03, 2025
-
Rated: 4.9 |
-
Online Users: 576
-
Question 1
-
How long does the Transit secrets engine store the resulting ciphertext by default?
Answer: D
-
How long does the Transit secrets engine store the resulting ciphertext by default?
-
Question 2
-
Your organization runs workloads on both AWS and Azure for production applications. The security team has requested that a single Vault authentication mechanism be enabled to support applications
on both public cloud platforms. Which of the following would be a valid auth method you can use?
Answer: C
-
Your organization runs workloads on both AWS and Azure for production applications. The security team has requested that a single Vault authentication mechanism be enabled to support applications
on both public cloud platforms. Which of the following would be a valid auth method you can use?
-
Question 3
-
You have a new team member on the Vault operations team. Their first task is to rotate the
encryption key in Vault as part of the organization's security policy. However, when they log in, they
get an access denied error when attempting to rotate the key. The policy being used is below. Why can't the user rotate the encryption key?
path "auth/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "sys/rotate" {
capabilities = ["read", "update"]
}
Answer: A
-
You have a new team member on the Vault operations team. Their first task is to rotate the
encryption key in Vault as part of the organization's security policy. However, when they log in, they
get an access denied error when attempting to rotate the key. The policy being used is below. Why can't the user rotate the encryption key?
path "auth/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "sys/rotate" {
capabilities = ["read", "update"]
}
-
Question 4
-
You want to encrypt a credit card number using the Transit secrets engine. You enter the following
command and receive an error. What can you do to ensure that the credit card number is properly
encrypted and the ciphertext is returned?
$ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121"
Error: * illegal base64 data at input byte 4
Answer: A
-
You want to encrypt a credit card number using the Transit secrets engine. You enter the following
command and receive an error. What can you do to ensure that the credit card number is properly
encrypted and the ciphertext is returned?
$ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121"
Error: * illegal base64 data at input byte 4
-
Question 5
-
True or False? When encrypting data with the Transit secrets engine, Vault always stores the
ciphertext in a dedicated KV store along with the associated encryption key.
Answer: B
-
True or False? When encrypting data with the Transit secrets engine, Vault always stores the
ciphertext in a dedicated KV store along with the associated encryption key.