• Home
  • Articles
  • Vault-Associate-002 Exam Dumps - Try Best Vault-Associate-002 Exam Questions from Training Expert PrepPDF [Q10-Q28]

Vault-Associate-002 Exam Dumps - Try Best Vault-Associate-002 Exam Questions from Training Expert PrepPDF [Q10-Q28]

Share

Vault-Associate-002 Exam Dumps - Try Best Vault-Associate-002 Exam Questions from Training Expert PrepPDF

Practice Examples and Dumps & Tips for 2026 Latest Vault-Associate-002 Valid Tests Dumps

NEW QUESTION # 10
The key/value v2secrets engine is enabled at secret/. See the following policy:

Which of the following operations are permitted by this policy? (Choose two.)

  • A. vault kv delete secret/super-secret
  • B. vault kv list secret/super-secret
  • C. vault kv get secret/webapp1
  • D. vault kv metadata get secret/webapp1
  • E. vault kv put secret/webapp1 apikey-"ABCDEFGHIDK123W"

Answer: C,E


NEW QUESTION # 11
Examine the command below. Output has been trimmed.

Which of the following statements describe the command and its output?

  • A. Generated token is an orphan token which can be renewed indefinitely
  • B. Generated token's TTL is 60 hours
  • C. Configures the AppRole auth method with user specified role ID and secret ID
  • D. Missing a default token policy

Answer: C


NEW QUESTION # 12
Which of the following is a machine-oriented Vault authentication backend?

  • A. Transit
  • B. AppRole
  • C. GitHub
  • D. Okta

Answer: B


NEW QUESTION # 13
Which statement describes the results of this command: $ vault secrets enable - version=2 kv(Choose two.)

  • A. Enables K/V v1 secrets engine
  • B. Enables the secrets engine at path kv2/
  • C. The -versionis an invalid flag
  • D. Enables the secrets engine at path kv/
  • E. Enables K/V v2 secrets engine

Answer: D,E


NEW QUESTION # 14
How many Shamir's key shares are required to unseal a Vault instance?

  • A. All key shares
  • B. A quorum of key shares
  • C. One or more keys
  • D. The threshold number of key shares

Answer: D


NEW QUESTION # 15
To make an authenticated request via the Vault HTTP API, which header would you use?

  • A. The X-Vault-RequestHTTP Header
  • B. The X-Vault-TokenHTTP Header
  • C. The Content-TypeHTTP Header
  • D. The X-Vault-NamespaceHTTP Header

Answer: B


NEW QUESTION # 16
When unsealing Vault each Shamir unseal key should be entered:

  • A. At the command line in one single command
  • B. While encrypted with each administrators PGP key
  • C. Sequentially from one system that all of the administrators are in front of
  • D. By different administrators each connecting from different computers

Answer: D


NEW QUESTION # 17
Which of these is not a benefit of dynamic secrets?

  • A. Supports systems which do not natively provide a method of expiring credentials
  • B. Ensures that administrators can see every password used
  • C. Minimizes damage of credentials leaking
  • D. Replaces cumbersome password rotation tools and practices

Answer: B


NEW QUESTION # 18
You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

  • A. The transit engine is not a good solution for binaries of this size.
  • B. A data key encrypts the blob locally, and the same key decrypts the blob locally.
  • C. Vault will store the blob permanently. Be sure to run Vault on a compute optimized machine.
  • D. To process such a large blob. Vault will temporarily store it in the storage backend.

Answer: A


NEW QUESTION # 19
How would you describe the value of using the Vault transit secrets engine?

  • A. The transit secrets engine ensures encryption in-transit and at-rest is enforced enterprise wide
  • B. Vault has an API that can be programmatically consumed by applications
  • C. The transit secrets engine relieves the burden of proper encryption/decryption from application developers and pushes the burden onto the operators of Vault
  • D. Encryption for application data is best handled by a storage system or database engine, while storing encryption keys in Vault

Answer: C


NEW QUESTION # 20
Which of the following statements are true about the defaultpolicy? (Choose two.)

  • A. Provides a common set of permissions and is included on all tokens by default
  • B. It is one of the built-in policies
  • C. Gives a super admin permissions, similar to a root user on a Linux machine
  • D. Vault upgrade will overwrite any update you made to the defaultpolicy
  • E. Can not be modified or deleted

Answer: A,B


NEW QUESTION # 21
Which of these are names of the replication methods available in Vault Enterprise? (Choose two.)

  • A. Disaster Recovery
  • B. Performance
  • C. Cluster sharping
  • D. Namespaces
  • E. Seal-Wrap

Answer: A,B


NEW QUESTION # 22
Security requirements demand that no secrets appear in the shell history. Which command does not meet this requirement?

  • A. generate-password | vault kv put secret/password value=-
  • B. vault kv put secret/password value=$SECRET_VALUE
  • C. vault kv put secret/password [email protected]
  • D. vault kv put secret/password value=itsasecret

Answer: D


NEW QUESTION # 23
Where can you set the Vault seal configuration? (Choose two.)

  • A. Cloud Provider KMS
  • B. Environment variables
  • C. Vault API
  • D. Vault CLI
  • E. Vault configuration file

Answer: B,E


NEW QUESTION # 24
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit, which of the following statements are true? (Choose two.)

  • A. Even if the attacker was able to access the raw data, they would only have encrypted bits (TLS in transit)
  • B. The keys can be rotated and min_decryption_version moved forward to ensure this data cannot be decrypted
  • C. You can rotate the encryption key so that the attacker won't be able to decrypt the data
  • D. The Vault administrator would need to seal the Vault server immediately

Answer: C,D


NEW QUESTION # 25
What command creates a secret with the key "my-password" and the value "53cr3t" at path "my- secrets" within the KV secrets engine mounted at "secret"?

  • A. vault kv write secret/my-secrets/my-password 53cr3t
  • B. vault kv put secret/my-secrets my-password-53cr3t
  • C. vault kv put secret/my-secrets/my-password 53cr3t
  • D. vault kv write 53cr3t my-secrets/my-password

Answer: C


NEW QUESTION # 26
Which of the following is a reason to rekey a Vault cluster? (Choose two.)

  • A. A keyholder joins or leaves the organization
  • B. A compliance mandate to rotate the master key at a regular interval
  • C. The rook token is lost
  • D. Adding additional Vault nodes to a cluster
  • E. Upgrading Vault Community Edition to Vault Enterprise

Answer: A,B


NEW QUESTION # 27
An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

  • A. True
  • B. False

Answer: B


NEW QUESTION # 28
......

Latest 100% Passing Guarantee - Brilliant Vault-Associate-002 Exam Questions PDF: https://passcertification.preppdf.com/HashiCorp/Vault-Associate-002-prepaway-exam-dumps.html

Related Articles

more
HashiCorp Vault-Associate-002 Certification Practice Exam