1. Home
  2. HashiCorp
  3. VA-002-P

HashiCorp Certified: Vault Associate

Exam Details

  • Exam Code
    :VA-002-P
  • Exam Name
    :HashiCorp Certified: Vault Associate
  • Certification
    :HashiCorp Certifications
  • Vendor
    :HashiCorp
  • Total Questions
    :257 Q&As
  • Last Updated
    :Dec 19, 2024

HashiCorp HashiCorp Certifications VA-002-P Questions & Answers

  • Question 141:

    What is the Consul Agent?

    A. a process that registers services with Consul

    B. an agent that runs in the background to provide additional features for Consul

    C. the core process of Consul which maintains membership information, manages services, runs checks, responds to queries, and more.

    D. a daemon that Vault uses to register auth methods across all of its clusters to ensure consistency among the data written to disk

  • Question 142:

    When registering a plugin with Vault, where would you configure the location where the binaries are located in order for Vault to properly register the plugin?

    A. in the Vault configuration file using plugin_directory=

    B. in the UI underneath the plugin tab

    C. in the plugin configuration file using directory=

    D. within the CLI command when registering a plug

  • Question 143:

    Which of the following policies would permit a user to generate dynamic credentials on a database?

    A. path "database/creds/read_only_role" { capabilities = ["read"] }

    B. path "database/creds/read_only_role" { capabilities = ["generate"] }

    C. path "database/creds/read_only_role" { capabilities = ["list"] }

    D. path "database/creds/read_only_role" { capabilities = ["sudo"] }

  • Question 144:

    You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?

    A. disaster recovery replication

    B. single-node replication

    C. performance replication

    D. end-to-end replication

  • Question 145:

    You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

    A. a vault policy is preventing you from logging in

    B. the vault configuration file has an incorrect configuration

    C. the consul storage backend was not configured correctly

    D. vault needs to be initialized before it can be used

  • Question 146:

    True or False:

    Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to

    include the features of a KV v2 secrets engine.

    A. True

    B. False

  • Question 147:

    When architecting a Vault replication configuration, why should you never terminate TLS on a front- end load balancer?

    A. If Vault detects that the traffic has been unencrypted and re-encrypted, due to the load balancer, it will automatically drop the traffic as it is no longer trusted.

    B. Vault generates self-signed mutual TLS for replication. If the LB is performing TLS termination, this will break the mutual TLS between nodes.

    C. Vault requires that only Consul service discovery can be used to direct traffic to an active Vault node.

    D. Vault replication won't work with the type of certificates that a traditional load balancer uses.

  • Question 148:

    After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?

    1.

    $ vault kv delete kv/applications/app01

    2.

    Success! Data deleted (if it existed) at: kv/applications/app01

    3.

    $ vault kv list kv/applications

    4.

    Keys

    5.

    ---

    6.

    app01

    A. vault kv metadata delete kv/applications/app01

    B. vault kv delete -all kv/applications/app01

    C. vault kv delete -force kv/applications/app01

    D. vault kv destroy -versions=1 kv/applications/app01

  • Question 149:

    While Vault provides businesses tons of functionality out of the box, what feature allows you to extend its functionality with solutions written by third-party providers?

    A. vault agent

    B. namespaces

    C. plugin backend

    D. control groups

  • Question 150:

    An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like? Requirement: Each user can perform all operations on their allocated key/value secret path

    A. path "user-kv/data/{{identity.entity.name}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ] }

    B. path "user-kv/data/{{identity.entity.id.name}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ] }

    C. path "user-kv/data/{{identity.entity.aliases.<>.id}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ] }

    D. path "user-kv/data/{{user}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ] }

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HashiCorp exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your VA-002-P exam preparations and HashiCorp certification application, do not hesitate to visit our Vcedump.com to find your solutions here.