HashiCorp VA-002-P Based on Real Exam Environment

HashiCorp Certified: Vault Associate Questions and Answers

Question 17

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

Options:

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

path "secret/apps/*" {

capabilities = ["deny"]

}

path "secret/apps/confidential" {

capabilities = ["deny"]

}

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

Question 18

You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

Options:

a vault policy is preventing you from logging in

the vault configuration file has an incorrect configuration

the consul storage backend was not configured correctly

vault needs to be initialized before it can be used

Question 19

What is a downside to using a Terraform provider, such as the Vault provider, to interact with sensitive data, such as reading secrets from Vault?

Options:

Terraform and Vault must be running on the same physical host

Terraform and Vault must be running on the same version

Terraform requires a unique auth method to work with Vault

Secrets are persisted to the state file and plans

Question 20

By default, the max TTL for a token is how many days?

Options:

14 days

32 days

31 days

7 days

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

HashiCorp VA-002-P Based on Real Exam Environment

HashiCorp Certified: Vault Associate Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: