VA-002-P

What happens to child tokens when a parent token is revoked?A . the child tokens are renewedB . the child tokens are converted to parent tokensC . the child tokens create their own child tokens to be usedD . the child tokens are revokedView AnswerAnswer: D Explanation: When a parent...

http://127.0.0.1:8200/v1/sys/tools/random/164A . a random string of 164 charactersB . a random token valid for 164 usesC . NoneD . a secured secret based on 164 bytes of dataView AnswerAnswer: A Explanation: This endpoint returns high-quality random bytes of the specified length.

You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would...

}A . data sourceB . dynamic blockC . local valuesD . conditional expressionView AnswerAnswer: B Explanation: You can dynamically construct repeatable nested blocks like ingress using a special dynamic block type, which is supported inside resource, data, provider, and provisioner blocks

True or False: When encrypting data with the transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.A . FalseB . TrueView AnswerAnswer: A Explanation: Vault doesn't store the data sent to the secrets engine. The transit secrets engine handles cryptographic...

}A . The EC2 instance labeled web_serverB . The EIP with an id of ami-2757f631C . The AMI used for the EC2 instanceD . The S3 bucket labeled company_dataView AnswerAnswer: A Explanation: The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance...

}A . anything they want to within VaultB . ability to enable a secret engine at the path *C . only make changes to policiesD . nothing, since the policy doesn't specify any specific pathsView AnswerAnswer: A Explanation: All interactions with Vault are done through its pathing structure. If you...

Select two answers to complete the following sentence: Before a new provider can be used, it must be ______ and _______.A . approved by HashiCorpB . declared in the configurationC . initializedD . uploaded to source controlView AnswerAnswer: B,C Explanation: Each time a new provider is added to configuration --...

Which of the following policies would permit a user to generate dynamic credentials on a database?A . path "database/creds/read_only_role" { capabilities = ["read"] }B . path "database/creds/read_only_role" { capabilities = ["generate"] }C . path "database/creds/read_only_role" { capabilities = ["list"] }D . path "database/creds/read_only_role" { capabilities = ["sudo"] }View AnswerAnswer: A...

Vault secrets engines are used to do what with data? (select three)A . copyB . generateC . storeD . transmitE . encryptView AnswerAnswer: B,C,E Explanation: Vault secrets engines are used to store, generate, or encrypt data. The KV secrets engine can store data, AWS can generate credentials, and the transit...