Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)

exams

4 years ago

Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)
A . Transit
B . HSM
C . AWS KMS
D . Key Shards
E . Azure KMS

Answer: A,B,C,E

Explanation:

When a Vault server is started, it starts in a sealed state and it does not know how to decrypt data. Before any operation can be performed on the Vault, it must be unsealed. Unsealing is the process of constructing the master key necessary to decrypt the data encryption key.

Below are links covering details of each option: -https://www.vaultproject.io/docs/concepts/seal

AWS KMS

https://learn.hashicorp.com/vault/operations/ops-autounseal-aws-kms

Auto-unseal using Transit Secrets Engine

https://learn.hashicorp.com/vault/operations/autounseal-transit

Auto-unseal using Azure Key Vault

https://learn.hashicorp.com/vault/day-one/autounseal-azure-keyvault

Auto-unseal using HSM

https://learn.hashicorp.com/vault/operations/ops-seal-wrap

Key shards don’t support auto unseal instead key shards require the user to provide unseal

keys to reconstruct the master key

https://www.vaultproject.io/docs/concepts/seal

Latest VA-002-P Dumps Valid Version with 200 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download VA-002-P PDF VA-002-P Questions Online Training