Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

HashiCorp Certified: Vault Associate (003) Exam

Last Update 2 hours ago Total Questions : 324

The HashiCorp Certified: Vault Associate (003) Exam content is now fully updated, with all current exam questions added 2 hours ago. Deciding to include HCVA0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our HCVA0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these HCVA0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any HashiCorp Certified: Vault Associate (003) Exam practice test comfortably within the allotted time.

Question # 61

In Vault, there are two main types of tokens, batch and service. Which of the following is true about the renewable capabilities of each?

A.

Batch tokens cannot be renewed, but service can be renewed up to the max TTL

B.

Tokens cannot be renewed without reauthenticating to Vault

C.

Service tokens cannot be renewed, but batch can be renewed up to the max TTL

D.

Both batch and service tokens can be renewed up to the max TTL

Question # 62

Kyle enabled the database secrets engine for dynamic credentials. Amy, the senior DBA, accidentally deleted the database users created by Vault, disrupting client applications. How can Kyle manually remove the leases in Vault?

A.

No action is required since the leases will eventually expire and be revoked

B.

Obtain the individual lease IDs from the application logs and remove them using the vault lease revoke command

C.

Use the command vault lease revoke -force flag to delete the leases

D.

Revoke all of the leases associated with the entire database secrets engine to be sure they are all removed

Question # 63

What command can be used to revoke all leases associated with a database role named prod-mysql?

A.

vault lease revoke database/role/prod-mysql

B.

vault lease revoke -prefix database/creds/prod-mysql

C.

vault revoke database/role/prod-mysql

D.

vault lease revoke database/creds/prod-mysql

Question # 64

What command would you use to enable the Kubernetes secrets engine at the path of /k8s-cluster?

A.

vault secrets enable -path=k8s-cluster kubernetes

B.

vault kv put k8s-cluster type=kubernetes

C.

vault write sys/mounts/k8s-cluster

D.

vault secrets enable kubernetes -path=k8s-cluster

Question # 65

Julie is a developer who needs to ensure an application can properly renew its lease for AWS credentials it uses to access data in an S3 bucket. Although the application would generally use the API, what is the equivalent CLI command to perform this action?

A.

vault renew aws/roles/s3-read-only/39e6b9a2-296-83d9-2fe0-c11e846bdc99

B.

vault lease renew aws/creds/s3-read-only/39e6b9a2-296-83d9-2fe0-c11e846bdc99

C.

vault lease renew aws/roles/s3-read-only/39e6b9a2-296-83d9-2fe0-c11e846bdc99

D.

vault lease renew aws/creds/s3-read-only

Question # 66

What features are offered by the Vault Agent? (Select three)

A.

Auditing

B.

Templating

C.

Auto-auth

D.

Secret caching

Question # 67

Suzy is a Vault user that needs to create and replace values at the path secrets/automation/apps/chef. Does the following policy permit her the permissions to do so?

text

CollapseWrapCopy

path " secrets/automation/apps/chef " {

capabilities = [ " create " , " read " , " list " ]

}

A.

No, the policy would deny Suzy from performing certain actions

B.

Yes, the policy has appropriate permissions

Question # 68

True or False? You can create and update Vault policies using the UI.

A.

True

B.

False

Question # 69

You have ciphertext stored in an Amazon S3 bucket encrypted by the key named prod-customer. Will Vault decrypt this data with the command vault write transit/decrypt/prod-customer ciphertext= " vault:v4:Xa1f9FIJtn13em/Wb7QCsXsU/kCOn7... " given this output?

    $ vault read transit/keys/prod-customer

    Key Value

    --- -----

    ...

    keys map[4:1549347108 5:1549347109 6:1549347110]

    latest_version 6

    min_available_version 0

    min_decryption_version 4

    min_encryption_version 0

Will Vault decrypt this data for you by running the following command?

    $ vault write transit/decrypt/prod-customer ciphertext= " vault:v4:Xa1f9FIJtn13em/Wb7QCsXsU/kCOn7... "

A.

Yes, because the minimum decryption key configuration is set to 4

B.

No, since the latest version of the key is 6

Question # 70

True or False? Once you authenticate to Vault using the API, subsequent requests will automatically be permitted without further interaction.

A.

True

B.

False

Go to page: