CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 13)

Page 13 of 51
PDF with 200 Questions

Which of the following Vault features is available only in the Enterprise version? (select three)

  1. MFA
  2. dynamic credentials
  3. cloud auto unseal
  4. replication
  5. auto unseal with HSM

Answer(s): A,D,E

Explanation:

Most of the important features of Vault are available in the open-source version, however, some of the features which are generally required by large organizations are only available in the Enterprise version such as:-
- MFA - Multi-factor Authentication
- Replication
- Auto unseal with HSM and many more.
Check all the features at the below link.


Reference:

https://www.hashicorp.com/products/vault/pricing/



Permissions for Vault backend functions are available at which path?

  1. security/
  2. admin/
  3. backend/
  4. system/
  5. vault/
  6. sys/

Answer(s): F

Explanation:

All backend system functions stored in the sys/ backend. The system backend is a default backend in Vault that is mounted at the /sys endpoint. This endpoint cannot be disabled or moved, and is used to configure Vault and interact with many of Vault's internal features.



An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like? Requirement: Each user can perform all operations on their allocated key/value secret path

  1. path "user-kv/data/{{identity.entity.name}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ] }
  2. path "user-kv/data/{{identity.entity.id.name}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ] }
  3. path "user-kv/data/{{identity.entity.aliases.<<mount accessor>>.id}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ] }
  4. path "user-kv/data/{{user}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ] }

Answer(s): A

Explanation:

Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault. The policy template makes it very flexible to customize the environment. By using parameters within
your template, you can have Vault "insert" a value into the path based upon things like identity values, group membership, and metadata associated with either the user's identity or group they are a member of.
Using the parameter, the path user-kv/data/{{identity.entity.name}}/* converts to user- kv/data/student01/*



While Vault provides businesses tons of functionality out of the box, what feature allows you to extend its functionality with solutions written by third-party providers?

  1. vault agent
  2. namespaces
  3. plugin backend
  4. control groups

Answer(s): C

Explanation:

Plugin backends are the components in Vault that can be implemented separately from Vault's built- in backends. These backends can be either authentication or secrets engines. All Vault auth and secret backends are considered plugins. This simple concept allows both built-in and external plugins to be treated like Legos. Any plugin can exist at multiple different locations. Different versions of a plugin may be at each one, with each version differing from Vault's version.


Reference:

https://www.vaultproject.io/docs/plugin
https://www.vaultproject.io/docs/internals/plugins



Page 13 of 51



Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Bruno commented on October 10, 2023
PDF is Vault, EXM is Teraform.
UNITED STATES
upvote