Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 15)

Page 14 of 51
PDF with 200 Questions

After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?
1. $ vault kv delete kv/applications/app01
2. Success! Data deleted (if it existed) at: kv/applications/app01
3. $ vault kv list kv/applications
4. Keys
5. ----
6. app01

  1. vault kv metadata delete kv/applications/app01
  2. vault kv delete -all kv/applications/app01
  3. vault kv delete -force kv/applications/app01
  4. vault kv destroy -versions=1 kv/applications/app01

Answer(s): A

Explanation:

The kv metadata command has subcommands for interacting with the metadata and versions for the versioned secrets (K/V Version 2 secrets engine) at the specified path. The kv metadata delete command deletes all versions and metadata for the provided key.


Reference:

https://www.vaultproject.io/docs/commands/kv/metadata



When architecting a Vault replication configuration, why should you never terminate TLS on a front- end load balancer?

  1. If Vault detects that the traffic has been unencrypted and re-encrypted, due to the load balancer, it will automatically drop the traffic as it is no longer trusted.
  2. Vault generates self-signed mutual TLS for replication. If the LB is performing TLS termination, this will break the mutual TLS between nodes.
  3. Vault requires that only Consul service discovery can be used to direct traffic to an active Vault node.
  4. Vault replication won't work with the type of certificates that a traditional load balancer uses.

Answer(s): B

Explanation:

For replication (port 8201), Vault generates a mutual TLS connection between nodes using self- generated certs/keys (this is different than the TLS you configure in the listener, which is particular to client requests)... server-to-server always uses this mutual TLS, even if you have TLS disabled on the listener.


Reference:

https://www.vaultproject.io/docs/configuration/listener/tcp
https://www.vaultproject.io/docs/concepts/ha



True or False:
Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to include the features of a KV v2 secrets engine.

  1. True
  2. False

Answer(s): B

Explanation:

The kv enable-versioning command turns on versioning for an existing non-versioned key/value secrets engine (K/V Version 1) at its path.


Reference:

https://www.vaultproject.io/docs/commands/kv/enable-versioning



You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

  1. a vault policy is preventing you from logging in
  2. the vault configuration file has an incorrect configuration
  3. the consul storage backend was not configured correctly
  4. vault needs to be initialized before it can be used

Answer(s): D

Explanation:

Before Vault can be used, it must be initialized and unsealed. This screen indicates that Vault has not been initialized yet and is offering you a way to do so.






Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Exam Discussions & Posts