CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 17)

Page 17 of 51
PDF with 200 Questions

By default, the max TTL for a token is how many days?

  1. 14 days
  2. 32 days
  3. 31 days
  4. 7 days

Answer(s): B

Explanation:

The system max TTL, which is 32 days but can be changed in Vault's configuration file. The max TTL set on a mount using mount tuning. This value is allowed to override the system max TTL -- it can be longer or shorter, and if set this value will be respected. A value suggested by the auth method that issued the token. This might be configured on a per-role, per-group, or per-user basis. This value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer.


Reference:

https://www.vaultproject.io/docs/concepts/tokens



What could you do with the feature found in the screenshot below? (select two)

  1. encrypt the Vault master key that is stored in memory
  2. using a short TTL, you could encrypt data in order to place only the encrypted data in Vault
  3. encrypt sensitive data to send to a colleague over email
  4. use response-wrapping to protect data

Answer(s): C,D

Explanation:

Vault includes a feature called response wrapping. When requested, Vault can take the response it would have sent to an HTTP client and instead insert it into the cubbyhole of a single-use token, returning that single-use token instead.



You've logged into the Vault CLI and attempted to enable an auth method, but received this error message. What can be done to resolve the error and configure Vault? Error enabling userpass auth: Post https://127.0.0.1:8200/v1/sys/auth/userpass: http: server gave HTTP response to HTTPS client

  1. change 'userpass' to 'username and password'
  2. restart the Vault service on this node
  3. set the VAULT_ADDR environment variable to HTTP
  4. ask an admin to grant you permission to enable the userpass auth method

Answer(s): C

Explanation:

If you're running Vault in a non-prod environment, you can configure Vault to disable TLS. In this case, TLS has been disabled but the default value for VAULT_ADDR is https://127.0.0.1:8200, therefore Vault is sending the request over HTTPS but Vault is responding using HTTP since TLS is disabled.
To handle this error, set the VAULT_ADDR environment variable to "http://127.0.0.1:8200".



After decrypting data using the transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?
1. $ vault write transit/decrypt/creditcard\
ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \ 2.
3. Key Value
4. --- -----
5. plaintext Y3JlZGl0LWNhcmQtbnVtYmVyCg==

  1. The resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 -- decode command.
  2. The data is corrupted. Execute the encryption command again using a different data key
  3. the user doesn't have permission to decrypt the data, therefore Vault returns false data so as not to reveal if the data was actually encrypted by Vault
  4. Vault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

Answer(s): A

Explanation:

All plaintext data must be base64-encoded. The reason for this requirement is that Vault does not require that the plaintext is "text". It could be a binary file such as a PDF or image. The easiest safe transport mechanism for this data as part of a JSON payload is to base64-encode it.


Reference:

https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit



Page 17 of 51



Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Bruno commented on October 10, 2023
PDF is Vault, EXM is Teraform.
UNITED STATES
upvote