CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 19)

Page 19 of 51
PDF with 200 Questions

Your organization is running Vault open source and has decided it wants to use the Identity secrets engine. You log into Vault but are unable to find it in the list to enable. What gives?

  1. because you are running open-source and the identity secrets engine is an Enterprise feature, it is not available to enable.
  2. the identity secrets engine was deprecated in previous versions
  3. this secrets engine will be mounted by default.
  4. the policy attached to your user doesn't allow access to the Identity secrets engine.

Answer(s): C

Explanation:

The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault. This secrets engine will be mounted by default. This secrets engine cannot be disabled or moved.


Reference:

https://www.vaultproject.io/docs/secrets/identity



What are the primary benefits of running Vault in a production deployment over dev server mode? (select two)

  1. ability to enable auth methods
  2. persistent storage
  3. encryption via TLS
  4. faster deployment
  5. access to all of the secret engines

Answer(s): B,C

Explanation:

Dev server mode stores its data in memory, therefore if the Vault service is shut down, any data stored will be lost. Additionally, dev server mode does not use TLS, and all data is sent in cleartext.



You've deployed Vault in your production environment and are curious to understand metrics on your Vault cluster, such as the number of writes to the backend, the status of WALs, and the seal status. What feature would you configure in order to view these metrics?

  1. audit device
  2. telemetry
  3. nothing to configure, these are available in the Vault log found on the OS
  4. enable logs for each individual secrets engines

Answer(s): B

Explanation:

The Vault server process collects various runtime metrics about the performance of different libraries and subsystems. These metrics are aggregated on a ten-second interval and are retained for one minute. This telemetry information can be used for debugging or otherwise getting a better view of what Vault is doing.
Telemetry information can be streamed directly from Vault to a range of metrics aggregation solutions as described in the telemetry Stanza documentation.


Reference:

https://www.vaultproject.io/docs/internals/telemetry



You want to encrypt a credit card number using the transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?
1. $ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121"
2. Error writing data to transit/encrypt/orders: Error making API request.
3.
4. URL: PUT http://10.25.16.165:8200/v1/transit/encrypt/creditcards
5. Code: 400. Errors:
6.
7. * illegal base64 data at input byte 4

  1. credit card numbers are not supported using the transit secrets engine since it is considered sensitive data
  2. the token used to issue the encryption request does not have the appropriate permissions
  3. the plain text data needs to be encoded to base64
  4. the credit card number should not include spaces

Answer(s): C

Explanation:

When you send data to Vault for encryption, it must be in the form of base64-encoded plaintext for safe transport.



Page 19 of 51



Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Bruno commented on October 10, 2023
PDF is Vault, EXM is Teraform.
UNITED STATES
upvote