CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 23)

Page 23 of 51
PDF with 200 Questions

Given the policy below, what would the user be able to access?
1. path "*" {
2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]
3. }

  1. anything they want to within Vault
  2. ability to enable a secret engine at the path *
  3. only make changes to policies
  4. nothing, since the policy doesn't specify any specific paths

Answer(s): A

Explanation:

All interactions with Vault are done through its pathing structure. If you create a policy with a wildcard, you are giving them access to any path within Vault



Beyond encryption and decryption of data, which of the following is not a function of the Vault transit secrets engine?

  1. generate hashes and HMACs of data
  2. sign and verify data
  3. act as a source of random bytes
  4. store the encrypted data securely in Vault for retrieval

Answer(s): D

Explanation:

Vault doesn't store the data sent to the secrets engine. The transit secrets engine handles cryptographic functions on data-in-transit. It can also be viewed as "cryptography as a service" or "encryption as a service". The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes.



What is the proper command to enable the AWS secrets engine at the default path?

  1. vault enable secrets aws
  2. vault secrets aws enable
  3. vault secrets enable aws
  4. vault enable aws secrets engine

Answer(s): C

Explanation:

The command format for enabling Vault features is vault <feature> <enable/disable> <name>, therefore the correct answer would be vault secrets enable aws



By default, how long does the transit secrets engine store the resulting ciphertext?

  1. 24 hours
  2. 32 days
  3. transit does not store data
  4. 30 days

Answer(s): C

Explanation:

Vault does NOT store any data encrypted via the transit/encrypt endpoint. The output you received is the ciphertext. You can store this ciphertext at the desired location (e.g. MySQL database) or pass it to another application.



Page 23 of 51



Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Bruno commented on October 10, 2023
PDF is Vault, EXM is Teraform.
UNITED STATES
upvote