Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 25)

Page 24 of 51
PDF with 200 Questions

Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)

  1. path "secrets/apps/my_secret" {
    capabilities = ["create"]
    allowed_parameters = {
    "foo" = []
    }
    }
  2. path "secrets/+/my_secret" {
    capabilities = ["create"]
    allowed_parameters = {
    "*" = ["bar"]
    }
    }
  3. path "secrets/apps/my_secret" {
    capabilities = ["update"]
    }
  4. path "secrets/apps/*" {
    capabilities = ["create"]
    allowed_parameters = {
    "foo" = ["bar", "zip"]
    }
    }

Answer(s): A,B

Explanation:

Setting a parameter with a value of the empty list allows the parameter to contain any value. Setting a parameter with a value of a populated list allows the parameter to contain only those values.
If any keys are specified, all non-specified parameters will be denied unless the parameter "*" is set to an empty array, which will allow all other parameters to be modified. Parameters with specific values will still be restricted to those values.



From the options below, select the benefits of using the PKI (certificates) secrets engine: (select three)

  1. TTLs on Vault certs are longer to ensure certificates are valid for a longer period of time
  2. Vault can act as an intermediate CA
  3. reducing, or eliminating certificate revocations
  4. reduces time to get a certificate by eliminating the need to generate a private key and CSR

Answer(s): B,C,D

Explanation:


Reference:

https://www.vaultproject.io/docs/secrets/pki



What type of policy is shown below?
1. key_prefix "vault/" {
2. policy = "write"
3. }

4. node_prefix "" {
5. policy = "write"
6. }
7. service "vault" {
8. policy = "write"
9. }
10. agent_prefix "" {
11. policy = "write"
12. }
13. session_prefix "" {
14. policy = "write"
15. }

  1. Vault policy allowing access to certain paths
  2. Consul ACL policy for a Vault node
  3. Consul configuration policy to enable Consul features
  4. Vault token policy is written for a user

Answer(s): B

Explanation:

If using ACLs in Consul, you'll need appropriate permissions. For Consul 0.8, these policies will work for most use-cases, assuming that your service name is vault and the prefix being used is vault/Consul ACLs should always be enabled when using Consul as a storage backend. This policy allows Vault to communicate to the required services hosted on Consul.


Reference:

https://www.vaultproject.io/docs/configuration/storage/consul



From the options below, select the benefits of using a batch token over a service token. (select three)

  1. no storage cost for token creation
  2. lightweight and scalable
  3. can be a root token
  4. used for ephemeral, high-performance workloads
  5. has accessors

Answer(s): A,B,D

Explanation:

Service Tokens
Service tokens are what users will generally think of as "normal" Vault tokens. They support all features, such as renewal, revocation, creating child tokens, and more. They are correspondingly heavyweight to create and track.
Batch Tokens
Batch tokens are encrypted blobs that carry enough information for them to be used for Vault actions, but they require no storage on disk to track them. As a result, they are extremely lightweight
and scalable but lack most of the flexibility and features of service tokens.


Reference:

https://www.vaultproject.io/docs/concepts/tokens






Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Exam Discussions & Posts