Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 26)

Page 25 of 51
PDF with 200 Questions

Given the following screenshot, how many secrets engines have been enabled?

  1. 4
  2. 3
  3. 5
  4. 2

Answer(s): B

Explanation:

The Cubbyhole secret engine is a default secrets engine that is enabled by default for each Vault user.



True or False: When encrypting data with the transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.

  1. False
  2. True

Answer(s): A

Explanation:

Vault doesn't store the data sent to the secrets engine. The transit secrets engine handles cryptographic functions on data-in-transit. It can also be viewed as "cryptography as a service" or "encryption as a service". The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes.


Reference:

https://www.vaultproject.io/docs/secrets/transit



When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

  1. the root token isn't a secure way of logging into Vault
  2. the root token is attached to the root policy, which likely provides too many privileges to a user
  3. the root token should be revoked and not used on a day-to-day basis
  4. It's easier to just use the root token than to configure additional auth methods

Answer(s): B,C

Explanation:

The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.



In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)

  1. issuing a vault kv destroy statement permanently deletes a single version of a secret
  2. issuing a vault kv destroy statement deletes all versions of a secret
  3. issuing a vault kv delete statement permanently deletes the secret
  4. issuing a vault kv metadata delete statement permanently deletes the secret
  5. issuing a vault kv delete statement performs a soft delete

Answer(s): A,D,E

Explanation:

The kv delete command is like a soft delete which deletes the data for the provided path in the key/value secrets engine. If using K/V Version 2, its versioned data will not be fully removed, but marked as deleted and will no longer be available for normal get requests. The kv destroy command permanently removes the specified versions' data from the key/value secrets engine. If no key exists at the path, no action is taken. It does not deletes all versions of a secret.
The kv metadata delete command deletes all versions and metadata for the provided key.






Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Exam Discussions & Posts