Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. Vault Associate 002

HashiCorp Vault Associate 002 Exam
HashiCorp Certified: Vault Associate (002) (Page 7 )

Updated On: 9-Feb-2026
Page 7 of 41
PDF with 200 Questions

Which of the following storage backends are supported by HashiCorp technical support? (select four)

  1. Filesystem
  2. Consul
  3. In-Memory
  4. Raft
  5. DynamoDB
  6. MySQL

Answer(s): A,B,C,D

Explanation:

Just to clarify, "HashiCorp supported" means, it is supported by HashiCorp's technical support, it doesn't mean that Vault supports the platform as a storage backend. For example, DynamoDB is a valid storage backend, but it is not officially supported by HashiCorp technical support but it has got the community support.
In-Memory - HashiCorp Supported
MySQL - Community Supported
Raft - HashiCorp Supported
Dynamo DB - Community Supported
Consul - HashiCorp Supported
Filesystem - HashiCorp Supported
Check more details in reference link:


Reference:

https://www.vaultproject.io/docs/configuration/storage/in- memory



Which of the following commands will remove all secrets at a specific path?

  1. vault lease revoke -prefix <path>
  2. vault delete lease -all <path>
  3. vault lease revoke -all <path>
  4. vault revoke -all <path>

Answer(s): A

Explanation:

The -prefix flag treats the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously.



Which of the following best describes a token accessor?

  1. a value that acts as a reference to a token which can be used to perform limited actions against the token
  2. a token used for Consul to access Vault auth methods
  3. describes the value associated with the tokens TTL
  4. a value that describes which clients have access to the attached token

Answer(s): A

Explanation:

When tokens are created, a token accessor is also created and returned. This accessor is a value that acts as a reference to a token and can only be used to perform limited actions:
- Lookup a token's properties (not including the actual token ID)
- Lookup a token's capabilities on a path
- Renew the token
- Revoke the token


Reference:

https://www.vaultproject.io/docs/concepts/tokens#token-accessors



What command is used to renew a token, if permitted?

  1. vault operator token renew
  2. vault token update
  3. vault new <token-id>
  4. vault update token
  5. vault token renew
  6. vault renew token <token-id>

Answer(s): E

Explanation:

In order to renew a token, a user can issue a vault token renew command to extend the TTL. The token can also be renewed using the API



Unsealing Vault creates the encryption keys, which is used to unencrypt the data on the storage backend.

  1. FALSE
  2. TRUE

Answer(s): A

Explanation:

Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key
to decrypt the data, allowing access to the Vault. The master key is used to decrypt the encryption key which can unencrypt the data on the storage backend.






Post your Comments and Discuss HashiCorp Vault Associate 002 exam prep with other Community members:

Join the Vault Associate 002 Discussion