Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. Vault Associate 002

HashiCorp Vault Associate 002 Exam
HashiCorp Certified: Vault Associate (002) (Page 9 )

Updated On: 9-Feb-2026
Page 8 of 41
PDF with 200 Questions

Which type of Vault replication copies all data from Vault, including K/V data, policies, and client tokens?

  1. DR replication
  2. performance replication
  3. failover replication
  4. online replication

Answer(s): A

Explanation:

Vault Enterprise supports multi-datacenter deployment where you can replicate data across data centers for performance as well as disaster recovery.
In DR replication, secondary clusters do not forward service read or write requests until they are elevated and become a new primary.
DR replicated cluster will replicate all data from the primary cluster, including tokens. A performance replicated cluster, however, will not replicate the tokens from the primary, as the performance replicated cluster will generate its own client tokens for requests made directly to it. In performance replication, secondaries keep track of their own tokens and leases but share the underlying configuration, policies, and supporting secrets (K/V values, encryption keys for transit, etc).
Note: Failover and Online replication, there is no such replication exist in hashicorp vault.
Check below links for more details:-


Reference:

https://www.vaultproject.io/docs/enterprise/replication
https://learn.hashicorp.com/vault/operations/ops-disaster-recovery



Vault configuration files can be written in what languages? (select two)

  1. XML
  2. JSON
  3. YAML
  4. HCL

Answer(s): B,D

Explanation:

The Vault configuration file supports either JSON or HCL, which is HashiCorp Configuration Language



What happens to child tokens when a parent token is revoked?

  1. the child tokens are renewed
  2. the child tokens are converted to parent tokens
  3. the child tokens create their own child tokens to be used
  4. the child tokens are revoked

Answer(s): D

Explanation:

When a parent token is revoked, all of its child tokens and leases are revoked as well. This ensures that a user cannot skip revocation by simply making a timeless tree of child tokens.



A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API. What can be done to resolve this issue?

  1. add read permissions to the path secrets/apps
  2. modify the policy to allow the create permission
  3. remove the deny policy blocking access to the secrets/apps/app1 path
  4. add LIST to the policy so the user can browse the paths leading up to the key/value's path

Answer(s): D

Explanation:

To view the paths leading up to the secrets/apps/app1 path in the user interface, the user must have at least LIST permissions to avoid permission denied error in the UI.



Using the Vault CLI, what command is used to authenticate to Vault?

  1. vault creds
  2. vault user
  3. vault login
  4. vault auth

Answer(s): C

Explanation:

vault login command would be issued to log in to Vault via CLI followed by the type of login. For example, an LDAP login would use vault login method=ldap username=<user>






Post your Comments and Discuss HashiCorp Vault Associate 002 exam prep with other Community members:

Join the Vault Associate 002 Discussion