Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the HashiCorp Security Automation Certification HCVA0-003 Questions and answers with Dumpstech

Exam HCVA0-003 Premium Access

View all detail and faqs for the HCVA0-003 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 2 out of 10 pages
Viewing questions 11-20 out of questions
Questions # 11:

You are using Vault to generate dynamic credentials for a Microsoft SQL server to perform queries for a month-end report. The report seems to be taking much longer than expected due to degradation on the underlying server, and you are afraid that Vault might automatically revoke the credentials. How can you extend the time the credentials are valid to ensure your month-end query is successful?

Options:

A.

Renew the lease

B.

Generate a new lease

C.

Create a new role within the secrets engine for the database

D.

Revoke the lease

Questions # 12:

Your organization uses a CI/CD pipeline to deploy its applications on Azure. During testing, you generate new credentials to validate Vault can create new credentials. The result of this command is below:

text

CollapseWrapCopy

$ vault read azure/creds/bryan-krausen

Key Value

--- -----

lease_id azure/creds/bryan-krausen/9eed0373-ca92-99b6-b914-779b7bb0e1d9

lease_duration 60m

lease_renewable true

client_id 532bf678-ee4e-6be1-116b-4e4221e445dd

client_secret be60395b-4e6b-2b7e-a4b3-c449a5c00973

What commands can be used to revoke this secret after you have finished testing? (Select three)

Options:

A.

vault lease revoke azure/

B.

vault lease revoke -prefix azure/

C.

vault lease revoke azure/creds/bryan-krausen/9eed0373-ca92-99b6-b914-779b7bb0e1d9

D.

vault lease revoke azure/creds/bryan-krausen

E.

vault lease revoke -prefix azure/creds/bryan-krausen

Questions # 13:

You have a new team member on the Vault operations team. Their first task is to rotate the encryption key in Vault as part of the organization’s security policy. However, when they log in, they get an access denied error when attempting to rotate the key. The policy being used is below. Why can’t the user rotate the encryption key?

path " auth/* " {

capabilities = [ " create " , " read " , " update " , " delete " , " list " ]

}

path " sys/rotate " {

capabilities = [ " read " , " update " ]

}

Options:

A.

The policy requires sudo privileges since it is a root-protected path

B.

The policy doesn’t include create privileges so a new encryption key can’t be created

C.

The policy should include sys/rotate/ < name of key > as part of the path

D.

The encryption key has a minimum TTL, therefore the key cannot be rotated until that time expires

Questions # 14:

You have enabled the Transit secrets engine on your Vault cluster to provide an " encryption as a service " service as your team develops new applications. What is a prime use case for the Transit secrets engine?

Options:

A.

Encrypting data before being written to an Amazon S3 bucket

B.

Storing the encrypted data in Vault for easy retrieval

C.

Generating dynamic SSH credentials for access to local systems

D.

Creating X.509 certificates for a new fleet of containers

Questions # 15:

What is the primary role of the Vault Security Operator (VSO) in a Kubernetes environment?

Options:

A.

Managing Vault server deployments and auto-scaling Vault instances in Kubernetes

B.

Enforcing Kubernetes network policies for Vault communication

C.

Automating the injection and lifecycle management of Vault secrets for Kubernetes workloads

D.

Replacing Kubernetes Secrets with a built-in alternative that does not require Vault

Questions # 16:

Your organization recently suffered a security breach on a specific application, and the security response team believes that MySQL database credentials were likely obtained during the event. The application generated the credentials using the database secrets engine in Vault mounted at the path database/. How can you quickly revoke all of the secrets generated by this secrets engine?

Options:

A.

vault token revoke database/*

B.

vault secrets disable mysql

C.

vault lease renew database/creds/mysql

D.

vault lease revoke -prefix database/

Questions # 17:

True or False? Performing a rekey operation using the vault operator rekey command creates new unseal/recovery keys as well as a new root key?

Options:

A.

True

B.

False

Questions # 18:

Your organization has enabled the LDAP auth method on the path of corp-auth/. When you access the Vault UI, you cannot log in despite providing the correct credentials. Based on the screenshot below, what action should you take to log in?

Question # 18

Options:

A.

Select corp-auth from the dropdown list

B.

Enter the username as corp-auth/bryan.krausen

C.

Select More Options and enter the Mount path that LDAP was enabled on (corp-auth/)

D.

Change to the Namespace of corp-auth before trying to authenticate

Questions # 19:

Your supervisor has requested that you log into Vault and update a policy for one of the development teams. You successfully authenticated to Vault via OIDC but do not see a way to manage the Vault policies. Why are you unable to manage policies in the Vault UI?

Question # 19

Options:

A.

Policies are only available on Vault Enterprise

B.

The Vault node is sealed, and therefore you cannot manage policies

C.

Policies cannot be managed in the UI, only the CLI and API

D.

The policy associated with your login does not permit access to manage policies

Questions # 20:

A developer has requested access to manage secrets at the path kv/apps/webapp01. You create the policy below which gives them the proper access:

path " kv/apps/webapp01 " {

capabilities = [ " read " , " create " , " update " , " list " ]

}

However, when the developer logs in to the Vault UI, they see the following screenshot and cannot access the desired secret. Why can’t the developer see the secrets they need?

Question # 20

Options:

A.

The Vault UI isn’t enabled for the developer, therefore they will only see the default options

B.

The key/value secrets engine isn’t available in the Vault UI, therefore the developer should use a different Vault interface instead

C.

The policy doesn’t permit list access to the paths prior to the secret so the Vault UI doesn’t display the mount path

D.

The secrets are stored under the cubbyhole secrets engine, so the developer should browse to that secrets engine

Viewing page 2 out of 10 pages
Viewing questions 11-20 out of questions