Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the HashiCorp Security Automation Certification HCVA0-003 Questions and answers with Dumpstech

Exam HCVA0-003 Premium Access

View all detail and faqs for the HCVA0-003 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 3 out of 10 pages
Viewing questions 21-30 out of questions
Questions # 21:

If a role is able to read a secret from Vault, but unable to change the values, what capability is missing in the policy?

Options:

A.

sudo

B.

list

C.

delete

D.

update

E.

read

Questions # 22:

You are using the Vault userpass auth method mounted at auth/userpass. How do you create a new user named " sally " with password " h0wN0wB4r0wnC0w " ? This new user will need the power-users policy.

Options:

A.

B.

C.

D.

Questions # 23:

The Vault encryption key is stored in Vault ' s backend storage.

Options:

A.

True

B.

False

Questions # 24:

What are orphan tokens?

Options:

A.

Orphan tokens are tokens with a use limit so you can set the number of uses when you create them

B.

Orphan tokens are not children of their parent; therefore, orphan tokens do not expire when their parent does

C.

Orphan tokens are tokens with no policies attached

D.

Orphan tokens do not expire when their own max TTL is reached

Questions # 25:

When an auth method is disabled all users authenticated via that method lose access.

Options:

A.

True

B.

False

Questions # 26:

You can build a high availability Vault cluster with any storage backend.

Options:

A.

True

B.

False

Questions # 27:

Two screenshots are shown in the exhibit.

You expect the ACL Policies menu to be shown as seen in Image 1. Instead, the ACL Policies menu is not displayed, as in Image 2.

Why would this menu not be displayed?

Options:

A.

Your token’s policies do not allow access to manage policies.

B.

The policy engine is not enabled.

C.

You need to be in the policy namespace.

D.

None of these explain this scenario.

Questions # 28:

Use this screenshot to answer the question below:

Question # 28

When are you shown these options in the GUI?

Options:

A.

Enabling policies

B.

Enabling authentication engines

C.

Enabling secret engines

D.

Enabling authentication methods

Questions # 29:

You have a 2GB Base64 binary large object (blob) that needs to be encrypted.

How will the Transit secrets engine manage the encryption lifecycle for a large blob?

Options:

A.

A data key encrypts the blob locally, and the same key decrypts the blob locally.

B.

Vault will store the blob permanently. Be sure to run Vault on a compute-optimized machine.

C.

The Transit engine is not a good solution for binaries of this size.

D.

To process such a large blob, Vault will temporarily store it in the storage backend.

Questions # 30:

A policy is shown in the exhibit.

What does this policy do?

Exhibit:

path " secret/data/{{identity.entity.id}}/* " { capabilities = [ " create " , " update " , " read " , " delete " ] }

path " secret/metadata/{{identity.entity.id}}/* " { capabilities = [ " list " ] }

Options:

A.

Grants access to a special system entity folder.

B.

Nothing, this is not a valid policy.

C.

Grants access for each user to a KV folder, which shares their ID.

D.

Allows a user to read data about the secret endpoint identity.

Viewing page 3 out of 10 pages
Viewing questions 21-30 out of questions