Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the HashiCorp Security Automation Certification HCVA0-003 Questions and answers with Dumpstech

Exam HCVA0-003 Premium Access

View all detail and faqs for the HCVA0-003 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions
Questions # 61:

True or False? The userpass auth method has the ability to access external services in order to provide authentication to Vault.

Options:

A.

True

B.

False

Questions # 62:

Which of the following statements best describes the difference between static and dynamic credentials in a secrets management system?

Options:

A.

They are functionally identical—the only difference is what secrets engine creates them.

B.

Static credentials only apply to specific use cases, while dynamic credentials can be used everywhere.

C.

Static credentials often remain persistent for long periods of time, while dynamic are short-lived and auto-rotated.

D.

Static credentials are ephemeral and rotated frequently, while dynamic credentials remain unchanged indefinitely.

Questions # 63:

An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?

Options:

A.

Go back to using static credentials

B.

Renew the lease before expiration

C.

Revoke the lease before expiration

D.

Use a different auth method

Questions # 64:

You need to connect to and manage a new HCP Vault cluster using the Vault CLI on your laptop. What environment variables should you set to establish connectivity?

Options:

A.

VAULT_CLIENT_KEY= < path-to-key-file > , VAULT_TOKEN= < token-here >

B.

VAULT_NAMESPACE=root, VAULT_REDIRECT_ADDR= < cluster-address >

C.

VAULT_ADDR=https:// < cluster-address > :8200, VAULT_NAMESPACE=admin

D.

VAULT_TOKEN= < token-here > , VAULT_CLUSTER_ADDR=https:// < cluster-address > :8200

Questions # 65:

When Vault is sealed, which are the only two operations available to a Vault administrator? (Select two)

Options:

A.

View the status of Vault

B.

Configure policies

C.

View data stored in the key/value store

D.

Rotate the encryption key

E.

Unseal Vault

F.

Author security policies

Questions # 66:

A new Vault administrator is writing a CURL command (shown below) to retrieve a secret stored in a KV v2 secrets engine at secret/audio/soundbooth but is receiving an error. What could be the cause of the error?

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v1/secret/audio/soundbooth

Options:

A.

The VAULT_ADDR environment variable wasn’t set, so it should be configured: export VAULT_ADDR= " https://vault.unlimited.com:8200 "

B.

The request is being made on the incorrect endpoint and should be:

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v1/secret/data/audio/soundbooth

C.

The user’s token doesn’t permit access to the Vault API, only the UI

D.

The endpoint should point to v2 since this is a KV v2 secrets engine:

$ curl \

--header " X-Vault-Token: hvs.rffHw0iXqkRo19b2cjf93DM39WjpbN3J " \

https://vault.unlimited.com:8200/v2/secret/audio/soundbooth

Questions # 67:

Which statement best describes the process of sealing a Vault instance?

Options:

A.

Disable the TLS certificates on the Vault server by running vault secrets disable pki, blocking all requests.

B.

Run vault operator rotate to rotate the Vault tokens for all clients, causing them to reauthenticate with the Vault.

C.

Run the vault operator seal command, which securely discards the master key from memory and prevents further operations until unsealed.

D.

Revoke all leases so no secrets can be accessed using vault lease revoke, but keep the master key in memory for quick recovery.

Questions # 68:

You are trying to create a new orphan token but receiving a Permission Denied error. What capabilities are required to create this token without using a root token?

Options:

A.

write privileges on the path auth/token

B.

write privileges on the path sys/mounts

C.

sudo privileges on the path auth/token/create

D.

sudo privileges on the path sys/mounts/token

Questions # 69:

Your application cannot manage authentication with Vault, but it can communicate with a local service to retrieve secrets. What solution can enable your app to generate dynamic credentials from Vault?

Options:

A.

Vault Proxy with caching feature enabled

B.

Vault Agent with environment variable secret injection

C.

Vault Proxy with Auto-Auth feature enabled

D.

Vault Agent with the templating feature configured

Questions # 70:

Which is not a capability that can be used when writing a Vault policy?

Options:

A.

delete

B.

modify

C.

create

D.

list

E.

read

F.

update

Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions