Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the HashiCorp Security Automation Certification HCVA0-003 Questions and answers with Dumpstech

Exam HCVA0-003 Premium Access

View all detail and faqs for the HCVA0-003 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 9 out of 10 pages
Viewing questions 81-90 out of questions
Questions # 81:

In regards to the Transit secrets engine, which of the following is true given the following command and output (select three):

$ vault write encryption/encrypt/creditcard plaintext=$(base64 < < < " 1234 5678 9101 1121 " )

Key: ciphertext Value: vault:v3:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=

Options:

A.

The Transit secrets engine is mounted at the encryption path

B.

The name of the keyring used to encrypt the data is creditcard

C.

There are at least three data keys associated with this keyring

D.

The data was written to the encryption path, which is provided by default when enabling the Transit secrets engine

Questions # 82:

You logged into the Vault CLI and attempted to enable an auth method, but you received this error message. What can you do to resolve the error and configure Vault?

(Error: dial tcp 127.0.0.1:8200: connect: connection refused)

Question # 82

Options:

A.

Restart the Vault service on this node

B.

Ask an admin to grant you permission to enable the userpass auth method

C.

Change ' userpass ' to ' username and password '

D.

Set the VAULT_ADDR environment variable to HTTP

Questions # 83:

How can Vault be used to programmatically obtain a generated code for MFA, somewhat similar to Google Authenticator?

Options:

A.

Cubbyhole

B.

The random byte generator

C.

TOTP secrets engine

D.

The identity secrets engine

Questions # 84:

You want to integrate a third-party application to retrieve credentials from the HashiCorp Vault API. How can you accomplish this without having direct access to the source code?

Options:

A.

You cannot integrate a third-party application with Vault without being able to modify the source code

B.

Put in a request to the third-party application vendor

C.

Instead of the API, have the application use the Vault CLI to retrieve credentials

D.

Use the Vault Agent to obtain secrets and provide them to the application

Questions # 85:

Below is a list of parent and child tokens and their associated TTL. Which token(s) will be revoked first?

Options:

A.

├───hvs.y4fUERqCtUV0xsQjWLJar5qX - TTL: 4 hours

B.

├───hvs.FNiIFU14RUxxUYAl4ErLfPVR - TTL: 6 hours

C.

├───hvs.Jw9LMpu7oCQgxiKbjfyzyg75 - TTL: 4 hours (child of B)

D.

├───hvs.3IrlhEvcerEGbae11YQf9FvI - TTL: 3 hours

E.

├───hvs.hOpweMVFvqfvoVnNgvZq8jLS - TTL: 5 hours (child of D)

Questions # 86:

    A Jenkins server is using the following token to access Vault. Based on the lookup shown below, what type of token is this? $ vault token lookup hvs.FGP1A77Hxa1Sp6Pkp1yURcZB

     

    Key Value

    --- -----

    accessor RnH8jtgrxBrYanizlyJ7Y8R

    creation_time 1604604512

    creation_ttl 24h

    display_name token

    entity_id n/a

    expire_time 2025-11-06T14:28:32.8891566-05:00

    explicit_max_ttl 0s

    id hvs.FGP1A77Hxa1Sp6KRau5eNB

    issue_time 2025-11-06T14:28:32.8891566-05:00

    meta < nil >

    num_uses 0

    orphan false

    path auth/token/create

    period 24h

    policies [admin default]

    renewable true

    ttl 23h59m50s

    type service

Options:

A.

Periodic token

B.

Batch token

C.

Orphaned token

D.

Secondary token

Questions # 87:

From the unseal options listed below, select the options you can use if you ' re deploying Vault on-premises (select four).

Options:

A.

Certificates

B.

Transit

C.

AWS KMS

D.

HSM PKCS11

E.

Key shards

Questions # 88:

After decrypting data using the Transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?

$ vault write transit/decrypt/creditcard ciphertext= " vault:v1:cZNHVx+sxdMEr....... "

Key: plaintext Value: Y3JlZGl0LWNhcmQtbnVtYmVyCg==

Options:

A.

Vault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

B.

The user doesn’t have permission to decrypt the data, therefore Vault returns false data

C.

The resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 --decode command

D.

The data is corrupted. Execute the encryption command again using a different data key

Questions # 89:

True or False? The Vault Secrets Operator does NOT encrypt client cache, such as Vault tokens and leases, by default in Kubernetes Secrets.

Options:

A.

True

B.

False

Questions # 90:

Which of the following are accurate statements regarding the use of a KV v2 secrets engine (select three)?

Options:

A.

Issuing a vault kv destroy command permanently deletes the current version of the secret

B.

Issuing a vault kv destroy command deletes all versions of a secret

C.

Issuing a vault kv delete command performs a soft delete of the current version

D.

Issuing a vault kv metadata delete command permanently deletes the secret

Viewing page 9 out of 10 pages
Viewing questions 81-90 out of questions