최신HashiCorp Certified: Vault Associate (003)Exam - HCVA0-003무료샘플문제
문제1
Select the two paths below that would be permitted for read access based on the following Vault policy:
path "secret/+/training/*" {
capabilities = ["create", "read"]
}
Select the two paths below that would be permitted for read access based on the following Vault policy:
path "secret/+/training/*" {
capabilities = ["create", "read"]
}
정답: A,B
설명: (KoreaDumps 회원만 볼 수 있음)
문제2
Which of the following cannot define the maximum time-to-live (TTL) for a token?
Which of the following cannot define the maximum time-to-live (TTL) for a token?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제3
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.
A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.
정답: A,D
설명: (KoreaDumps 회원만 볼 수 있음)
문제4
What is the primary role of the Vault Security Operator (VSO) in a Kubernetes environment?
What is the primary role of the Vault Security Operator (VSO) in a Kubernetes environment?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제5
Which of the following statements best describes the difference between static and dynamic credentials in a secrets management system?
Which of the following statements best describes the difference between static and dynamic credentials in a secrets management system?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제6
After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to make Vault remove the secret?
After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to make Vault remove the secret?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제7
Based on the output below, how many policies have been added to Vault?
$ vault policy list
base
default
root
web-app-1
automation-team
Based on the output below, how many policies have been added to Vault?
$ vault policy list
base
default
root
web-app-1
automation-team
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제8
How can Vault be used to programmatically obtain a generated code for MFA, somewhat similar to Google Authenticator?
How can Vault be used to programmatically obtain a generated code for MFA, somewhat similar to Google Authenticator?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제9
You want to encrypt a credit card number using the Transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?
$ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121" Error: * illegal base64 data at input byte 4
You want to encrypt a credit card number using the Transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?
$ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121" Error: * illegal base64 data at input byte 4
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제10
You've set up multiple Vault clusters, one on-premises intended to be the primary cluster, and the second cluster in AWS, which was deployed for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What happened?
You've set up multiple Vault clusters, one on-premises intended to be the primary cluster, and the second cluster in AWS, which was deployed for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What happened?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제11
You have logged into the Vault UI and see this screen. What Vault component is being enabled in the screenshot below?
You have logged into the Vault UI and see this screen. What Vault component is being enabled in the screenshot below?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제12
You are configuring your application to retrieve a new PKI certificate upon provisioning. The Vault admins have given you an AppRole role-id and secret-id to inject into the CI/CD pipeline job that provisions your app. The application uses the credentials to successfully authenticate to Vault using the API. Which of the following is true about the step next required after authenticating to Vault?
You are configuring your application to retrieve a new PKI certificate upon provisioning. The Vault admins have given you an AppRole role-id and secret-id to inject into the CI/CD pipeline job that provisions your app. The application uses the credentials to successfully authenticate to Vault using the API. Which of the following is true about the step next required after authenticating to Vault?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)