Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the HashiCorp Security Automation Certification HCVA0-003 Questions and answers with ValidTests

Exam HCVA0-003 All Questions
Exam HCVA0-003 Premium Access

View all detail and faqs for the HCVA0-003 exam

Viewing page 10 out of 10 pages
Viewing questions 91-100 out of questions
Questions # 91:

What is the proper command to enable the AWS secrets engine at the default path?

Options:

A.

vault enable aws secrets engine

B.

vault secrets enable aws

C.

vault secrets aws enable

D.

vault enable secrets aws

Questions # 92:

If Bobby is currently assigned the following policy, what additional policy can be added to ensure Bobby cannot access the data stored at secret/apps/confidential but still read all other secrets?

path " secret/apps/* " { capabilities = [ " create " , " read " , " update " , " delete " , " list " ] }

Options:

A.

path " secret/apps/confidential " { capabilities = [ " deny " ] }

B.

path " secret/* " { capabilities = [ " read " , " deny " ] }

C.

path " secret/apps/* " { capabilities = [ " deny " ] }

D.

path " secret/apps/confidential/* " { capabilities = [ " deny " ] }

Questions # 93:

How does the Vault Secrets Operator (VSO) assist in integrating Kubernetes-based workloads with Vault?

Options:

A.

By enabling a local API endpoint to allow the workload to make requests directly from the VSO

B.

By using client-side caching for KVv1 and KVv2 secrets engines

C.

By injecting a Vault Agent directly into the pod requesting secrets from Vault

D.

By watching for changes to its supported set of Custom Resource Definitions (CRD)

Questions # 94:

From the unseal options listed below, select the options you can use if you ' re deploying Vault on-premises (select four).

Options:

A.

Certificates

B.

Transit

C.

AWS KMS

D.

HSM PKCS11

E.

Key shards

Questions # 95:

True or False? All dynamic secrets in Vault are required to have a lease.

Options:

A.

True

B.

False

Questions # 96:

By default, what TCP port does Vault replication use?

Options:

A.

tcp/8200

B.

tcp/8300

C.

tcp/8201

D.

tcp/8301

Questions # 97:

Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?

Options:

A.

AWS

B.

Userpass

C.

Token

D.

AppRole

Questions # 98:

Which of the following is NOT a valid way in which a lease can be revoked in Vault?

Options:

A.

Using the user interface (UI)

B.

Automatically when the TTL or Max-TTL expires

C.

Using the API to call the /v1/sys/leases endpoint

D.

Via the CLI using the vault token command

Questions # 99:

When generating dynamic credentials, Vault also creates associated metadata, including information like time duration, renewability, and more, and links it to the credentials. What is this referred to as?

Options:

A.

Secret

B.

Token

C.

Lease

D.

Secrets engine

Questions # 100:

Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?

Options:

A.

path " secrets/applications/ " { capabilities = [ " read " ] allowed_parameters = { " certificate " = [] } }

B.

path " secrets/* " { capabilities = [ " list " ] }

C.

path " secrets/applications/+/api_* " { capabilities = [ " read " ] }

D.

path " secrets/applications/app01/api_key/* " { capabilities = [ " update " , " list " , " read " ] }

Viewing page 10 out of 10 pages
Viewing questions 91-100 out of questions