Question 1

Which of the following features are not available in the Vault Community version?

Options :

A : Cloud KMS auto-unseal

B : Single sign-on support

C : Event notifications and filtering

D : Multi-factor authentication (auth)

E : Dynamic secrets engines

F : HSM auto-unseal

Answer: F

Question 2

True or False? A token can be renewed up until the max TTL, even if the TTL has been reached.

Options :

A : True

B : False

Answer: B

Question 3

Which of these is not a benefit of dynamic secrets?

Options :

A : Supports systems which do not natively provide a method of expiring credentials

B : Minimizes damage of credentials leaking

C : Ensures that administrators can see every password used

D : Replaces cumbersome password rotation tools and practices

Answer: C

Question 4

True or False? When encrypting data with the Transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.

Options :

A : True

B : False

Answer: B

Question 5

During a service outage, you must ensure all current tokens and leases are copied to another Vault cluster for failover so applications don't need to authenticate. How can you accomplish this?

Options :

A : Have Vault write all the tokens and leases to a file so you have a second copy of them

B : Configure all applications to use the auto-auth feature of the Vault Agent

C : Configure Disaster Recovery replication and promote the secondary cluster during an outage

D :

Replicate to another cluster using Performance Replication and promote the secondary cluster during an outage

Answer: C