Question 1

Your organization is integrating its legacy application with Vault to improve its security. However, you have discovered that the application has issues when the token changes for authentication during testing. What type of token could be used to help alleviate this issue without compromising security?

Options :

A : Periodic Service Token

B : Root Token

C : Orphan Service Token

D : Batch Token

Answer: A

Question 2

Where can you set the Vault seal configuration? Choose two correct answers.

Options :

A : Cloud Provider KMS

B : Vault CLI

C : Vault configuration file

D : Environment variables

E : Vault API

Answer: C,D

Question 3

After issuing the command to delete a secret, you run a vault kv list command, but the path to the secret still seems to exist. What command would permanently delete the path from Vault?

Options :

A : vault kv delete -force kv/applications/app01

B : vault kv destroy -versions=1 kv/applications/app01

C : vault kv metadata delete kv/applications/app01

D : vault kv delete -all kv/applications/app01

Answer: C

Question 4

When Vault is sealed, which are the only two operations available to a Vault administrator? (Select two)

Options :

A : View the status of Vault

B : Configure policies

C : View data stored in the key/value store

D : Rotate the encryption key

E : Unseal Vault

F : Author security policies

Answer: A,E

Question 5

As a best practice, the root token should be stored in which of the following ways?

Options :

A : Should be revoked and never stored after initial setup

B : Should be stored in configuration automation tooling

C : Should be stored in another password safe

D : Should be stored in Vault

Answer: A