Question 1

True or False? When encrypting data with the Transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.

Options :

A : True

B : False

Answer: B

Question 2

When Vault is sealed, which are the only two operations available to a Vault administrator? (Select two)

Options :

A : View the status of Vault

B : Configure policies

C : View data stored in the key/value store

D : Rotate the encryption key

E : Unseal Vault

F : Author security policies

Answer: A,E

Question 3

After issuing the command to delete a secret, you run a vault kv list command, but the path to the secret still seems to exist. What command would permanently delete the path from Vault?

Options :

A : vault kv delete -force kv/applications/app01

B : vault kv destroy -versions=1 kv/applications/app01

C : vault kv metadata delete kv/applications/app01

D : vault kv delete -all kv/applications/app01

Answer: C

Question 4

Which of the following features are not available in the Vault Community version?

Options :

A : Cloud KMS auto-unseal

B : Single sign-on support

C : Event notifications and filtering

D : Multi-factor authentication (auth)

E : Dynamic secrets engines

F : HSM auto-unseal

Answer: F

Question 5

Which of the following is NOT a valid way in which a lease can be revoked in Vault?

Options :

A : Using the user interface (UI)

B : Automatically when the TTL or Max-TTL expires

C : Using the API to call the /v1/sys/leases endpoint

D : Via the CLI using the vault token command

Answer: D