01. You have been tasked with increasing the visibility the organization has about the Vault environment. As part of this task, you need to configure Vault telemetry settings. Where would you find telemetry settings to forward telemetry data to a collector agent?
a) the Vault configuration file
b) sys/telemetry
c) In the Vault UI under the "Status" menu
d) sys/tools/telemetry
02. Vault supports both "rekey" and "rotate" operations in Vault. While the commands sound similar, it is important to understand the key differences between these unique operations. What statement most accurately describes the difference between a "rekey" and "rotate" operations?
a) Rekey is used to generate new unseal/recovery keys, and rotate is used to generate a new root key.
b) Rekey is used to change the encryption key used to encrypt data written to the storage backend, and rotate is used to generate a new root key and unseal/recovery keys.
c) Rekey is used to generate a new root key, and rotate is used to generate new unseal/recovery keys.
d) Rekey is used to generate a new root key and unseal/recovery keys, and rotate is used to change the encryption key used to encrypt data written to the storage backend.
03. When configuring a Vault HA cluster, which storage backend is commonly recommended for ensuring high availability?
a) MySQL
b) PostgreSQL
c) Consul
d) NFS
04. Vault Agent's Template functionality allows Vault secrets to be rendered to files using Consul Template markup. Your team has a use case to retrieve and format a secret from Vault before an application consumes it for usage. Below is an example template configuration, which of the following is NOT a valid statement:
{{ with secret "secret/data/app1" }}
ID: {{ .Data.data.username }}
Color: {{ .Data.data.color }}
{{ end }}
a) The path of the secret in Vault is secret/data/app1
b) The secret in Vault contains a key with the name ID
c) The secret in Vault contains a key with the name username
d) The secret in Vault contains a key with the name color
05. Your team has recently upgraded from open source Vault to Vault Enterprise so you can use performance standby nodes. Which of the following is true regarding performance standby nodes?
a) Performance standby nodes will attempt to locally process client read requests and automatically forward write requests to the leader/active node.
b) Performance standby nodes are only available when using the Consul storage backend.
c) Performance standby nodes scale the overall performance of the Vault cluster by handling both read and write requests locally.
d) Performance standby nodes can only be used when Performance replication is also enabled.
06. What is the default policy that every authenticated user in Vault inherits, and what does it grant?
a) default policy; grants full access to all secrets
b) root policy; grants full administrative access
c) default policy; grants access to the sys/ and auth/ paths
d) read-only policy; grants read access to all secrets
07. What type of encryption does seal wrap (PKCS#11) typically provide in a Vault Enterprise environment?
a) Asymmetric encryption for public key operations
b) Symmetric encryption for data at rest
c) Elliptic curve encryption for digital signatures
d) Hash-based encryption for data integrity
08. How does the deny capability in an ACL policy affect a user's access in Vault?
a) It overrides any other policies that grant access.
b) It only applies if no other policies grant access.
c) It allows access to all paths except the specified ones.
d) It must be combined with the allow capability to be effective.
09. Which of the following components is essential for setting up a highly available (HA) Vault cluster?
a) A single Vault server with a backup
b) A load balancer in front of multiple Vault servers
c) Multiple Vault servers with a shared storage backend
d) A replicated database for storing Vault secrets
10. As part of an internal initiative, your organization has decided to implement the Vault Enterprise feature of Control Groups. The goal is to add a layer of protection for certain activities in Vault. Which of the following statements most accurately describes the function of a Control Group?
a) Control Groups are a different way of managing access to items in Vault
b) Control Groups enable fine-grained control through "policy as code"
c) Control Groups help organize Vault identities into logical groups to more easily manage access
d) Control Groups add additional authorization factors to be required before satisfying a request
We have prepared HashiCorp Certified Vault Operations Professional certification sample questions to make you aware of actual exam properties. This sample question set provides you with information about the HashiCorp Vault Operations Professional exam pattern, question formate, a difficulty level of questions and time required to answer each question. To get familiar with HashiCorp Certified - Vault Operations Professional exam, we suggest you try our Sample HashiCorp Vault Operations Professional Certification Practice Exam in simulated HashiCorp certification exam environment.
