Free HashiCorp HCVAO-002 Exam Questions

Become HashiCorp Certified with updated HCVAO-002 exam questions and correct answers

Page: 1 / 66

Total 328 Questions | Updated On: Mar 25, 2025

Add To Cart

Question 1

By default, the max TTL for a token is how many days?

A : 14 days

B : 32 days

C : 31 days

D : 7 days

Answer: B

Question 2

You need to write a new policy for Vault for a group of users on the automation team. The requirements stipulate that each user (and all future users) get access to their own private section of a KV secrets engine at the path kv/team/automation and be able to manage their own secrets. Which policy below meets these requirements while minimizing the administrative effort while following the principle of least privilege?

A : path "kv/team/{{identity.entity.id}}/*" { capabilities = ["create", "update", "read", "delete"]}path "kv/team/{{identity.entity.id}}" { capabilities = ["create", "update", "read", "delete"]}

B : path "kv/team/*" { capabilities = ["create", "update", "read", "delete"]}

C : path "kv/team/frank/*" { capabilities = ["create", "update", "read", "delete"]}path "kv/team/steve/*" { capabilities = ["create", "update", "read", "delete"]}path "kv/team/bryan/*" { capabilities = ["create", "update", "read", "delete"]}

D : path "kv/team/{{identity.groups.ids.fb036ebc-2f62-4124-9503-42aa7A869741.name}}/*" { capabilities = ["create", "update", "read", "delete"]}

Answer: A

Question 3

True or False? Once the minimum decryption version is set on an encryption key, older versions of the key are removed from Vault and are no longer available for decryption operations.

A : lse

B : ue

Answer: A

Question 4

Papermill Supply runs open-source Vault in its primary data center. They want to start using the transit secrets engine to encrypt data received from its vendors. Before the following command can be run to encrypt data, what (three) commands must be run to enable and configure the transit secrets engine in Vault?

vault write transit/encrypt/vendor plaintext=aGFzaGljb3JwIGNlcnRpZmllZA==

A :

B : ult secrets enable transit

C : ult enable secrets transit

D : ult write -f transit/keys/vendor

E : ult write transit/encrypt/vendor

Answer: A,B,D

Question 5

Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)

A : path "secrets/apps/my_secret" {capabilities = ["create"]allowed_parameters = {"foo" = []}}

B : path "secrets/+/my_secret" {capabilities = ["create"]allowed_parameters = {"*" = ["bar"]}}

C : path "secrets/apps/my_secret" {capabilities = ["update"]}

D : path "secrets/apps/*" {capabilities = ["create"]allowed_parameters = {"foo" = ["bar", "zip"]}}

Answer: A,B

Page: 1 / 66

Total 328 Questions | Updated On: Mar 25, 2025

Add To Cart