Free Access to HashiCorp.HCVA0-003.v2025-10-21.q101 with Valid Practice Test (Page 18)

Question 81

You need to create a limited-privileged token that isn't impacted by the TTL of its parent. What type of token should you create?

A.Service token with a use limit
B.Orphan token
C.Periodic token
D.Root token

Question 82

Jarrad is an AWS engineer and has provisioned a new EC2 instance running MySQL since his application requires a specific MySQL version. He wants to integrate Vault into his workflow but is new to Vault. What secrets engine should Jarrad use to integrate this new database running in AWS?

A.azure
B.database
C.kv
D.aws

Question 83

The key/value v2 secrets engine is enabled at secret/ See the following policy:

Which of the following operations are permitted by this policy? Choose two correct answers.

A.vault kv get secret/webapp1
B.vault kv put secret/webapp1 apikey-"ABCDEFGHI] K123M"
C.vault kv metadata get secret/webapp1
D.vault kv delete secret/super-secret
E.vault kv list secret/super-secret

Correct Answer: A,C

The policy shown in the image is:
path "secret/data/webapp1" { capabilities = ["create", "read", "update", "delete", "list"] } path "secret/data/super-secret" { capabilities = ["deny"] } This policy grants or denies access to the key/value v2 secrets engine mounted at secret/ according to the following rules:
* The path "secret/data/webapp1" has the capabilities of "create", "read", "update", "delete", and "list".
This means that the policy allows performing any of these operations on the secrets stored under this path. The data/ prefix is used to access the actual secret data in the key/value v2 secrets engine5. Therefore, the policy permits the operation of vault kv get secret/webapp1, which reads the secret data at secret/data/webapp16.
* The path "secret/data/super-secret" has the capability of "deny". This means that the policy denies performing any operation on the secrets stored under this path. The policy overrides any other policy that might grant access to this path. Therefore, the policy does not permit the operations of vault kv delete secret/super-secret and vault kv list secret/super-secret, which delete and list the secret data at secret/data/super-secret respectively6.
* The policy does not explicitly define any rules for the path "secret/metadata". The metadata/ prefix is used to access the metadata of the secrets in the key/value v2 secrets engine, such as the number of versions, the deletion status, the creation time, etc5. By default, if the policy grants any of the capabilities of "create", "read", "update", or "delete" on the data/ path, it also grants the same capabilities on the corresponding metadata/ path7. Therefore, the policy permits the operation of vault kv metadata get secret/webapp1, which reads the metadata of the secret at secret/metadata/webapp18.
5 (https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2), [6]6, 7 (https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2), [8]8

Question 84

Select the two paths below that would be permitted for read access based on the following Vault policy:
path "secret/+/training/*" {
capabilities = ["create", "read"]
}

A.secret/business/training
B.secret/cloud/training/test/exam
C.secret/departments/certification/api
D.secret/departments/training/vault

Question 85

Based on the following output, what command can Steve use to determine if the KV store is configured for versioning?
text
CollapseWrapCopy
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
automation/ kv kv_56f991b9 Automation team for CI/CD
cloud/ kv kv_4426c541 Cloud team for static secrets
cubbyhole/ cubbyhole cubbyhole_9bd538e per-token priv secret storage
data_team/ kv kv_96d57692 Data warehouse KV for certs
identity/ identity identity_0042595e identity store
network/ kv kv_3e53aaab Network team secret storage
secret/ kv kv_d66e2adc key/value secret storage
sys/ system system_d6f218a9 system endpoints

A.vault secrets list -all
B.vault kv get automation
C.vault secrets list -detailed
D.vault kv list

Question 81

Question 82

Question 83

Question 84

Question 85

Download PDF File