Free HashiCorp Vault-Associate Exam Actual Questions

The questions for Vault-Associate were last updated On Nov 9, 2024

Question No. 4

Which of the following describes usage of an identity group?

Show Answer Hide Answer
Question No. 5

Which of these is not a benefit of dynamic secrets?

Show Answer Hide Answer
Correct Answer: C

Dynamic secrets are generated on-demand by Vault and have a limited time-to-live (TTL). They do not ensure that administrators can see every password used, as they are often encrypted and ephemeral. The benefits of dynamic secrets are:

They support systems that do not natively provide a method of expiring credentials, such as databases, cloud providers, SSH, etc. Vault can revoke the credentials when they are no longer needed or when the lease expires.

They minimize the damage of credentials leaking, as they are short-lived and can be easily rotated or revoked. If a credential is compromised, the attacker has a limited window of opportunity to use it before it becomes invalid.

They replace cumbersome password rotation tools and practices, as Vault can handle the generation and revocation of credentials automatically and securely. This reduces the operational overhead and complexity of managing secrets.