EMT Practice Test

1. Question Content...


Question List

Question1: To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?

Question2: Which of these are a benefit of using the Vault Agent?

Question3: Where can you set the Vault seal configuration? Choose two correct answers.

Question4: You are performing a high number of authentications in a short amount of time. You're experiencing slow throughput for token generation. How would you solve this problem?

Question5: A web application uses Vault's transit secrets engine to encrypt data in-transit. If an attacker intercepts the data in transit which of the following statements are true? Choose two correct answers.

Question6: Which of the following statements describe the secrets engine in Vault? Choose three correct answers.

Question7: An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion. What auth-associated Vault object should be tracked to enable this behavior?

Question8: An authentication method should be selected for a use case based on:

Question9: Which of the following is a machine-oriented Vault authentication backend?

Question10: To make an authenticated request via the Vault HTTP API, which header would you use?

Question11: The vault lease renew command increments the lease time from:

Question12: When using Integrated Storage, which of the following should you do to recover from possible data loss?

Question13: Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

Question14: What is the Vault CLI command to query information about the token the client is currently using?

Question15: When unsealing Vault, each Shamir unseal key should be entered:

Question16: You have been tasked with writing a policy that will allow read permissions for all secrets at path secret/bar. The users that are assigned this policy should also be able to list the secrets. What should this policy look like?

Question17: Which of the following are replication methods available in Vault Enterprise? Choose two correct answers.

Question18: An organization wants to authenticate an AWS EC2 virtual machine with Vault to access a dynamic database secret. The only authentication method which they can use in this case is AWS.

Question19: You have a 2GB Base64 binary large object (blob) that needs to be encrypted. Which of the following best describes the transit secrets engine?

Question20: Which statement describes the results of this command: $ vault secrets enable transit

Question21: When an auth method is disabled all users authenticated via that method lose access.

Question22: As a best practice, the root token should be stored in which of the following ways?

Question23: You can build a high availability Vault cluster with any storage backend.

Question24: Running the second command in the GUI CLI will succeed.

Question25: What is a benefit of response wrapping?

Question26: Which of the following cannot define the maximum time-to-live (TTL) for a token?