- (Topic 1)
What are the primary benefits of running Vault in a production deployment over dev server mode (select two)?

1. A. Faster deployment
2. B. Persistent storage
3. C. Ability to enable auth methods
4. D. Encryption via TLS

Correct Answer: BD

- (Topic 5)
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

1. A. PKI
2. B. Key/Value secrets engine version 2, with TTL defined
3. C. Cloud KMS
4. D. Transit

Correct Answer: A

- (Topic 1)
You are using an orchestrator to deploy a new application. Even though the orchestrator creates anew AppRole secret ID, security requires that only the new application has the combination of the role ID and secret ID. What feature can you use to meet these requirements?

1. A. Have the application authenticate with the role ID to retrieve the secret ID
2. B. Use response wrapping and provide the application server with the unwrapping token instead
3. C. Use a batch token instead of a traditional service token
4. D. Secure the communication between the orchestrator and Vault using TLS

Correct Answer: B

- (Topic 2)
An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?

1. A. Go back to using static credentials
2. B. Renew the lease before expiration
3. C. Revoke the lease before expiration
4. D. Use a different auth method

Correct Answer: B

- (Topic 5)
What can be used to limit the scope of a credential breach?

1. A. Storage of secrets in a distributed ledger
2. B. Enable audit logging
3. C. Use of a short-lived dynamic secrets
4. D. Sharing credentials between applications

Correct Answer: C