Latest HCVA0-003 Practice Tests

Premium

HCVA0-003 Dumps - Full Mock Test

HashiCorp Certified: Vault Associate (003)Exam

285 Questions
120 MINUTES
2026-03-09 Updated

Full Access

QUESTION 26

- (Topic 1)
Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?

A. AWS
B. Userpass
C. Token
D. AppRole

Correct Answer: A

QUESTION 27

- (Topic 4)
To protect the sensitive data stored in Vault, what key is used to encrypt the data before it is written to the storage backend?

A. Recovery key
B. Encryption key
C. Unseal key
D. Root key

Correct Answer: B

QUESTION 28

- (Topic 1)
Select the policies below that permit you to create a new entry of environment=prod at the path /secrets/apps/my_secret (select three).

A. path "secrets/+/my_secret" { capabilities = ["create"] allowed_parameters = { "*" = [] } }
B. path "secrets/apps/my_secret" { capabilities = ["update"] }
C. path "secrets/apps/my_secret" { capabilities = ["create"] allowed_parameters = { "environment" = [] } }
D. path "secrets/apps/*" { capabilities = ["create"] allowed_parameters = { "environment" = ["dev", "test", "qa", "prod"] } }

Correct Answer: ACD

QUESTION 29

- (Topic 1)
What is the difference between the TTL and the Max TTL (select two)?

A. The TTL defines when the token will expire and be revoked
B. The TTL defines when another token will be generated
C. The Max TTL defines the timeframe for which a token cannot be used
D. The Max TTL defines the maximum timeframe for which a token can be renewed

Correct Answer: AD

QUESTION 30

- (Topic 4)
A developer team requests integration of their legacy application with Vault to encrypt and decrypt data for a backend database. They cannot modify the application for Vault authentication. What is the best way to achieve this integration?

A. Enable the Transit secrets engine and configure the secrets engine to send data directly to the legacy app
B. Have the app team call the Vault API to encrypt and decrypt the required data
C. Enable and configure the Kubernetes auth method to allow the application to authenticate to Vault using a JWT
D. Run the Vault Agent on the application server(s) and use the Auto Auth feature to manage the tokens

Correct Answer: D