Authentication methods Questions
Practice questions for Authentication methods topic in HashiCorp Certified: Vault Associate (003). 32 questions covering this domain.
A company wants employees to authenticate to Vault by using their enterprise directory accounts. Which auth method is the most appropriate choice?
A security architect wants the same user who logs in through two different auth methods to map back to one internal identity. What should be configure...
An employee authenticates to Vault through LDAP, then the LDAP account is disabled in the external directory. What should the security team expect for...
An operator disables an external auth method that several users were actively using. What happens to those users according to Vault documentation?
A platform team needs Vault authentication for workloads running inside Kubernetes by using service account identity. Which auth method should they ch...
A new Vault server is initialized with default settings. Which authentication method is enabled automatically?
An operator needs to enable the userpass auth method at a custom login path instead of the default path. What Vault capability makes this possible?
A practitioner wants one identity in Vault to represent the same person no matter whether they authenticate with LDAP or GitHub. Which Vault identity ...
A Vault external group maps to an LDAP group. A user is removed from the LDAP group but still has a valid Vault token. When does Vault update that ext...
Vault runs inside Kubernetes 1.21+ and the team wants Kubernetes auth to work with short-lived service account tokens without storing a reviewer JWT i...
A security engineer is preparing a templated policy and needs the mount accessor for each enabled auth method. Which Vault CLI command should they run...
The same engineer authenticates through two different GitHub mounts in Vault. Can both logins map to one entity?
A team is onboarding a headless batch job that should authenticate without an interactive user, and HashiCorp recommends using batch tokens with the c...
An operator wants an application to receive a SecretID without any intermediate system needing to know both AppRole credentials. Which AppRole pattern...
An administrator adds a new policy directly to an entity after a user already has a token tied to that entity. What should the user expect on the next...
A platform team is creating a Kubernetes auth role for pods in the default namespace that use the myapp service account. Which role settings bind that...
When Vault validates a Kubernetes service account JWT during kubernetes auth, which Kubernetes API does it call?
In the Kubernetes auth method, what is the default identity alias source for a service account login?
A kubernetes auth mount was created before Vault 1.9, and the cluster is upgrading to Kubernetes 1.21. Which configuration change is recommended to av...
A team wants a token issued by AppRole to create child tokens for short-lived jobs. Which AppRole role setting is required?
Sign in to see all 32 questions
Create a free account to browse all questions — completely free during our launch phase.