Vault architecture fundamentals Questions
Practice questions for Vault architecture fundamentals topic in HashiCorp Certified: Vault Associate (003). 16 questions covering this domain.
A three-node Vault cluster using manual unseal is restarted for maintenance. What must operators do before the cluster is fully ready again?
A new operator asks what it means when Vault is sealed. Which answer is most accurate?
A cluster uses auto-unseal and the team needs to perform an emergency root generation workflow later. Which key material is relevant to that process?
Which unseal mechanism does Vault use by default when auto-unseal is not configured?
A cluster uses Shamir sealing with five shares and a threshold of three. What is reconstructed when the third valid share is supplied during unseal?
What does Vault load after a node becomes unsealed?
Which Vault component is responsible for routing requests, enforcing ACLs, and ensuring audit logging happens?
Why is the storage backend considered untrusted in Vault's architecture?
While a Vault node is sealed, which operations remain possible?
In Vault's sealing model, which key directly decrypts the root key?
Why are auth method, audit device, and secrets engine configurations stored inside Vault rather than only in external config files?
Which Vault component tracks issued leases and automatically revokes expired tokens or secrets?
Which internal backend is always mounted at sys/ and is used to affect items such as the internal policy store?
Which environment variable is commonly used to tell Vault CLI-based tools which Vault address to contact?
Vault handles certain partial-failure cases transparently in the core by using write-ahead logging together with which manager?
Which key chain correctly describes how manually unsealing Vault leads to access to encrypted data?
Sign in to see all 16 questions
Create a free account to browse all questions — completely free during our launch phase.