Free Practice Questions for HashiCorp Vault Associate Certification
Study with 357 exam-style practice questions designed to help you prepare for the HashiCorp Vault Associate. All questions are aligned with the latest exam guide and include detailed explanations to help you master the material.
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about HashiCorp Vault Associate
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Domain 1: Authentication methods
Subdomain 1.1: Define the purpose of authentication methods
Define the purpose of authentication methods
Subdomain 1.2: Choose an authentication method based on use case
Choose an authentication method based on use case
Subdomain 1.3: Explain the difference between human & system authentication methods
Explain the difference between human & system authentication methods
Subdomain 1.4: Define the purpose of identities and groups
Define the purpose of identities and groups
Subdomain 1.5: Authenticate to Vault using the API, CLI, and UI
Authenticate to Vault using the API, CLI, and UI
- Learn to use the Vault CLI - Learn to use the Vault UI - Learn to use the Vault API
Subdomain 1.6: Configure authentication methods using the API, CLI, and UI
Configure authentication methods using the API, CLI, and UI
- Learn to use the Vault CLI - Learn to use the Vault UI - Learn to use the Vault API
Domain 2: Vault policies
Subdomain 2.1: Explain the value of Vault policies
Explain the value of Vault policies
Subdomain 2.2: Describe Vault policy: path
Describe Vault policy: path
Subdomain 2.3: Describe Vault policy: capabilities
Describe Vault policy: capabilities
Subdomain 2.4: Choose a Vault policy based on requirements
Choose a Vault policy based on requirements
Subdomain 2.5: Configure Vault policies using the UI and CLI
Configure Vault policies using the UI and CLI
- Learn to use the Vault CLI - Learn to use the Vault UI
Domain 3: Vault tokens
Subdomain 3.1: Choose between service and batch tokens based on use case
Choose between service and batch tokens based on use case
Subdomain 3.2: Describe root token uses and lifecycle
Describe root token uses and lifecycle
Subdomain 3.3: Explain the purpose of token accessors
Explain the purpose of token accessors
Subdomain 3.4: Explain the impact of time-to-live
Explain the impact of time-to-live
Subdomain 3.5: Explain orphaned tokens
Explain orphaned tokens
Subdomain 3.6: Describe how to create tokens based on need
Describe how to create tokens based on need
Domain 4: Vault leases
Subdomain 4.1: Explain the purpose of a lease ID
Explain the purpose of a lease ID
Subdomain 4.2: Describe how to renew leases
Describe how to renew leases
Subdomain 4.3: Describe how to revoke leases
Describe how to revoke leases
Domain 5: Secrets engines
Subdomain 5.1: Choose a secrets engine based on use case
Choose a secrets engine based on use case
Subdomain 5.2: Compare and contrast dynamic secrets vs. static secrets, know their use cases
Compare and contrast dynamic secrets vs. static secrets, know their use cases
Subdomain 5.3: Describe the uses of transit secrets engine
Describe the uses of transit secrets engine
Subdomain 5.4: Describe the purpose of secrets engines
Describe the purpose of secrets engines
Subdomain 5.5: Describe the use of response wrapping
Describe the use of response wrapping
Subdomain 5.6: Explain the value of short-lived, dynamic secrets
Explain the value of short-lived, dynamic secrets
Subdomain 5.7: Enable secrets engines using the API*, CLI, and UI
Enable secrets engines using the API*, CLI, and UI
- CLI - Vault secrets command - API - sys/mounts
- Learn to use the Vault CLI - Learn to use the Vault HTTP API - Learn to use the Vault UI
Subdomain 5.8: Access Vault secrets using the CLI, API, and UI
Access Vault secrets using the CLI, API, and UI
- Understand static and dynamic secrets - Versioned key/value secrets engine
Domain 6: Encryption as a Service
Subdomain 6.1: Encrypt and decrypt secrets
Encrypt and decrypt secrets
Subdomain 6.2: Rotate the encryption key
Rotate the encryption key
Domain 7: Vault architecture fundamentals
Subdomain 7.1: Describe how Vault encrypts data
Describe how Vault encrypts data
Subdomain 7.2: Explain how to seal and unseal Vault
Explain how to seal and unseal Vault
Subdomain 7.3: Configure environment variables
Configure environment variables
Domain 8: Vault deployment architecture
Subdomain 8.1: Explain cluster strategy for self-managed and HashiCorp-managed clusters
Explain cluster strategy for self-managed and HashiCorp-managed clusters
Subdomain 8.2: Explain the uses of storage backends
Explain the uses of storage backends
Subdomain 8.3: Explain the uses of Shamir secret sharing and unsealing
Explain the uses of Shamir secret sharing and unsealing
Subdomain 8.4: Explain the uses of disaster recovery and performance replication
Explain the uses of disaster recovery and performance replication
- Performance replication - Disaster recovery - DR replication failover
Subdomain 8.5: Differentiate between self-managed and HashiCorp-managed Vault clusters
Differentiate between self-managed and HashiCorp-managed Vault clusters
Domain 9: Access management architecture
Subdomain 9.1: Describe the Vault Agent
Describe the Vault Agent
Subdomain 9.2: Vault Secrets Operator
Vault Secrets Operator
- Vault Secrets Operator - Encrypted client cache - Instant updates - Secret transformation
Techniques & products