BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

HashiCorp Exam VA-002-P Topic 9 Question 4 Discussion

Actual exam question for HashiCorp's VA-002-P exam
Question #: 4
Topic #: 9
[All VA-002-P Questions]

Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)

Show Suggested Answer Hide Answer
Suggested Answer: A, B, C, E

When a Vault server is started, it starts in a sealed state and it does not know how to decrypt data. Before any operation can be performed on the Vault, it must be unsealed. Unsealing is the process of constructing the master key necessary to decrypt the data encryption key.

Below are links covering details of each option:- https://www.vaultproject.io/docs/concepts/seal

AWS KMS

https://learn.hashicorp.com/vault/operations/ops-autounseal-aws-kms

Auto-unseal using Transit Secrets Engine

https://learn.hashicorp.com/vault/operations/autounseal-transit

Auto-unseal using Azure Key Vault

https://learn.hashicorp.com/vault/day-one/autounseal-azure-keyvault

Auto-unseal using HSM

https://learn.hashicorp.com/vault/operations/ops-seal-wrap

Key shards don't support auto unseal instead key shards require the user to provide unseal keys to reconstruct the master key

https://www.vaultproject.io/docs/concepts/seal


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel