HashiCorp HCVA0-003 Exam - Topic 2 Question 20 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 20
Topic #: 2

After decrypting data using the Transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?

$ vault write transit/decrypt/creditcard ciphertext="vault:v1:cZNHVx+sxdMEr......."

Key: plaintext Value: Y3JlZGl0LWNhcmQtbnVtYmVyCg==

AVault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

BThe user doesn't have permission to decrypt the data, therefore Vault returns false data

CThe resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 --decode command

DThe data is corrupted. Execute the encryption command again using a different data key

Show Suggested Answer

Suggested Answer: C

Comprehensive and Detailed in Depth

A: Sealing would prevent decryption, not return encoded data. Incorrect.

B: Permission issues don't return encoded data. Incorrect.

C: Transit returns base64-encoded plaintext; decoding Y3JlZGl0LWNhcmQtbnVtYmVyCg== yields ''credit-card-number''. Correct.

D: No evidence of corruption; it's a format issue. Incorrect.

Overall Explanation from Vault Docs:

''All plaintext data must be base64-encoded... Decode it to reveal the original value.''

by Nakita at May 11, 2026, 11:18 PM

Limited Time Offer

25%

Off

Get Premium HCVA0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kristine

7 hours ago

I remember something about base64 encoding from our practice sessions. Could it be that the output is just encoded?

upvoted 0 times

...