Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HashiCorp Exam HCVA0-003 Topic 4 Question 4 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam
Question #: 4
Topic #: 4
[All HCVA0-003 Questions]

Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?

Show Suggested Answer Hide Answer
Suggested Answer: A

The PKI secrets engine is designed to support the use case of reducing and ultimately removing the use of long lived X.509 certificates. The PKI secrets engine can generate dynamic X.509 certificates on demand, with short time-to-live (TTL) and automatic revocation. This eliminates the need for manual processes of generating, signing, and rotating certificates, and reduces the risk of certificate compromise or misuse. The PKI secrets engine can also act as a certificate authority (CA) or an intermediate CA, and can integrate with external CAs or CRLs. The PKI secrets engine can issue certificates for various purposes, such as TLS, SSH, code signing, email encryption, etc. Reference: https://developer.hashicorp.com/vault/docs/secrets/pki1, https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets


by Vince at Apr 06, 2025, 01:48 AM

Limited Time Offer

25%

Off

Get Premium HCVA0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gregoria
2 months ago
I'm picturing some poor sysadmin trying to wrangle those X.509 certificates, and I can't help but chuckle. B is the answer, let's put them out of their misery!
upvoted 0 times
...
Diego
2 months ago
Why even bother with the other choices? It's like trying to put lipstick on a pig. B is the clear winner, no doubt about it.
upvoted 0 times
Crista
1 months ago
B is the clear winner, no doubt about it.
upvoted 0 times
...
Yuette
1 months ago
D) Transit
upvoted 0 times
...
Fletcher
1 months ago
C) Cloud KMS
upvoted 0 times
...
Nelida
1 months ago
B) Key/Value secrets engine version 2, with TTL defined
upvoted 0 times
...
Barney
1 months ago
A) PKI
upvoted 0 times
...
...
Miss
2 months ago
Ooh, the Transit engine could be interesting, but I'm not trying to be a rocket scientist here. Gotta go with the simple and straightforward option, B baby!
upvoted 0 times
Dominga
1 months ago
User 3: Yeah, I agree. Let's keep it simple and go with option B.
upvoted 0 times
...
Verdell
2 months ago
User 2: Key/Value secrets engine version 2 with TTL defined sounds like the best option to me.
upvoted 0 times
...
Vincenza
2 months ago
User 1: I think PKI might be the way to go for this.
upvoted 0 times
...
...
Jerry
3 months ago
That makes sense, but I still think C) Cloud KMS could also be a good option for managing certificates securely.
upvoted 0 times
...
Elly
3 months ago
I disagree, I believe B) Key/Value secrets engine version 2 with TTL defined is the best choice as it allows for expiration of certificates.
upvoted 0 times
...
Darci
3 months ago
I mean, who needs long-lived certificates when you can just have Vault handle everything for you? B is the way to go, hands down.
upvoted 0 times
Lyda
26 days ago
Transit could also be a good option for this use case.
upvoted 0 times
...
Tiara
27 days ago
I think Key/Value secrets engine version 2 with TTL defined would be more efficient.
upvoted 0 times
...
Cheryl
2 months ago
But wouldn't PKI be a better option for managing certificates?
upvoted 0 times
...
Lashawnda
2 months ago
I agree, Vault can definitely handle everything for us.
upvoted 0 times
...
...
Jade
3 months ago
The Key/Value secrets engine version 2 with TTL defined sounds like the perfect solution to this use case. Definitely going with B!
upvoted 0 times
Lea
1 months ago
Let's go with B then, Key/Value secrets engine version 2 with TTL defined seems like the most efficient choice.
upvoted 0 times
...
Wilda
1 months ago
Cloud KMS could work, but I think Transit might not be the most suitable option for this initiative.
upvoted 0 times
...
Katina
2 months ago
PKI might be a good option too, but I think B is the best choice for this use case.
upvoted 0 times
...
Joni
2 months ago
I agree, using Key/Value secrets engine version 2 with TTL defined will help us achieve our goal.
upvoted 0 times
...
Dusti
2 months ago
Let's go with B then, Key/Value secrets engine version 2 with TTL defined seems like the most efficient choice.
upvoted 0 times
...
Carlton
2 months ago
Cloud KMS could work, but I think Transit might not be the most suitable option for this initiative.
upvoted 0 times
...
Aleisha
2 months ago
PKI might be a good option too, but I think B is the best choice for this use case.
upvoted 0 times
...
Dick
3 months ago
I agree, using Key/Value secrets engine version 2 with TTL defined will help us achieve our goal.
upvoted 0 times
...
...
Jerry
4 months ago
I think the best option is A) PKI because it deals with certificates.
upvoted 0 times
...

Save Cancel