Prerequisites
- Basic terminal skills
- Basic understanding of on premise or cloud architecture
- Basic level of security understanding
Product version tested
Vault 1.6.0 and higher
Preparing for the exam
The Vault Associate exam has both a study guide and a review guide. While much of the information in these two guides are the same, they are presented differently for different uses. Use the study guide if you want to study all the exam objectives. Use the review guide if you already have Vault experience and/or training and want to pick and choose which objectives to review before taking the exam. There are also sample questions available so you can get a feel for what the exam will be like.
Renewing your Vault Associate certification
To renew your Vault Associate certification, you will need to take and pass the Vault Associate or Vault Operations Professional exam.
If you hold an unexpired Vault Associate certification there are two ways to recertify:
- You can take the same Vault Associate exam again starting 18 months after your previous exam date. When you pass the exam, the expiration date on your credentials will be extended.
- You can take the Vault Professional level exam starting 18 months after your previous exam date. When you pass the exam, you will receive a new set of credentials for the Vault Professional certification, and the expiration date will be extended on your Vault Associate credentials.
If you hold an expired Vault Associate certification: You are eligible to take the same Vault Associate exam again at any time. When you pass the exam, you will receive a new, second set of credentials with a new expiration date.
Exam Details
| Assessment Type |
Multiple choice |
| Format |
Online proctored |
| Duration |
1 hour |
| Price |
$70.50 USD plus locally applicable taxes and fees Free retake not included
|
| Language |
English |
| Expiration |
2 years |
Exam Objectives
| 1 |
Compare authentication methods |
| 1a |
Describe authentication methods |
| 1b |
Choose an authentication method based on use case |
| 1c |
Differentiate human vs. system auth methods |
| 2 |
Create Vault policies |
| 2a |
Illustrate the value of Vault policy |
| 2b |
Describe Vault policy syntax: path |
| 2c |
Describe Vault policy syntax: capabilities |
| 2d |
Craft a Vault policy based on requirements |
| 3 |
Assess Vault tokens |
| 3a |
Describe Vault token |
| 3b |
Differentiate between service and batch tokens. Choose one based on use-case |
| 3c |
Describe root token uses and lifecycle |
| 3d |
Define token accessors |
| 3e |
Explain time-to-live |
| 3f |
Explain orphaned tokens |
| 3g |
Create tokens based on need |
| 4 |
Manage Vault leases |
| 4a |
Explain the purpose of a lease ID |
| 4b |
Renew leases |
| 4c |
Revoke leases |
| 5 |
Compare and configure Vault secrets engines |
| 5a |
Choose a secret method based on use case |
| 5b |
Contrast dynamic secrets vs. static secrets and their use cases |
| 5c |
Define transit engine |
| 5d |
Define secrets engines |
| 6 |
Utilize Vault CLI |
| 6a |
Authenticate to Vault |
| 6b |
Configure authentication methods |
| 6c |
Configure Vault policies |
| 6d |
Access Vault secrets |
| 6e |
Enable Secret engines |
| 6f |
Configure environment variables |
| 7 |
Utilize Vault UI |
| 7a |
Authenticate to Vault |
| 7b |
Configure authentication methods |
| 7c |
Configure Vault policies |
| 7d |
Access Vault secrets |
| 7e |
Enable Secret engines |
| 8 |
Be aware of the Vault API |
| 8a |
Authenticate to Vault via Curl |
| 8b |
Access Vault secrets via Curl |
| 9 |
Explain Vault architecture |
| 9a |
Describe the encryption of data stored by Vault |
| 9b |
Describe cluster strategy |
| 9c |
Describe storage backends |
| 9d |
Describe the Vault agent |
| 9e |
Describe secrets caching |
| 9f |
Be aware of identities and groups |
| 9g |
Describe Shamir secret sharing and unsealing |
| 9h |
Be aware of replication |
| 9i |
Describe seal/unseal |
| 9j |
Explain response wrapping |
| 9k |
Explain the value of short-lived, dynamically generated secrets |
| 10 |
Explain encryption as a service |
| 10a |
Configure transit secret engine |
| 10b |
Encrypt and decrypt secrets |
| 10c |
Rotate the encryption key |
