HashiCorp Certified: Vault Associate VA-002-P Question # 42 Topic 5 Discussion

VA-002-P Exam Topic 5 Question 42 Discussion:

Question #: 42

Topic #: 5

You've decided to use AWS KMS to automatically unseal Vault on private EC2 instances. After deploying your Vault cluster, and running vault operator init, Vault responds with an error and cannot be unsealed.
You've determined that the subnet you've deployed Vault into doesn't have internet access. What can you do to enable Vault to communicate with AWS KMS in the most secure way?

ask the networking team to provide Vault with inbound access from the internet

deploy Vault in a public subnet and provide the Vault nodes with public IP addresses

add a VPC endpoint

change the permissions on the Internet Gateway to allow the Vault nodes to communicate over the Internet

Get Premium VA-002-P Questions

Actual exam question for HashiCorp VA-002-P exam by Sage4986 at Aug 2, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

HashiCorp Certified: Vault Associate VA-002-P Question # 42 Topic 5 Discussion

HashiCorp Certified: Vault Associate VA-002-P Question # 42 Topic 5 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

HashiCorp Certified: Vault Associate VA-002-P Question # 42 Topic 5 Discussion

HashiCorp Certified: Vault Associate VA-002-P Question # 42 Topic 5 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval