Exam content list - Vault Operations Professional
Warning
These exam preparation tutorials will not be available for reference during the exam. The exam asks you to apply your expertise by solving real world problems in a virtual environment. Therefore, Vault's docs and Vault's API docs will be available during the exam.
This direct mapping of each exam objective to HashiCorp's documentation or tutorials provides experienced exam candidates a place to review only the objectives they need extra help with before taking the exam.
Exam Objective | Documentation | Tutorial | |
---|---|---|---|
1 | Create a working Vault server configuration given a scenario | ||
1a | Enable and configure secret engines | Secrets Engines secrets command | Secrets Management |
1b | Practice production hardening | Security Model | Production Hardening |
1c | Auto unseal Vault | Seal stanza | Auto Unseal |
1d | Implement integrated storage for open source and Enterprise Vault | Integrated Storage (Raft) Backend | Integrated Storage |
1e | Enable and configure authentication methods | Auth Methods | Auth Methods |
1f | Practice secure Vault initialization | operator init command | PGP encrypted key shares, Deploy Vault |
1g | Regenerate a root token | operator generate-root command | |
1h | Rekey Vault and rotate encryption keys | operator rekey command and operator rotate command | |
2 | Monitor a Vault environment | ||
2a | Monitor and understand Vault telemetry | Telemetry | Monitor Telemetry & Audit Device Log Data |
2b | Monitor and understand Vault audit logs | audit command | Troubleshooting Vault Querying Audit Device Logs |
2c | Monitor and understand Vault operational logs | server command | Troubleshooting Vault |
3 | Employ the Vault security model | ||
3a | Describe secure introduction of Vault clients | Secure Introduction of Vault Clients | |
3b | Describe the security implications of running Vault in Kubernetes | Vault on Kubernetes Security Considerations | |
4 | Build fault-tolerant Vault environments | ||
4a | Configure a highly available (HA) cluster | High Availability Mode (HA) | Vault HA Cluster with Integrated Storage |
4b | (Vault Enterprise) Enable and configure disaster recovery (DR) replication | Vault Enterprise Replication | Disaster Recovery Replication Setup |
4c | (Vault Enterprise) Promote a secondary cluster | /sys/replication/dr | Disaster Recovery Replication Setup |
5 | Understand the hardware security module (HSM) integration | ||
5a | (Vault Enterprise) Describe the benefits of auto unsealing with HSM | Vault Enterprise HSM Support | HSM Integration - Seal Wrap |
5b | (Vault Enterprise) Describe the benefits and use cases of seal wrap (PKCS#11) | Vault Enterprise HSM Support | HSM Integration - Seal Wrap |
6 | Scale Vault for performance | ||
6a | Use batch tokens | Tokens | Batch Tokens |
6b | (Vault Enterprise) Describe the use cases of performance standby nodes | Performance Standby Nodes | Performance Standby Nodes |
6c | (Vault Enterprise) Enable and configure performance replication | Vault Enterprise Replication | Setting up Performance Replication |
6d | (Vault Enterprise) Create a paths filter | /sys/replication/performance | Performance Replication with Paths Filter |
7 | Configure access control | ||
7a | Interpret Vault identity entities and groups | Identity Secrets Engine | Identity: Entities and Groups |
7b | Write, deploy, and troubleshoot ACL policies | Policies policy command | Policies |
7c | (Vault Enterprise) Understand Sentinel policies | Sentinel | Sentinel Policies |
7d | (Vault Enterprise) Define control groups and describe their basic workflow | Vault Enterprise Control Groups | Control Groups |
7e | (Vault Enterprise) Describe and interpret multi-tenancy with namespaces | Vault Enterprise Namespaces | Secure Multi-Tenancy with Namespaces |
8 | Configure Vault Agent | ||
8a | Securely configure auto-auth and token sink | Vault Agent Auto-Auth | Vault Agent with AWS Vault Agent with Kubernetes |
8b | Configure templating | Vault Agent Templates | Vault Agent Templates |