VA-003
Vault policies
medium
Question 3 of 24

A token receives one policy granting read access to a path and another policy applying deny to the same path. Which result is correct?

ARead wins because it was granted first
BDeny always takes precedence
CThe two policies cancel and allow list only
DSudo is added automatically

More Vault policies Questions

24 questions

Full HashiCorp Certified: Vault Associate (003) Practice Test

All topics covered

All HashiCorp Certified: Vault Associate (003) Questions

Browse by topic

Related Questions

A new token is created without any policy granting access to a secret path. What is the default acce...

easy

Which two built-in Vault policies cannot be modified or removed?...

easy

A team needs a token that can enumerate keys beneath a path without reading the secret values themse...

medium

A policy author needs a wildcard that matches exactly one path segment in a Vault policy path. Which...

medium

An administrator must manage auth method mounts under sys/auth. Which additional policy capability i...

hard
View all Vault policies questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account