Vault tokens Questions
Practice questions for Vault tokens topic in HashiCorp Certified: Vault Associate (003). 32 questions covering this domain.
A workload uses a periodic token and renews it successfully before each period ends. What happens to the token TTL on each successful renewal?
Which token type is non-renewable, has no accessor, and is designed to be lightweight for high-scale use cases?
A security team wants to revoke a token without revealing the token ID to operators. Which token feature should they use?
A high-throughput service needs short-lived Vault tokens, but it does not need token renewal, child tokens, or accessors. Which token type is the best...
A user authenticates through the GitHub auth method instead of the token auth method. What kind of token does Vault issue from that login flow?
Which statement about a root token with a TTL of 0 is correct?
A team creates a periodic token but also sets an explicit max TTL. Which outcome should they expect?
A service token creates child tokens and dynamic secrets. Later, the parent token is revoked. What happens next?
A globally distributed service wants a lightweight token that can be used across performance replication clusters, but only if the token has no parent...
A team wants to issue a token with one fixed lifetime ceiling even though the token should otherwise behave as periodic. Which setting enforces that h...
A periodic token was created through a token store role. The role's period value is changed later. Which value is used on renewal?
A service creates a token and later needs the token to receive a different policy set. What is the correct approach?
Which auth backend is special because it creates and stores tokens, cannot be disabled, and has no login capability of its own?
An operator needs an inventory of active tokens without exposing token IDs. Which endpoint or command is designed for that?
A platform team chooses batch tokens for high scale and also wants child token creation, manual revocation, and cubbyhole access. What should they con...
A workload uses a non-orphan batch token to obtain dynamic credentials. Where are those leases tracked?
The initial root token was revoked after setup, and an emergency later requires root access again. Which workflow is designed to create a new root tok...
A job runner must create child tokens, use cubbyhole storage, and allow operators to revoke a specific token on demand. Which token type fits those re...
A token value starts with hvb.. What type of Vault token is it?
Which token is exempt from CIDR binding rules?
Sign in to see all 32 questions
Create a free account to browse all questions — completely free during our launch phase.