Vault Associate 002 Exam QuestionsBrowse all questions from this exam

Vault Associate 002 Exam - Question 59


The ‘alpha’ secrets are stored in the team-based paths using this convention: secret//alpha. For example, secret/team01/alpha and /secrets/team02/alpha.

Which Vault policy would not allow reading paths with the word “beta” in them, such as secrets/team01/beta?

Show Answer
Correct Answer: C

The correct policy to not allow reading paths with the word 'beta' in them would be the one that does not permit any type of 'beta' in the path. Option A and B both allow 'beta' in some form (either within paths or as part of more extended paths like 'beta/alpha'). Option C, however, does not allow 'beta' to appear in any path, ensuring that secrets with 'beta' in their names cannot be read.

Discussion

3 comments
Sign in to comment
daz_rekkaOption: C
Jan 22, 2024

A would allow "secrets/beta" and B would allow "secrets/beta/alpha" so C seems correct.

Mark1000Option: C
Feb 3, 2024

C A would allow secrets/team01/beta and B /secrets/team01/beta/alpha

gvyecvlcOption: D
Mar 30, 2024

D. Additional deny pattern to be set for beta