Sara uses the Vault CLI for administrative tasks on the production cluster. However, she encounters permission-denied errors when making changes and needs to check which policies are attached to her token to view and adjust permissions. What command can she run on the Vault node to see the attached policies?
You are using Vault to generate dynamic credentials for a Microsoft SQL server to perform queries for a month-end report. The report seems to be taking much longer than expected due to degradation on the underlying server, and you are afraid that Vault might automatically revoke the credentials. How can you extend the time the credentials are valid to ensure your month-end query is successful?
True or False? After rotating a transit encryption key, all data encrypted with the previous version must be rewrapped or re-encrypted with the new key.
You have enabled the Transit secrets engine on your Vault cluster to provide an " encryption as a service " service as your team develops new applications. What is a prime use case for the Transit secrets engine?
Vault enables the generation of dynamic credentials against many different platforms. When generating these credentials, what Vault feature is used to track the credentials?
What is the difference between the TTL and the Max TTL (select two)?
According to the screenshot below, what auth method did this client use to log in to Vault?
(Screenshot shows a lease path: auth/userpass/login/student01)
Which of the following statements best describes the difference in cluster strategies between self-managed Vault and HashiCorp-managed Vault?
During a service outage, you must ensure all current tokens and leases are copied to another Vault cluster for failover so applications don’t need to authenticate. How can you accomplish this?
You’ve hit the URL for the Vault UI, but you’re presented with this screen. Why doesn’t Vault present you with a way to log in?

TESTED 19 Jul 2026