HashiCorpHashiCorp
VAULT-ASSOCIATE-002 · Question #1
VAULT-ASSOCIATE-002 Question #1: Real Exam Question with Answer & Explanation
The correct answer is C: Use of a short-lived dynamic secrets. Using short-lived dynamic secrets helps limit the damage of a credential breach by ensuring that stolen credentials expire quickly and are not valid for extended periods.
Submitted by takeshi77· Apr 18, 2026Secure Vault
Question
What can be used to limit the scope of a credential breach?
Options
- AStorage of secrets in a distributed ledger
- BEnable audit logging
- CUse of a short-lived dynamic secrets
- DSharing credentials between applications
Explanation
Using short-lived dynamic secrets helps limit the damage of a credential breach by ensuring that stolen credentials expire quickly and are not valid for extended periods.
Common mistakes.
- A. Storing secrets in a distributed ledger does not inherently limit the scope or impact of a credential breach if the secrets themselves are static and long-lived once compromised.
- B. Enabling audit logging provides visibility into who accessed what and when, which is crucial for incident response, but it does not prevent or limit the scope of a breach itself.
- D. Sharing credentials between applications is a poor security practice that increases the blast radius of a credential breach, as one compromised application can expose credentials used by many others.
Concept tested. Dynamic secrets benefits and breach mitigation
Reference. https://www.vaultproject.io/docs/secrets/dynamic-secrets
Topics
#Dynamic Secrets#Credential Security#Secret Management#Breach Mitigation
Community Discussion
No community discussion yet for this question.