VAULT-ASSOCIATE-002 Question #102: Real Exam Question with Answer & Explanation

Question

Which is not true of Vault tokens?

Options

• AVault tokens are the core method for authentication in Vault
• BVault tokens are generated by every authentication method login
• CVault tokens map to information including polices the token holder has, TTL and max usage,
• DVault tokens are required for every Vault call

Explanation

It is not true that Vault tokens are required for absolutely every Vault call, as some operational commands and health checks do not necessitate a token for execution.

Common mistakes.

• A. Vault tokens are indeed the core method for authentication in Vault, serving as the primary identity for clients and applications interacting with the system.
• B. Every successful authentication method login in Vault, whether via AppRole, Kubernetes, LDAP, or userpass, generates a Vault token for the authenticated entity to use for subsequent API calls.
• C. Vault tokens map to comprehensive information including the policies that define the token holder's access, its time-to-live (TTL), maximum usage limits, and other metadata important for its lifecycle and capabilities.

Concept tested. Vault token characteristics and usage

Reference. https://developer.hashicorp.com/vault/docs/concepts/tokens#token-details

No community discussion yet for this question.