HashiCorpHashiCorp
VAULT-ASSOCIATE-002 · Question #83
VAULT-ASSOCIATE-002 Question #83: Real Exam Question with Answer & Explanation
The correct answer is A: Should be revoked and never stored after initial setup. As a security best practice, the Vault root token should be revoked immediately after initial setup and never stored.
Submitted by haru.x· Apr 18, 2026Secure Vault
Question
As a best practice, the root token should be stored in which of the following ways?
Options
- AShould be revoked and never stored after initial setup
- BShould be stored in configuration automation tooling
- CShould be stored in another password safe
- DShould be stored in Vault
Explanation
As a security best practice, the Vault root token should be revoked immediately after initial setup and never stored.
Common mistakes.
- B. Storing the root token in configuration automation tooling is a significant security risk due to its high privileges and potential for automated compromise.
- C. Storing the root token in another password safe still exposes it to potential compromise; its immense power dictates it should not be stored for regular use.
- D. Storing the root token within Vault itself is a circular dependency and a major security vulnerability, as the root token can access everything in Vault.
Concept tested. Vault root token security management
Reference. https://developer.hashicorp.com/vault/docs/concepts/tokens#root-tokens-and-their-care-and-feeding
Topics
#Root token#Security best practices#Token management#Vault security
Community Discussion
No community discussion yet for this question.