HashiCorpHashiCorp
VAULT-ASSOCIATE-002 · Question #89
VAULT-ASSOCIATE-002 Question #89: Real Exam Question with Answer & Explanation
The correct answer is A: Grants access for each user to a KV folder which shares their id. A Vault policy designed to grant access for each user to a KV folder sharing their ID typically uses {{identity.entity.name}} in the path.
Submitted by haru.x· Apr 18, 2026Understand Vault Concepts
Question
What does the following policy do?
Options
- AGrants access for each user to a KV folder which shares their id
- BGrants access to a special system entity folder
- CAllows a user to read data about the secret endpoint identity
- DNothing, this is not a valid policy
Explanation
A Vault policy designed to grant access for each user to a KV folder sharing their ID typically uses {{identity.entity.name}} in the path.
Common mistakes.
- B. While a policy might grant access to specific folders, the phrasing 'special system entity folder' is vague and does not specifically address how access is tied to each user's ID.
- C. This option describes reading data about an identity endpoint, which is different from granting access to a KV folder whose name is based on the user's ID.
- D. Policies with templated paths using identity aliases are valid and commonly used for dynamic, identity-aware access control in Vault.
Concept tested. Vault policy templating (identity aliases)
Reference. https://developer.hashicorp.com/vault/docs/concepts/policies#template-policies
Topics
#Vault Policies#Policy Templating#KV Secret Engine#Access Control
Community Discussion
No community discussion yet for this question.