HashiCorpHashiCorp
VAULT-ASSOCIATE-002 · Question #9
VAULT-ASSOCIATE-002 Question #9: Real Exam Question with Answer & Explanation
The correct answer is D: list. To view or enumerate all endpoints or keys within a specific path in Vault, the list capability is required in the associated policy.
Submitted by jian89· Apr 18, 2026Secure Vault
Question
To give a role the ability to display or output all of the end points under the /secrets/apps/* end point it would need to have which capability set?
Options
- Aupdate
- Bread
- Csudo
- Dlist
- ENone of the above
Explanation
To view or enumerate all endpoints or keys within a specific path in Vault, the list capability is required in the associated policy.
Common mistakes.
- A. The
updatecapability allows an entity to modify data at a path, not to enumerate existing paths or keys. - B. The
readcapability allows an entity to retrieve the content of a specific secret at a given path, but not to list all secrets or sub-paths within a directory-like structure. - C. The
sudocapability grants elevated privileges for specific operations, often to bypass other policy rules, but it's not the standard capability for simply listing paths. - E. The
listcapability is indeed the correct one for this operation.
Concept tested. Vault policy capabilities (list)
Reference. https://www.vaultproject.io/docs/concepts/policies#capabilities
Topics
#Vault Policies#ACL Capabilities#List Capability#Secret Paths
Community Discussion
No community discussion yet for this question.