nerdexam
ExamsVAULT-ASSOCIATE-002Questions#90
HashiCorpHashiCorp

VAULT-ASSOCIATE-002 · Question #90

VAULT-ASSOCIATE-002 Question #90: Real Exam Question with Answer & Explanation

The correct answer is C: kv/us-west/team_edu. The policy path "kv/+/team_*" allows read access to paths within the kv secrets engine where the first segment after kv/ is any single segment, followed by team_ and then any characters.

Submitted by skyler.x· Apr 18, 2026Secure Vault

Question

Which path will this policy allow? path "kv/+/team_*" { capabilities = [ "read" ] }

Options

  • Akv/team_edu
  • Bkv/us-west/team
  • Ckv/us-west/team_edu
  • Dkv/us-west/ca/team_edu

Explanation

The policy path "kv/+/team_*" allows read access to paths within the kv secrets engine where the first segment after kv/ is any single segment, followed by team_ and then any characters.

Common mistakes.

  • A. kv/team_edu is incorrect because the + wildcard requires exactly one segment between kv/ and team_*, which team_edu does not provide.
  • B. kv/us-west/team is incorrect because the * wildcard in team_* requires at least team_ followed by zero or more characters, but team alone does not fulfill this pattern.
  • D. kv/us-west/ca/team_edu is incorrect because the + wildcard matches only one path segment, whereas us-west/ca represents two segments.

Concept tested. Vault policy path matching (wildcards)

Reference. https://developer.hashicorp.com/vault/docs/concepts/policies#path-matching

Topics

#Vault Policies#Policy Path Matching#Wildcards

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full VAULT-ASSOCIATE-002 PracticeBrowse All VAULT-ASSOCIATE-002 Questions