Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Explain Vault architecture practice sets

VA-003 Explain Vault architecture • Complete Question Bank

VA-003 Explain Vault architecture — All Questions With Answers

Complete VA-003 Explain Vault architecture question bank — all 0 questions with answers and detailed explanations.

84
Questions
Free
No signup
Certifications/VA-003/Practice Test/Explain Vault architecture/All Questions
Question 1mediummultiple choice
Read the full Explain Vault architecture explanation →

A DevOps team is deploying Vault in a Kubernetes cluster. They want to ensure that when a pod starts, it can obtain a short-lived Vault token without human intervention. Which Vault architecture component should they use?

Question 2hardmultiple choice
Read the full Explain Vault architecture explanation →

During a performance test, Vault becomes unresponsive for several seconds when the storage backend experiences high latency. Which architectural change would best improve Vault's resilience to storage latency?

Question 3easymultiple choice
Read the full Explain Vault architecture explanation →

A security engineer wants to ensure that all requests to Vault are logged for compliance. Which component must be configured?

Question 4mediummultiple choice
Read the full Explain Vault architecture explanation →

A company is using Vault's Integrated Storage (Raft) for high availability. During a network partition, two Vault nodes become isolated from the third. What happens to the isolated nodes?

Question 5hardmultiple choice
Read the full Explain Vault architecture explanation →

An administrator notices that after a Vault unseal operation, the root token is no longer usable. The audit logs show no revocations. What is the most likely cause?

Question 6easymultiple choice
Read the full Explain Vault architecture explanation →

Which Vault component is responsible for encrypting data before storing it in the storage backend?

Question 7mediummultiple choice
Read the full Explain Vault architecture explanation →

A team wants to use Vault's AWS auth method to authenticate EC2 instances. Which architectural requirement must be met?

Question 8hardmultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster uses Integrated Storage. During a planned upgrade, the administrator wants to minimize downtime. Which upgrade strategy should be used?

Question 9easymultiple choice
Read the full Explain Vault architecture explanation →

What is the purpose of the Seal/Unseal process in Vault architecture?

Question 10mediummulti select
Read the full Explain Vault architecture explanation →

Which TWO components are required for Vault to process client requests after startup?

Question 11hardmulti select
Read the full Explain Vault architecture explanation →

Which THREE architectural considerations are important when designing a multi-datacenter Vault deployment?

Question 12easymulti select
Read the full Explain Vault architecture explanation →

Which TWO statements about Vault's Storage Backend are correct?

Question 13hardmultiple choice
Read the full Explain Vault architecture explanation →

A company deploys Vault in a production environment with three nodes using Integrated Storage (Raft). They have configured Performance Replication to a secondary datacenter. The primary datacenter experiences a complete outage. After restoring the primary, they promote the secondary to primary. However, they notice that some secrets written to the primary just before the outage are missing in the secondary. The replication status shows no errors. What is the most likely cause and correct action?

Question 14mediummultiple choice
Read the full Explain Vault architecture explanation →

An organization uses Vault with a Consul storage backend. They have three Vault servers and three Consul servers. During a routine maintenance, they restart all Consul servers simultaneously. After the restart, Vault becomes sealed and cannot be unsealed. The Vault logs show 'storage: error listing' and 'failed to check status'. The Consul cluster is healthy with a leader. What is the most likely cause and solution?

Question 15mediummultiple choice
Read the full Explain Vault architecture explanation →

A company is deploying Vault in a high-availability configuration across three data centers. They need to ensure that if the active Vault node fails, another node can take over without manual intervention. Which Vault feature should they configure?

Question 16hardmulti select
Read the full Explain Vault architecture explanation →

Which TWO of the following are valid ways to authenticate to Vault?

Question 17easymultiple choice
Read the full Explain Vault architecture explanation →

A company runs Vault in a single cluster with three nodes using the Raft storage backend. The nodes are behind a load balancer that distributes traffic to all nodes. The operations team notices that occasionally, write operations (e.g., writing a secret or creating a policy) fail with a '502 Bad Gateway' error, while read operations succeed. The Vault audit logs show no errors. The load balancer health checks are configured to check the /v1/sys/health endpoint with a 200 response expected. The Vault nodes are all unsealed and the cluster is healthy. Which of the following is the most likely cause of the intermittent write failures?

Question 18mediummultiple choice
Read the full Explain Vault architecture explanation →

A company wants to use Vault's Key Management Secrets Engine (KMSE) to encrypt data stored in AWS S3. The security team requires that the encryption key used by Vault is never exposed to the application. Which Vault architecture component ensures that the encryption key remains within the Vault boundary and is not accessible to the application?

Question 19hardmulti select
Read the full Explain Vault architecture explanation →

Which TWO statements correctly describe Vault's storage backend and seal/unseal mechanism?

Question 20easymultiple choice
Read the full Explain Vault architecture explanation →

A Vault operator runs `vault status` and sees the output above. The Vault cluster is in production and currently unresponsive to API requests. What is the most likely cause of the unresponsiveness?

Exhibit

Refer to the exhibit.

```
$ vault status
Key                      Value
---                      -----
Seal Type                shamir
Initialized              true
Sealed                   true
Total Shares             5
Threshold                3
Version                  1.13.0
Storage Type             raft
Cluster Name             vault-cluster-abc123
Cluster ID               abc123-def456-ghi789
HA Enabled               true
HA Cluster               https://vault-1:8201
HA Mode                  standby
Active Node Address      https://vault-2:8201
```
Question 21mediumdrag order
Read the full Explain Vault architecture explanation →

Drag and drop the steps to configure Vault's PKI secrets engine to issue certificates into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 22mediummatching
Read the full NAT/PAT explanation →

Match each Vault audit device to its output destination.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Writes to a local file

Sends to system syslog

Sends to a TCP or UDP endpoint

Publishes to Kafka topic

Question 23easymultiple choice
Read the full Explain Vault architecture explanation →

A small startup wants to run Vault in a development environment with minimal operational overhead. They need to store secrets in memory only, without any persistence. Which storage backend should they choose?

Question 24mediummultiple choice
Read the full Explain Vault architecture explanation →

A company requires that Vault's master key be split into multiple key shares and distributed to different administrators using Shamir's Secret Sharing. They also need to ensure that Vault can automatically unseal if a majority of shares are provided but cannot rely on manual intervention. Which unseal approach should they configure?

Question 25hardmultiple choice
Read the full Explain Vault architecture explanation →

A large enterprise runs Vault in a high-availability cluster with integrated storage (Raft). They notice that read requests are not being evenly distributed across nodes, causing some nodes to have high load. They want to offload read operations to standby nodes. What feature should they enable to achieve this?

Question 26easymultiple choice
Read the full Explain Vault architecture explanation →

An organization has two Vault clusters in different geographic regions and wants to replicate secrets from the primary cluster to the secondary cluster for disaster recovery. Which Vault replication feature should they use?

Question 27mediummultiple choice
Read the full Explain Vault architecture explanation →

A security team needs to audit all interactions with Vault, including requests that are denied due to policy violations. They want to ensure that even if the audit device is full, Vault does not halt operations. Which audit device configuration should they recommend?

Question 28hardmultiple choice
Read the full Explain Vault architecture explanation →

An operator notices that after a network partition, a Vault cluster with integrated storage (Raft) has a node that is unreachable and does not automatically rejoin. The cluster has 5 nodes with a minimum quorum of 3. What is a likely cause for the node not rejoining?

Question 29easymultiple choice
Read the full Explain Vault architecture explanation →

A developer wants to authenticate to Vault using a username and password without any external identity provider. Which authentication method should be enabled?

Question 30mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault administrator creates a policy that grants 'read' and 'list' on 'secret/data/engineering/*' for a group. However, users in that group cannot read 'secret/data/engineering/project/db_password'. What is the most likely issue?

Question 31hardmultiple choice
Read the full Explain Vault architecture explanation →

During a security assessment, a penetration tester discovers that Vault's seal configuration uses a single master key stored in a file on the server. The attacker gains root access to the server and retrieves the unseal key. What is the best mitigation to prevent this scenario?

Question 32mediummulti select
Read the full Explain Vault architecture explanation →

Which TWO of the following are components of Vault's architecture? (Choose two.)

Question 33hardmulti select
Read the full Explain Vault architecture explanation →

Which THREE of the following are true regarding Vault's high availability (HA) and replication? (Choose three.)

Question 34easymulti select
Read the full Explain Vault architecture explanation →

Which TWO of the following storage backends are capable of high availability without external dependencies? (Choose two.)

Question 35mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault server is configured with the above snippet. After starting, the server remains in a sealed state. Which command should the operator run to complete the initial unseal?

Exhibit

Refer to the exhibit.
```hcl
seal "gcpckms" {
  project    = "my-project"
  region     = "global"
  key_ring   = "vault-keyring"
  crypto_key = "vault-key"
}
storage "raft" {
  path = "/opt/vault/data"
  node_id = "node1"
}
listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = true
}
```
Question 36hardmultiple choice
Read the full Explain Vault architecture explanation →

Given the output from 'vault operator raft list-peers', which node(s) will become unavailable if node1 (leader) experiences a network partition away from all other nodes?

Exhibit

Refer to the exhibit.
```
$ vault operator raft list-peers
Node     Address           State       Voter
----     -------           -----       -----
node1    10.0.0.1:8201     leader      true
node2    10.0.0.2:8201     follower    true
node3    10.0.0.3:8201     follower    true
node4    10.0.0.4:8201     follower    false
node5    10.0.0.5:8201     follower    false
```
Question 37easymultiple choice
Read the full Explain Vault architecture explanation →

A user has the above policy attached. What operation can the user perform on 'secret/data/production/db_password'?

Exhibit

Refer to the exhibit.
```json
{
  "path": {
    "secret/data/production/*": {
      "capabilities": ["read", "list"]
    },
    "secret/data/staging/*": {
      "capabilities": ["create", "update", "delete"]
    }
  }
}
```
Question 38easymultiple choice
Read the full Explain Vault architecture explanation →

A new Vault administrator unseals Vault using a single unseal key, but the Vault remains sealed. What is the most likely cause?

Question 39mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster has two nodes configured for HA. The active node becomes unresponsive, and the standby node takes over. However, clients cannot connect to the new active node. The firewall rules allow traffic on port 8200. What is the most likely issue?

Question 40hardmultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster configured with auto-unseal using AWS KMS is deployed across two availability zones. After a network partition, the standby node remains sealed while the active node is unsealed and serving requests. What is the most likely reason the standby cannot unseal?

Question 41easymultiple choice
Read the full Explain Vault architecture explanation →

A company is migrating from a file storage backend to Consul. Which Vault command should be used to move the data?

Question 42mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster uses performance replication. A performance standby node is not responding to read requests. What is the most likely cause?

Question 43hardmultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster uses DR replication. The primary cluster fails, and the DR secondary is promoted to primary. After promotion, some secret data written to the primary shortly before the failure is missing on the new primary. What is the most likely reason?

Question 44easymultiple choice
Read the full Explain Vault architecture explanation →

A company stores static secrets in Vault and requires that all data is encrypted at rest in the storage backend. Which Vault feature provides this encryption?

Question 45mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault administrator notices that the audit log file on the Vault server is filling up the disk. What is the best course of action to prevent disk full issues?

Question 46hardmultiple choice
Read the full Explain Vault architecture explanation →

After a security incident, the Vault administrator needs to change the encryption key used to encrypt data at rest. They have already rekeyed the unseal keys. What additional step is required to ensure new secrets are encrypted with a new key?

Question 47easymulti select
Read the full Explain Vault architecture explanation →

Which TWO are core components of Vault's architecture?

Question 48mediummulti select
Read the full Explain Vault architecture explanation →

Which THREE are requirements for a Vault High Availability (HA) cluster?

Question 49hardmulti select
Read the full Explain Vault architecture explanation →

Which TWO statements about Vault replication are correct?

Question 50mediummultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. What seal mechanism is configured for this Vault instance?

Exhibit

storage "file" {
  path = "/vault/data"
}

seal "awskms" {
  region     = "us-west-2"
  kms_key_id = "1234abcd-12ab-34cd-56ef-1234567890ab"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "false"
  tls_cert_file = "/etc/vault/vault.crt"
  tls_key_file  = "/etc/vault/vault.key"
}

api_addr = "https://vault.example.com:8200"
cluster_addr = "https://vault.example.com:8201"
Question 51hardmultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. Based on the output from 'vault status', which statement is true?

Exhibit

Key                      Value
---                      -----
Seal Type                shamir
Initialized              true
Sealed                   false
Total Shares             5
Threshold                3
Version                  1.15.2
Storage Type             consul
Cluster Name             vault-cluster
Cluster ID               abc123
HA Enabled               true
HA Cluster               n/a
HA Mode                  standby
Active Node Address      <none>
Raft Committed Index     42
Raft Applied Index       42
Question 52easymultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. What operation was performed on the secret "mysecret"?

Exhibit

{
  "time": "2023-10-01T12:00:00Z",
  "type": "request",
  "auth": {
    "client_token": "hmac-sha256:abc123",
    "policies": ["default"]
  },
  "request": {
    "path": "secret/data/mysecret",
    "operation": "read",
    "data": null
  },
  "response": {
    "data": {
      "data": {
        "password": "hmac-sha256:def456"
      }
    }
  }
}
Question 53hardmultiple choice
Read the full Explain Vault architecture explanation →

A company requires that Vault data be continuously replicated from a primary data center to a secondary data center for disaster recovery. The secondary data center must be able to become writable in the event of a primary failure. Which Vault feature should they use?

Question 54easymultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster uses Consul for HA. After a brief network partition, a standby node loses contact with the active node. What does the standby node do after a timeout?

Question 55mediummultiple choice
Read the full Explain Vault architecture explanation →

An organization requires that all Vault secrets be encrypted with a key derived from a hardware security module (HSM) and that the cluster can be unsealed automatically. Which seal type should they use?

Question 56easymultiple choice
Read the full Explain Vault architecture explanation →

In a Vault HA cluster, which node is responsible for handling all write requests?

Question 57mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault administrator is configuring Consul as the storage backend. The Consul cluster will span three data centers with low latency links. Which Consul deployment is recommended for Vault to ensure data safety?

Question 58hardmultiple choice
Read the full Explain Vault architecture explanation →

After a failover event in a Vault HA cluster with Integrated Storage, the new active node reports a 'sealed' status incorrectly in monitoring metrics, but the cluster is still functioning correctly. What is the most likely cause?

Question 59easymultiple choice
Read the full Explain Vault architecture explanation →

What is the purpose of the `storage` stanza in a Vault server configuration file?

Question 60mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster with three nodes using Integrated Storage (Raft) is healthy with one active and two standby nodes. A network partition isolates the active node. What will happen?

Question 61hardmultiple choice
Read the full Explain Vault architecture explanation →

A company uses Vault Enterprise with Performance Replication. The primary cluster is in us-east-1, and a secondary cluster is in eu-west-1. Clients in eu-west-1 report that they receive stale data when reading from the local secondary cluster's active node. What is the most likely cause?

Question 62easymulti select
Read the full Explain Vault architecture explanation →

Which TWO components are required for Vault to start and function? (Choose two.)

Question 63mediummulti select
Read the full Explain Vault architecture explanation →

Which THREE are required for Vault to encrypt data at rest? (Choose three.)

Question 64hardmulti select
Read the full Explain Vault architecture explanation →

A Vault administrator wants to minimize the impact of a single node failure in a three-node Raft cluster. Which TWO actions will help? (Choose two.)

Question 65mediummultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. A Vault administrator configures a three-node cluster with the above configuration on all nodes (with appropriate node_id). After starting all nodes, the administrator unseals node2 and node3. Node1 remains sealed. What will be the cluster state?

Exhibit

storage "raft" {
  path = "/vault/data"
  node_id = "node1"
  retry_join {
    leader_api_addr = "https://10.0.0.2:8200"
  }
  retry_join {
    leader_api_addr = "https://10.0.0.3:8200"
  }
}
seal "shamir" {
  secret_shares = 5
  secret_threshold = 3
}
listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = true
}
Question 66hardmultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. A Vault policy is defined as shown. A user presents a token with this policy. Which operation will be permitted?

Exhibit

path "secret/data/engineering" {
  capabilities = ["read", "list"]
}
path "secret/data/finance" {
  capabilities = ["deny"]
}
path "secret/data/engineering/*" {
  capabilities = ["create", "update", "delete"]
}
path "secret/data/finance/*" {
  capabilities = ["deny"]
}
Question 67easymultiple choice
Read the full Explain Vault architecture explanation →

Refer to the exhibit. A Vault administrator starts a Vault server and receives this error. What is the most likely cause?

Exhibit

Error: failed to initialize storage: no storage backend configured
Question 68mediummultiple choice
Read the full Explain Vault architecture explanation →

A company is running Vault in production with a single active node and two standby nodes using Integrated Storage. The operations team notices that after a network partition, one of the standby nodes becomes unavailable for a few minutes. Upon recovery, the node rejoins the cluster. However, the active node's performance degrades temporarily. What is the most likely cause?

Question 69hardmultiple choice
Read the full Explain Vault architecture explanation →

A DevOps engineer is designing a Vault architecture for a multi-cloud environment spanning AWS, GCP, and on-premises data centers. The requirement is to have low-latency read access to secrets across all regions, and the ability to handle a full regional outage without manual intervention. Which architecture best meets these requirements?

Question 70easymultiple choice
Read the full Explain Vault architecture explanation →

A security team is configuring Vault's seal mechanism. They want to ensure that in the event of a data center outage, the Vault cluster can be unsealed without human intervention, but still require approval from multiple administrators to rekey the master key. Which seal type should they use?

Question 71mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault cluster uses Integrated Storage with 5 nodes. After a network split, the cluster loses quorum and becomes sealed. The network is restored, but the cluster does not automatically recover. What should the administrator do to recover the cluster?

Question 72easymultiple choice
Read the full Explain Vault architecture explanation →

An organization wants to use Vault's dynamic database credentials to manage MySQL access. They have multiple application servers that need to connect to different databases. What is the best practice for configuring database roles to minimize the number of Vault mounts?

Question 73hardmulti select
Read the full Explain Vault architecture explanation →

Which three characteristics are true about Vault's storage backend and seal mechanisms? (Choose three.)

Question 74easymulti select
Read the full Explain Vault architecture explanation →

A Vault administrator wants to ensure that all secrets are encrypted at rest and in transit. Which two configurations are necessary? (Choose two.)

Question 75mediummulti select
Read the full Explain Vault architecture explanation →

A company is deploying Vault in a Kubernetes environment. Which three components are essential for a production-ready Vault on Kubernetes? (Choose three.)

Question 76easymultiple choice
Read the full Explain Vault architecture explanation →

A company deploys Vault in a single data center with 3 nodes using Integrated Storage. The application team reports that secret reads are slow, with median latency of 200ms. The Vault cluster is under moderate load of 100 requests per second. The administrator checks the server metrics and sees that the Raft commit latency is low, but the HTTP request handling time is high. The Vault nodes are running on virtual machines with 4 vCPUs and 8GB RAM each. The administrator suspects that the bottleneck is due to resource contention. What should the administrator do to reduce read latency without compromising availability?

Question 77mediummultiple choice
Read the full Explain Vault architecture explanation →

An organization uses Vault to manage SSH access via the SSH secrets engine. They have a large number of servers, each with a unique host key. The admin configures the SSH secrets engine with a one-time password (OTP) type. Users report that sometimes they cannot authenticate to some servers because the OTP is not accepted. The admin reviews the logs and finds that the server's SSH daemon is not contacting Vault to verify the OTP. The SSH daemon is configured with the Vault SSH helper. What is the most likely cause?

Question 78hardmultiple choice
Read the full Explain Vault architecture explanation →

A company with strict security requirements uses Vault's Transit secrets engine to encrypt data in a microservices architecture. They have multiple applications that each require a unique encryption key. The security team wants to enforce key rotation every 30 days for all keys, and also require that keys be destroyed after they are no longer used. The application team is concerned that key rotation might cause downtime because applications need to re-encrypt data. The Vault architect needs to design a key management solution. What is the best approach?

Question 79easymultiple choice
Read the full Explain Vault architecture explanation →

A startup is deploying Vault for the first time. They want to use Integrated Storage for simplicity. They plan to run Vault on three small instances. During initial setup, they start the first node and initialize Vault, obtaining the unseal keys and root token. Then they start the second node and run `vault operator raft join http://<first_node>:8200`. The second node joins successfully. They then start the third node and attempt to join, but the join command fails with an error saying 'no leader'. What is the most likely cause?

Question 80mediummultiple choice
Read the full Explain Vault architecture explanation →

A Vault administrator is troubleshooting an issue where after a network outage, the Vault cluster is sealed and cannot be unsealed. The cluster has 5 nodes using Integrated Storage. The administrator runs `vault status` on each node and receives 'sealed' response. The administrator suspects that the cluster lost quorum during the outage. The administrator checks the Raft configuration and finds that there are 3 voter nodes and 2 non-voter nodes. Which action should the administrator take to recover the cluster?

Question 81hardmultiple choice
Read the full Explain Vault architecture explanation →

A company uses Vault Enterprise with Performance Replication across two data centers. The primary data center is in us-east-1 and the secondary is in eu-west-1. They have an application that writes secrets to the primary cluster, and those secrets are replicated to the secondary cluster for read access. Recently, they noticed that some secrets written to the primary are not appearing on the secondary even after several minutes. The latency between data centers is typically 50ms. The administrator checks the replication status and sees a 'merkle sync' in progress. What is the most likely reason for the delay?

Question 82easymulti select
Read the full Explain Vault architecture explanation →

A DevOps team is setting up a Vault cluster for the first time. They plan to use AWS KMS for auto-unseal and Consul as the storage backend. As part of the architecture, which TWO components are essential for the Vault server to start and serve requests?

Question 83mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. A developer issues a Vault CLI command to write a secret to path 'secret/data/team/billing'. What will be the outcome?

Exhibit

path "secret/data/team/*" {
  capabilities = ["create", "update", "read", "delete"]
}

path "secret/data/team/billing" {
  capabilities = ["read"]
}
Question 84hardmultiple choice
Read the full Explain Vault architecture explanation →

A large e-commerce company uses Vault to manage database credentials for microservices. They have a Vault cluster of 5 nodes using Integrated Storage (Raft). To increase capacity, they add a sixth node to the cluster. Shortly after, they notice intermittent 'no leader' errors in the Vault logs, and some clients experience failures when reading secrets. The cluster was functioning correctly before the addition. What is the most likely cause and the recommended action?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

VA-003 Practice Test 1 — 10 Questions→VA-003 Practice Test 2 — 10 Questions→VA-003 Practice Test 3 — 10 Questions→VA-003 Practice Test 4 — 10 Questions→VA-003 Practice Test 5 — 10 Questions→VA-003 Practice Exam 1 — 20 Questions→VA-003 Practice Exam 2 — 20 Questions→VA-003 Practice Exam 3 — 20 Questions→VA-003 Practice Exam 4 — 20 Questions→Free VA-003 Practice Test 1 — 30 Questions→Free VA-003 Practice Test 2 — 30 Questions→Free VA-003 Practice Test 3 — 30 Questions→VA-003 Practice Questions 1 — 50 Questions→VA-003 Practice Questions 2 — 50 Questions→VA-003 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Compare authentication methodsAssess Vault tokensCreate Vault policiesManage Vault leasesCompare and configure secrets enginesUtilize Vault CLI and APIExplain Vault architectureExplain encryption as a service

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Explain Vault architecture setsAll Explain Vault architecture questionsVA-003 Practice Hub