VA-003 Create Vault policies • Complete Question Bank
Complete VA-003 Create Vault policies question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```hcl
path "secret/data/kv-v2/engineering/*" {
capabilities = ["read", "list"]
}
path "secret/metadata/kv-v2/engineering/*" {
capabilities = ["read", "list"]
}
path "sys/policies/acl/engineering" {
capabilities = ["read"]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Write a secret
Read data at a path
Write data or invoke an endpoint
Delete a secret or path
List keys under a path
path "secret/data/team-a/*" {
capabilities = ["read", "list"]
}
path "secret/data/team-a/admin" {
capabilities = ["deny"]
}# Vault policy snippet
path "transit/encrypt/app-key" {
capabilities = ["create", "update"]
}
path "transit/decrypt/app-key" {
capabilities = ["create", "update"]
}$ vault policy read my-policy
path "secret/data/production/*" {
capabilities = ["read"]
}
path "secret/data/staging/*" {
capabilities = ["create", "update"]
}A DevOps team has configured a Vault policy to allow reading secrets from the 'secret/data/engineering' path. The policy contains:
path "secret/data/engineering/*" { capabilities = ["read", "list"]
}
However, when a user attempts to read a secret at 'secret/data/engineering/db/password', they receive a permission denied error. What is the most likely cause?
path "secret/data/engineering/*" {
capabilities = ["read", "list"]
}
path "secret/data/engineering/projects/*" {
capabilities = ["create", "update"]
}