Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsVA-003TopicsManage Vault leases
Free · No Signup RequiredHashiCorp · VA-003

VA-003 Manage Vault leases Practice Questions

20+ practice questions focused on Manage Vault leases — one of the most tested topics on the HashiCorp Vault Associate VA-003 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Manage Vault leases Practice

Exam Domains

Compare authentication methodsAssess Vault tokensCreate Vault policiesManage Vault leasesCompare and configure secrets enginesUtilize Vault CLI and APIExplain Vault architectureAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Manage Vault leases Questions

Practice all 20+ →
1.

A DevOps team is using Vault's database secrets engine to generate dynamic credentials for a PostgreSQL database. They notice that the lease duration is set to 24 hours, but security policy requires that credentials expire after 1 hour. What should the team do to enforce the 1-hour expiration without changing the default lease TTL for all secrets?

A.Set the mount's max_lease_ttl to 1h.
B.Ask each developer to set the TTL when requesting credentials.
C.Configure the role with a ttl of 1h.
D.Use a periodic token with a period of 1h.

Explanation: Option C is correct because the database secrets engine allows role-level TTL configuration that overrides the default lease duration for credentials generated from that role. By setting the role's `ttl` to 1h, the team enforces a 1-hour expiration for credentials created under that specific role without affecting the default lease TTL for all secrets or other roles. This directly meets the security policy requirement while maintaining flexibility for other secrets.

2.

An organization uses Vault to issue certificates via the PKI secrets engine. They have set the default lease TTL on the PKI mount to 72h, and the role's ttl to 24h. A user requests a certificate with a requested TTL of 48h. What will be the actual TTL of the issued certificate?

A.The request will be rejected because the requested TTL exceeds the role's ttl.
B.48h
C.24h
D.72h

Explanation: The correct answer is C (24h) because when a certificate request is made, Vault applies the most restrictive TTL among the role's configured `ttl`, the mount's default lease TTL, and the requested TTL. Here, the role's `ttl` of 24h is the shortest, so it overrides both the requested 48h and the mount default of 72h, resulting in a certificate with a 24-hour validity.

3.

Which TWO of the following actions can reduce the number of active leases in Vault? (Select two.)

A.Reducing the default lease TTL
B.Revoking a lease
C.Creating a new lease
D.Increasing the max lease TTL

Explanation: Reducing the default lease TTL (time-to-live) shortens the maximum duration for which a lease can be issued without renewal. When existing leases expire sooner, the system automatically removes them from the active lease count, thereby reducing the number of active leases. This directly affects the lease lifecycle by forcing earlier expiration.

4.

A developer runs the commands shown in the exhibit. After renewing the lease, the lease_duration remains 1 hour. What is the most likely reason?

A.The lease is not renewable.
B.The mount's max_lease_ttl is set to 1h.
C.The developer does not have permission to renew the lease.
D.The role's max_ttl is set to 1h.

Explanation: Option D is correct because the role's max_ttl overrides the lease duration when it is shorter than the requested TTL. Even if the lease is renewed, the effective TTL cannot exceed the role's max_ttl, which is set to 1 hour. This is a common Vault behavior where the role's maximum TTL acts as a hard cap on lease lifetimes.

5.

A company runs a microservices application on Kubernetes. Each service authenticates to Vault using the Kubernetes auth method and obtains a short-lived token with a TTL of 15 minutes. The services use these tokens to read secrets from the KV v2 secrets engine. Recently, the operations team noticed that Vault's lease count has been steadily increasing, and some services are experiencing 'lease not found' errors when trying to renew their tokens. Investigation reveals that the services are not renewing tokens before they expire because the token TTL is too short to complete some long-running tasks. The team wants to fix the issue without compromising security. They are considering the following actions: A. Increase the default lease TTL for the KV v2 mount to 1 hour. B. Increase the token TTL for the Kubernetes auth role to 1 hour. C. Implement a renewal loop in each service to renew tokens every 10 minutes. D. Use periodic tokens with a period of 1 hour for all services.

A.Increase the default lease TTL for the KV v2 mount to 1 hour.
B.Increase the token TTL for the Kubernetes auth role to 1 hour.
C.Implement a renewal loop in each service to renew tokens every 10 minutes.
D.Use periodic tokens with a period of 1 hour for all services.

Explanation: Option B is correct because increasing the token TTL for the Kubernetes auth role to 1 hour directly addresses the root cause: the current 15-minute TTL is too short for long-running tasks, causing tokens to expire before services can complete their work. By raising the TTL to 1 hour, services have sufficient time to complete tasks and renew tokens, while still maintaining security through short-lived credentials. This approach does not require code changes and leverages Vault's built-in token lifecycle management.

+15 more Manage Vault leases questions available

Practice all Manage Vault leases questions

How to master Manage Vault leases for VA-003

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Manage Vault leases. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Manage Vault leases questions on the VA-003 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many VA-003 Manage Vault leases questions are on the real exam?

The exact number varies per candidate. Manage Vault leases is tested as part of the HashiCorp Vault Associate VA-003 blueprint. Practicing with targeted Manage Vault leases questions ensures you can handle any format or difficulty that appears.

Are these VA-003 Manage Vault leases practice questions free?

Yes. Courseiva provides free VA-003 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Manage Vault leases one of the harder VA-003 topics?

Difficulty is subjective, but Manage Vault leases is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Manage Vault leases practice session with instant scoring and detailed explanations.

Start Manage Vault leases Practice →

Topic Info

Topic

Manage Vault leases

Exam

VA-003

Questions available

20+