Back to HashiCorp Vault Associate VA-003 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise HashiCorp Vault Associate VA-003 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
VA-003
exam code
HashiCorp
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related VA-003 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Full question →

Which TWO statements correctly describe differences between AppRole and Kubernetes authentication methods?

Question 2hardmulti select
Full question →

Which TWO best practices should be followed when tuning secrets engine mounts?

Question 3hardmulti select
Full question →

Which THREE steps are required to configure the database secrets engine for generating dynamic credentials?

Question 4hardmulti select
Full question →

Which THREE of the following are true regarding Vault's high availability (HA) and replication? (Choose three.)

Question 5hardmulti select
Full question →

A Vault administrator wants to minimize the impact of a single node failure in a three-node Raft cluster. Which TWO actions will help? (Choose two.)

Question 6easymulti select
Full question →

A Vault administrator wants to ensure that all secrets are encrypted at rest and in transit. Which two configurations are necessary? (Choose two.)

Question 7mediummulti select
Full question →

Which TWO of the following are valid uses of the Vault API for managing leases? (Choose two.)

Question 8hardmulti select
Full question →

Which THREE of the following are true about using the Vault API with response wrapping? (Choose three.)

Question 9mediummulti select
Read the full NAT/PAT explanation →

An admin wants to view all active leases for a specific secrets engine path. Which two approaches are valid? (Choose two.)

Question 10mediummulti select
Full question →

Which two commands can be used to manually revoke leases? (Choose two.)

Question 11mediummulti select
Full question →

An admin needs to revoke all leases associated with a particular policy violation. Which two methods can be used? (Choose two.)

Question 12mediummulti select
Full question →

Which of the following factors determine the actual TTL of a lease issued by a secrets engine? (Choose three.)

Question 13easymulti select
Full question →

Which TWO of the following are valid token states?

Question 14mediummulti select
Full question →

Which TWO of the following are valid methods to revoke a Vault token?

Question 15easymulti select
Read the full NAT/PAT explanation →

A Vault operator is crafting a policy for a new application. Which two of the following are valid capabilities in a Vault policy path statement? (Select two.)

Question 16mediummulti select
Read the full NAT/PAT explanation →

Which three of the following are valid capabilities in a Vault policy path statement? (Select three.)

Question 17hardmulti select
Full question →

A Vault policy must allow a service to read secrets from "secret/data/app" and also be able to renew its own token. Which two policy statements are necessary and sufficient for this requirement? (Select two.)

Question 18mediummulti select
Full question →

An organization is creating Vault policies to manage access to secrets across multiple application teams. According to HashiCorp best practices, which two approaches should be taken when designing policies? (Choose two.)

Question 19easymulti select
Full question →

Which TWO of the following are valid secrets engines in Vault? (Select exactly 2.)

Question 20hardmulti select
Full question →

Which THREE of the following are valid parameters when creating a token via the API?

These VA-003 practice questions are part of Courseiva's free HashiCorp certification practice question bank. Courseiva provides original exam-style VA-003 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.