VA-003 · topic practice

Scenario practice questions

Practise HashiCorp Vault Associate VA-003 Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
10 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

10 questions · select your answer, then reveal the explanation

Question 1hardmulti select
Read the full Scenario explanation →

Which THREE of the following are true regarding Vault's high availability (HA) and replication? (Choose three.)

Question 2mediummultiple choice
Read the full Scenario explanation →

A CI/CD pipeline needs to generate thousands of short-lived tokens each day for jobs that run for at most 5 minutes. The tokens should not be renewable or revocable individually. Which token type should be used?

Question 3hardmulti select
Read the full Scenario explanation →

Which TWO of the following scenarios require the use of a periodic token?

Question 4mediummultiple choice
Read the full Scenario explanation →

A Vault administrator is configuring Consul as the storage backend. The Consul cluster will span three data centers with low latency links. Which Consul deployment is recommended for Vault to ensure data safety?

Question 5easymultiple choice
Read the full Scenario explanation →

A developer wants to authenticate to Vault using a username and password without any external identity provider. Which authentication method should be enabled?

Question 6hardmultiple choice
Read the full Scenario explanation →

During a security assessment, a penetration tester discovers that Vault's seal configuration uses a single master key stored in a file on the server. The attacker gains root access to the server and retrieves the unseal key. What is the best mitigation to prevent this scenario?

Question 7easymultiple choice
Read the full Scenario explanation →

In a Vault HA cluster, which node is responsible for handling all write requests?

Question 8mediummultiple choice
Read the full Scenario explanation →

A company is using Vault Transit to encrypt files before uploading them to an S3 bucket. They notice that for a given plaintext file, the ciphertext output is always identical, even when encrypting at different times. They are using the `encrypt` endpoint with the default AES-GCM algorithm. The team is concerned about security because the repeated ciphertext leaks information (e.g., file equality). What is the most likely cause of this behavior?

Question 9hardmultiple choice
Read the full Scenario explanation →

A company requires that Vault data be continuously replicated from a primary data center to a secondary data center for disaster recovery. The secondary data center must be able to become writable in the event of a primary failure. Which Vault feature should they use?

Question 10easymultiple choice
Read the full NAT/PAT explanation →

A DevOps team uses Vault to manage secrets for a microservices application. The application authenticates to Vault using AppRole, and each service obtains a periodic token with a TTL of 24 hours and a period of 1 hour. The tokens are used to read secrets from a path. Recently, the team noticed that some services are unable to read secrets after a few hours, with error messages indicating that the token is not authorized or has expired. Upon investigation, the team finds that the tokens are being renewed properly but still fail after some time. What is the most likely cause of this issue?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related VA-003 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the VA-003 exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other VA-003 topics?
Use the topic links above to move to related areas, or go back to the VA-003 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the VA-003 exam covers. They are not copied from any real exam or dump site.