Free HashiCorp Vault-Associate Actual Exam Questions - Question 15 Discussion
secret/bar. The users that are assigned this policy should also be able to list the secrets. What should
this policy look like?
Option D looks solid because it explicitly includes both the base path secret/bar and the wildcard secret/bar/*, which means users can list the folder itself and also read all secrets inside it. Just having the wildcard alone might not grant list access on the exact path, so D covers both angles properly. This extra specificity is important for proper permissions in Vault policies.
Makes sense to include both secret/bar and secret/bar/* paths separately because listing the folder itself requires permission on the exact path, not just the wildcard. Option D covers read and list on secret/bar and all its sub-paths, so that should be the right pick here.
Sohail S: C imo, because it includes both read and list capabilities with the wildcard for secret/bar/*, ensuring full access to all secrets there. Without the wildcard, you might miss some secrets.
B tbh doesn’t cut it because like others said, you need list permissions to browse secrets, not just read. D is tempting but if it misses the wildcard on secret/bar/*, it won’t cover all secrets under that path. C looks solid since it explicitly grants both read and list for everything under secret/bar/* which matches the question’s ask perfectly. A seems off since it might be too restrictive or missing one of the required actions. So yeah, C is the one that ticks all the boxes with the right scope and permissions.
The wildcard is crucial here because you want to cover all secrets under secret/bar, not just the exact path. So any policy missing that wildcard can’t fully grant the needed access. Also, both read and list capabilities need to be explicitly allowed. D looks close but without the wildcard, it might not cover everything. C includes read and list on secret/bar/*, which fits better since it matches all secrets inside that path. It’s important the policy explicitly states both actions on the right path, and C nails that.
B seems off because it only covers read but misses list permissions needed to see all secrets. The policy must allow both actions to fulfill the task fully.
D imo, because it clearly includes both read and list capabilities for secret/bar/*, which is necessary to cover all secrets under that path. Without the wildcard, you might only get permissions for the exact path secret/bar and not the secrets inside it. A and B don’t handle listing properly, so those are out. C is close but seems to miss the full path coverage with the wildcard, which is key here.
It’s C because it includes both the read and list capabilities specifically for secret/bar/*, ensuring users can access and list all secrets in that path. D looks similar but might miss the wildcard on the path.
B imo, it grants read but doesn’t mention list, so can’t list secrets.
D looks like it covers both read and list, but does it explicitly include secret/bar/*?
Not B, since it only grants read but misses list permission. D looks right because it explicitly includes both read and list capabilities for secret/bar/* paths.
This question is kinda confusing with those image links instead of text. Does anyone know which one actually covers both read and list permissions properly?