Free HashiCorp Vault-Associate Actual Exam Questions - Question 6 Discussion

C helps reduce damage since credentials expire quickly after a breach.

C/B? Short-lived dynamic secrets (C) definitely limit how long stolen credentials are useful, but audit logging (B) can also help quickly identify and respond to breaches, indirectly limiting the impact.

Probably C still feels right, but I’d also say B doesn’t really limit the scope directly—it just helps with detecting breaches after they happen. Sharing credentials (D) actually sounds like it would increase risk, so that’s out. Distributed ledger storage (A) seems unrelated to limiting breach scope since it’s more about where you store secrets, not how long they’re valid or how broadly they can be used. So C looks like the best fit for minimizing damage if creds get compromised.

C makes the most sense here. Short-lived dynamic secrets reduce the time an attacker can use stolen creds.