HashiCorp Exam HCVA0-003 Topic 9 Question 6 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 6
Topic #: 9

An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?

AGo back to using static credentials

BRenew the lease before expiration

CRevoke the lease before expiration

DUse a different auth method

Show Suggested Answer

Suggested Answer: B

Comprehensive and Detailed in Depth

To prevent application downtime due to expired dynamic credentials while maintaining security, the application should renew the lease before it expires. The HashiCorp Vault documentation states: 'The application should frequently 'check-in' with Vault and renew the lease to prevent the lease from expiring.' It adds: 'A lease must be renewed before it has expired. Once it has expired, it is permanently revoked and a new secret must be requested.'

The docs elaborate: 'Dynamic secrets are designed to be short-lived and automatically rotated or revoked when their lease expires. Renewing the lease extends its validity, ensuring continuous access without compromising the security benefits of short-lived credentials.' A (Static credentials) reduces security by eliminating rotation. C (Revoke) ends access early. D (Different auth method) doesn't address lease management. Thus, B is correct.

HashiCorp Vault Documentation - Leases: Lease Renew and Revoke

by Laura at Apr 09, 2025, 08:46 AM

Limited Time Offer

25%

22 days ago

We should renew the lease before expiration to prevent the application from going down.

upvoted 0 times

...