Free Preparation Discussions
MENU
HashiCorp Exam HCVA0-003 Topic 9 Question 6 Discussion
Topic #: 9
An application has authenticated to Vault and has obtained dynamic database credentials with a lease of 4 hours. Four hours later, the credentials expire, and the application can no longer communicate with the backend database, so the application goes down. What should the developers instruct the application to do to prevent this from happening again while maintaining the same level of security?
Comprehensive and Detailed in Depth
To prevent application downtime due to expired dynamic credentials while maintaining security, the application should renew the lease before it expires. The HashiCorp Vault documentation states: 'The application should frequently 'check-in' with Vault and renew the lease to prevent the lease from expiring.' It adds: 'A lease must be renewed before it has expired. Once it has expired, it is permanently revoked and a new secret must be requested.'
The docs elaborate: 'Dynamic secrets are designed to be short-lived and automatically rotated or revoked when their lease expires. Renewing the lease extends its validity, ensuring continuous access without compromising the security benefits of short-lived credentials.' A (Static credentials) reduces security by eliminating rotation. C (Revoke) ends access early. D (Different auth method) doesn't address lease management. Thus, B is correct.
HashiCorp Vault Documentation - Leases: Lease Renew and Revoke
Terrilyn
28 days agoCathrine
1 months agoReed
1 months agoClarinda
11 days agoChauncey
2 months agoDanica
24 days agoHerman
1 months agoShawnee
2 months agoAlfreda
2 months agoMelda
2 months agoNieves
2 months agoFidelia
14 days agoDelila
15 days agoErin
16 days agoEleonora
17 days agoLetha
19 days agoCherry
23 days agoJaime
28 days agoMalcom
1 months agoMelda
2 months ago