HashiCorp Certified: Vault Associate (002) — Question 11

What can be used to limit the scope of a credential breach?

Answer options

• A. Storage of secrets in a distributed ledger
• B. Enable audit logging
• C. Use of a short-lived dynamic secrets
• D. Sharing credentials between applications

Correct answer: C

Explanation

The correct answer is C, as using short-lived dynamic secrets minimizes the window of opportunity for an attacker to exploit stolen credentials. Options A and D would not limit the scope of a breach effectively, and while B is important for monitoring, it does not prevent or limit the breach itself.