HashiCorp Certified: Vault Associate (002) — Question 25

When unsealing Vault each Shamir unseal key should be entered:

Answer options

• A. Sequentially from one system that all of the administrators are in front of
• B. By different administrators each connecting from different computers
• C. While encrypted with each administrators PGP key
• D. At the command line in one single command

Correct answer: B

Explanation

The correct answer is B because unsealing Vault requires that the keys be entered by different administrators from separate computers to ensure security and prevent compromise. Option A is incorrect as it does not maintain the necessary security protocols, while C misrepresents the method of entry, and D suggests a method that undermines the distributed trust model of Shamir's Secret Sharing.