HashiCorp Certified: Vault Associate (002) — Question 47

Which of the following statements are true about Vault policies? (Choose two.)

Answer options

• A. The default policy can not be modified
• B. You must use YAML to define policies
• C. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault
• D. Vault must be restarted in order for a policy change to take an effect
• E. Policies deny by default (empty policy grants no permission)

Correct answer: C, E

Explanation

Option C is correct because Vault policies indeed provide a way to declaratively manage access to specific paths and operations. Option E is also correct as policies in Vault default to denying access unless explicitly granted. Options A, B, and D are incorrect because the default policy can be modified, policies can be defined using various formats, and a restart is not necessary for policy changes to take effect.