HashiCorp HCVA0-003 Exam - Topic 1 Question 18 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 18
Topic #: 1

An application is trying to use a dynamic secret in which the lease has expired. What can be done in order for the application to successfully request data from Vault?

ATry the expired secret in hopes it hasn't been deleted yet

BPerform a lease renewal

CRequest a new secret and associated lease

DRequest the TTL be extended for the secret lease

Show Suggested Answer

Suggested Answer: C

Comprehensive and Detailed in Depth

Once a dynamic secret's lease expires, it cannot be renewed or reused; a new secret must be requested. The HashiCorp Vault documentation states: 'A lease must be renewed before it has expired. Once it has expired, it is permanently revoked and a new secret must be requested.' This means that after expiration, the secret is invalidated, and the application must obtain a new secret with a new lease to regain access.

Trying an expired secret (A) is futile as it's revoked. Performing a lease renewal (B) is impossible post-expiration, as the docs note: 'Renewal must occur before the lease expires.' Extending the TTL (D) isn't an option for an expired lease. Thus, C is the correct action.

HashiCorp Vault Documentation - Leases: Lease Renew and Revoke

by Lavonna at Apr 02, 2026, 07:06 AM

Limited Time Offer

25%

2 months ago

I think we talked about lease renewals in class, so maybe option B is the right choice? But I'm not entirely sure if that's the only way.

upvoted 0 times

...