HashiCorp HCVA0-003 Exam - Topic 3 Question 17 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 17
Topic #: 3

All Vault instances, or clusters, include two built-in policies that are created automatically. Choose the two policies below and the correct information regarding each policy. (Select two)

AThe root policy is created automatically. This policy provides superuser privileges and cannot be deleted

BThe admin policy is created automatically. It provides administrative permissions but can be deleted if needed

CThe default policy is created automatically. This policy can be modified but not deleted

DThe default policy is created automatically. This policy cannot be modified but it can be deleted

Show Suggested Answer

Suggested Answer: A, C

Comprehensive and Detailed In-Depth

Vault automatically creates two built-in policies: root and default.

A: The root policy is created at initialization, granting superuser privileges (full access to all paths and operations). It's attached to root tokens and cannot be deleted or modified, per the policies documentation.

C: The default policy is also created automatically, providing basic permissions (e.g., token management). It's attached to all non-root tokens by default, can be modified, but cannot be deleted, as stated in the docs.

B: No admin policy is automatically created; administrative policies must be defined manually.

D: The default policy can be modified, contradicting this option.

Built-in Policies

by Elina at Mar 03, 2026, 10:43 PM

Limited Time Offer

25%

1 month ago

I think the root policy definitely provides superuser privileges, but I'm not sure if it can be deleted or not.

upvoted 0 times

...