Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

HashiCorp Exam HCVA0-003 Topic 9 Question 1 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 1
Topic #: 9

[All HCVA0-003 Questions]

When creating a policy, an error was thrown:

Which statement describes the fix for this issue?

AReplace write with create in the capabilities list

BYou cannot have a wildcard (' * ') in the path

Csudo is not a capability

Show Suggested Answer

Suggested Answer: A

The error was thrown because the policy code contains an invalid capability, ''write''. The valid capabilities for a policy are ''create'', ''read'', ''update'', ''delete'', ''list'', and ''sudo''. The ''write'' capability is not recognized by Vault and should be replaced with ''create'', which allows creating new secrets or overwriting existing ones. The other statements are not correct, because the wildcard (*) and the sudo capability are both valid in a policy. The wildcard matches any number of characters within a path segment, and the sudo capability allows performing certain operations that require root privileges.

[Policy Syntax | Vault | HashiCorp Developer]

[Policy Syntax | Vault | HashiCorp Developer]

by Wai at Apr 06, 2025, 06:37 PM

Limited Time Offer

25%

Off

Get Premium HCVA0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Doyle

13 days ago

I'm with Mabel on this one. Wildcards in the path? That's a big no-no. B is the answer, no doubt about it.

upvoted 0 times

...

Tamar

18 days ago

A? Replace 'write' with 'create'? Nah, that's not gonna cut it. Gotta go with B, my dude.

upvoted 0 times

...

Mabel

24 days ago

Haha, I bet the developer who wrote this policy was trying to be a little too clever with the wildcard. B is the right answer, for sure.

upvoted 0 times

...

Susy

1 months ago

But sudo is not a capability, so option C could also be the fix.

upvoted 0 times

...

Iraida

2 months ago

C is the way to go. 'sudo' is not a capability, so that's the problem. Rookie mistake, but easy to fix.

upvoted 0 times

Otis

22 days ago

C) sudo is not a capability

upvoted 0 times

...

Ahmad

26 days ago

B) You cannot have a wildcard (\' * \') in the path

upvoted 0 times

...

An

1 months ago

A) Replace write with create in the capabilities list

upvoted 0 times

...

...

Candida

2 months ago

Hmm, I think the fix is B. You can't have a wildcard in the path. That's a common mistake I've seen before.

upvoted 0 times

Elke

4 days ago

I agree, that's a common mistake I've seen before.

upvoted 0 times

...

Curtis

18 days ago

I think the fix is B. You can't have a wildcard in the path.

upvoted 0 times

...

Carmen

24 days ago

Yes, let's replace it with a specific path instead.

upvoted 0 times

...

Quentin

26 days ago

So, we should avoid using wildcard in the path for this policy.

upvoted 0 times

...

Fausto

28 days ago

I agree, that's a common mistake I've seen before.

upvoted 0 times

...

Kenneth

30 days ago

I think the fix is B. You can't have a wildcard in the path.

upvoted 0 times

...

...

Junita

2 months ago

I disagree, I believe the issue is with having a wildcard in the path.

upvoted 0 times

...

Susy

2 months ago

I think the fix is to replace write with create in the capabilities list.

upvoted 0 times

...