Which auth method is ideal for machine to machine authentication?
The ideal method for a machine to machine authentication is AppRole although it's not the only method. The other options are frequently reserved for human access.
Reference link:- https://www.hashicorp.com/blog/authenticating-applications-with-vault-approle/
When Vault is sealed, which are the only two options available to a Vault administrator? (select two)
When Vault is sealed, the only two options available are, viewing the vault status and unsealing Vault. All the other actions performed after the Vault is unsealed and the user is authenticated.
After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to coerce Vault to remove the secret?
The -force flag is meant for recovery when the secret in the target secrets engine was manually deleted.
What type of token does not have a TTL (time to live)?
Non-root tokens are associated with a TTL, which determines how long a token is valid. Root tokens are not associated with a TTL, and therefore, do not expire.
Root tokens are tokens that have the root policy attached to them. They are the only type of token within Vault that are not associated with a TTL, and therefore, do not expire.
An application is trying to use a secret in which the lease has expired. What can be done in order for the application to successfully request data from Vault?
A lease must be renewed before it has expired. Once it has expired, it is permanently revoked and a new secret must be requested.
