When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

- the root token isn't a secure way of logging into Vault
- the root token is attached to the root policy, which likely provides too many privileges to a user
- the root token should be revoked and not used on a day-to-day basis
- It's easier to just use the root token than to configure additional auth methods
Answer(s): B,C
Explanation:
The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.
Reveal Solution Next Question