Which feature of Vault helps prevent data exposure in the event of a breach?

The feature that specifically helps prevent data exposure in the event of a breach is access control via policies. Vault employs a robust policy framework that allows administrators to enforce granular access controls on who can access specific secrets or perform certain actions. By defining clear policies, organizations can minimize the risk of unauthorized access to sensitive data, effectively limiting the exposure to only those users or services that absolutely need it.

This principle of least privilege ensures that even if a breach occurs, the potential damage is contained since the compromised entity would only have access to what its permissions allow. This capability is particularly crucial for maintaining security in a dynamic environment where roles and permissions may frequently change.

Other features like data encryption at rest do enhance overall security by protecting data stored on disk, but they do not prevent access during runtime in the same way that stringent access controls do. Automated backups provide resilience in data recovery but do not directly affect exposure risk in the event of a breach. User activity logging is useful for monitoring and auditing access but does not actively prevent unauthorized access to data.