New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium HashiCorp VA-002-P Dumps Questions Answers

Page: 1 / 8
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Question 1

Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward.

What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?

Options:

A.

resources that are manually deployed in the AWS console cannot be imported by Terraform

B.

using terraform import, import the existing infrastructure into your Terraform state

C.

delete the existing resources and recreate them using new a Terraform configuration so Terraform can manage them moving forward

D.

submit a ticket to AWS and ask them to export the state of all existing resources and use terraform import to import them into the state file

Buy Now
Question 2

When creating a dynamic secret in Vault, Vault returns what value that can be used to renew or revoke the lease?

Options:

A.

lease_id

B.

vault_accessor

C.

revocation_access

D.

token_revocation_id

Question 3

When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

Options:

A.

2

B.

5

C.

4

D.

1

Question 4

You want to encrypt a credit card number using the transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?

1. $ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121"

2. Error writing data to transit/encrypt/orders: Error making API request.

3.

4. URL: PUT

5. Code: 400. Errors:

6.

7. * illegal base64 data at input byte 4

Options:

A.

credit card numbers are not supported using the transit secrets engine since it is considered sensitive data

B.

the token used to issue the encryption request does not have the appropriate permissions

C.

the plain text data needs to be encoded to base64

D.

the credit card number should not include spaces

Question 5

After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?

1. Key Value

2. --- -----

3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

Options:

A.

the original encryption key has been rotated at least once

B.

this is the second version of the encrypted data

C.

similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option

D.

the data is stored in Vault using a KV v2 secrets engine

Question 6

In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)

Options:

A.

issuing a vault kv destroy statement permanently deletes a single version of a secret

B.

issuing a vault kv destroy statement deletes all versions of a secret

C.

issuing a vault kv delete statement permanently deletes the secret

D.

issuing a vault kv metadata delete statement permanently deletes the secret

E.

issuing a vault kv delete statement performs a soft delete

Question 7

Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?

Options:

A.

path "secrets/applications/+/api_*" {

capabilities = ["read"]

}

B.

path "secrets/applications/" {

capabilities = ["read"]

allowed_parameters = {

"certificate" = []

}

}

C.

path "secrets/*" {

capabilities = ["list"]

}

D.

path "secrets/applications/app01/api_key" {

capabilities = ["update", "list"]

}

Question 8

When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

Options:

A.

the root token isn't a secure way of logging into Vault

B.

the root token is attached to the root policy, which likely provides too many privileges to a user

C.

the root token should be revoked and not used on a day-to-day basis

D.

It's easier to just use the root token than to configure additional auth methods

Question 9

You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?

Options:

A.

disaster recovery replication

B.

single-node replication

C.

performance replication

D.

end-to-end replication

Question 10

What happens to child tokens when a parent token is revoked?

Options:

A.

the child tokens are renewed

B.

the child tokens are converted to parent tokens

C.

the child tokens create their own child tokens to be used

D.

the child tokens are revoked

Question 11

As opposed to service tokens, batch tokens are ideal for what type of action?

Options:

A.

generating dynamic credentials

B.

configuring Vault features

C.

renewing tokens

D.

issuing snapshots

E.

encrypting data

F.

writing secrets

Question 12

What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

Options:

A.

CLI access from the same machine running Terraform

B.

API access using the AppRole auth method

C.

Vault provider

D.

Integration with a tool like Jenkins

Question 13

Which is not a capability that can be used when writing a Vault policy?

Options:

A.

read

B.

list

C.

delete

D.

create

E.

modify

F.

update

Question 14

What does the command terraform fmt do?

Options:

A.

formats the state file in order to ensure the latest state of resources can be obtained

B.

updates the font of the configuration file to the official font supported by HashiCorp

C.

rewrite Terraform configuration files to a canonical format and style

D.

deletes the existing configuration file

Question 15

Choose the correct answer which fixes the syntax of the following Terraform code:

Options:

A.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = var_Vault ELB

vpc_id = var.vpc_id

}

B.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = Vault ELB

vpc_id = var.vpc_id

}

C.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = "${Vault ELB}"

vpc_id = var.vpc_id

}

D.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = [Vault ELB]

vpc_id = var.vpc_id

}

E.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = "Vault ELB"

vpc_id = var.vpc_id

}

Question 16

What system endpoint can you query to determine which node is the leader of a cluster?

Options:

A.

/sys/tools

B.

/sys/leader

C.

/sys/health

D.

/sys/init

Question 17

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

Options:

A.

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

B.

path "secret/apps/*" {

capabilities = ["deny"]

}

C.

path "secret/apps/confidential" {

capabilities = ["deny"]

}

D.

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

Question 18

You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

Options:

A.

a vault policy is preventing you from logging in

B.

the vault configuration file has an incorrect configuration

C.

the consul storage backend was not configured correctly

D.

vault needs to be initialized before it can be used

Question 19

What is a downside to using a Terraform provider, such as the Vault provider, to interact with sensitive data, such as reading secrets from Vault?

Options:

A.

Terraform and Vault must be running on the same physical host

B.

Terraform and Vault must be running on the same version

C.

Terraform requires a unique auth method to work with Vault

D.

Secrets are persisted to the state file and plans

Question 20

By default, the max TTL for a token is how many days?

Options:

A.

14 days

B.

32 days

C.

31 days

D.

7 days

Question 21

While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

Options:

A.

JSON

B.

XML

C.

TypeScript

D.

YAML

Question 22

By default, where does Terraform store its state file?

Options:

A.

shared directory

B.

current working directory

C.

Amazon S3 bucket

D.

remotely using Terraform Cloud

Question 23

Which of the following actions are performed during a terraform init? (select three)

Options:

A.

provisions the declared resources in your configuration

B.

download the declared providers which are supported by HashiCorp

C.

initializes the backend configuration

D.

initializes downloaded and/or installed providers

Question 24

In a Consul cluster, participating nodes can be only one of two types. Select the valid types. (select two)

Options:

A.

follower

B.

secondary

C.

active

D.

primary

E.

leader

F.

passive

Question 25

Select all Operating Systems that Terraform is available for. (select five)

Options:

A.

Linux

B.

Windows

C.

Unix

D.

FreeBSD

E.

Solaris

F.

macOS

Question 26

You've deployed Vault in your production environment and are curious to understand metrics on your Vault cluster, such as the number of writes to the backend, the status of WALs, and the seal status. What feature would you configure in order to view these metrics?

Options:

A.

audit device

B.

telemetry

C.

nothing to configure, these are available in the Vault log found on the OS

D.

enable logs for each individual secrets engines

Question 27

What Terraform command can be used to inspect the current state file?

Options:

A.

terraform inspect

B.

terraform show

C.

terraform read

D.

terraform state

Question 28

Complete the following sentence:

The terraform state command can be used to ____

Options:

A.

view the entire state file

B.

modify the current state, such as removing items

C.

refresh the existing state

D.

there is no such command

Question 29

Select the operating systems which are supported for a clustered Terraform Enterprise: (select four)

Options:

A.

Unix

B.

Amazon Linux

C.

Red Hat

D.

Ubuntu

E.

CentOS

Question 30

Select the feature below that best completes the sentence:

The following list represents the different types of __________ available in Terraform.

1. max

2. min

3. join

4. replace

5. list

6. length

7. range

Options:

A.

named values

B.

backends

C.

functions

D.

data sources

Page: 1 / 8
Total 200 questions