New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

HashiCorp VA-002-P HashiCorp Certified: Vault Associate Exam Practice Test

Page: 1 / 20
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Question 1

What does the following API request return?

1. $ curl \

2. --header "X-Vault-Token: ..." \

3. --request POST \

4. --data @payload.json \

5. http://127.0.0.1:8200/v1/sys/tools/random/164

Options:

A.

a random string of 164 characters

B.

a random token valid for 164 uses

C.

None

D.

a secured secret based on 164 bytes of data

Question 2

A user has created a module called "my_test_module" and committed it to GitHub. Over time, several commits have been made with updates to the module, each tagged in GitHub with an incremental version number. Which of the following lines would be required in a module configuration block in terraform to select tagged version v1.0.4?

Options:

A.

source = "git::https://wpexpertsupport.com/my_test_module.git#tag=v1.0.4 "

B.

source = "git::https://wpexpertsupport.com/my_test_module.git@tag=v1.0.4 "

C.

source = "git::https://wpexpertsupport.com/my_test_module.git?ref=v1.0.4 "

D.

source = "git::https://wpexpertsupport.com/my_test_module.git &ref=v1.0.4"

Question 3

Which of the following is an invalid variable name?

Options:

A.

instance_name

B.

web

C.

var1

D.

count

Question 4

True or False:

Multiple providers can be declared within a single Terraform configuration file.

Options:

A.

False

B.

True

Question 5

You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource's current state, what must you do in order to prepare to manage these resources using Terraform?

Options:

A.

run terraform refresh to ensure that the state file has the latest information for existing resources.

B.

update the configuration file to include the new resources

C.

modify the Terraform state file to add the new resources

D.

shut down or stop using the resources being imported so no changes are inadvertently missed

Question 6

True or False:

State is a requirement for Terraform to function.

Options:

A.

True

B.

False

Question 7

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

Options:

A.

CVS Version Control

B.

GitHub Enterprise

C.

Bitbucket Cloud

D.

Azure DevOps Server

E.

GitHub

Question 8

Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward.

What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?

Options:

A.

resources that are manually deployed in the AWS console cannot be imported by Terraform

B.

using terraform import, import the existing infrastructure into your Terraform state

C.

delete the existing resources and recreate them using new a Terraform configuration so Terraform can manage them moving forward

D.

submit a ticket to AWS and ask them to export the state of all existing resources and use terraform import to import them into the state file

Question 9

In a Consul cluster, participating nodes can be only one of two types. Select the valid types. (select two)

Options:

A.

follower

B.

secondary

C.

active

D.

primary

E.

leader

F.

passive

Question 10

After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?

Options:

A.

ERROR

B.

INFO

C.

DEBUG

D.

WARN

E.

TRACE

Question 11

Which of the following commands will remove all secrets at a specific path?

Options:

A.

vault lease revoke -prefix

B.

vault delete lease -all

C.

vault lease revoke -all

D.

vault revoke -all

Question 12

An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like?

Requirement: Each user can perform all operations on their allocated key/value secret path

Options:

A.

path "user-kv/data/{{identity.entity.name}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

B.

path "user-kv/data/{{identity.entity.id.name}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

C.

path "user-kv/data/{{identity.entity.aliases.<>.id}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

D.

path "user-kv/data/{{user}}/*" {

capabilities = [ "create", "update", "read", "delete", "list" ]

}

Question 13

Vault policies are deny by default

Options:

A.

TRUE

B.

FALSE

Question 14

What happens when a terraform apply command is executed?

Options:

A.

applies the changes required in the target infrastructure in order to reach the desired configuration

B.

creates the execution plan for the deployment of resources

C.

reconciles the state Terraform knows about with the real-world infrastructure

D.

the backend is initialized and the working directory is prepped

Question 15

The security barrier protects all of the following Vault components except ___.

Options:

A.

secret engine

B.

auth method

C.

storage backend

D.

audit devices

E.

token store

Question 16

Which of the following connection types are supported by the remote-exec provisioner? (select two)

Options:

A.

rdp

B.

smb

C.

ssh

D.

winrm

Question 17

Which auth method is ideal for machine to machine authentication?

Options:

A.

GitHub

B.

UserPass

C.

AppRole

D.

Okta

Question 18

You have been given requirements to create a security group for a new application. Since your organization standardizes on Terraform, you want to add this new security group with the fewest number of lines

of code. What feature could you use to iterate over a list of required tcp ports to add to the new security group?

Options:

A.

terraform import

B.

splat expression

C.

dynamic block

D.

dynamic backend

Question 19

What are the primary benefits of running Vault in a production deployment over dev server mode? (select two)

Options:

A.

ability to enable auth methods

B.

persistent storage

C.

encryption via TLS

D.

faster deployment

E.

access to all of the secret engines

Question 20

When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:

Options:

A.

place a space in between each line

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

B.

align their equals signs

ami = "abc123"

instance_type = "t2.micro"

C.

place all arguments using a variable at the top

ami = var.aws_ami

instance_type = var.instance_size

subnet_id = "subnet-0bb1c79de3EXAMPLE"

tags = {

Name = "HelloWorld"

}

D.

put arguments in alphabetical order

name = "www.pythonfanclub.com "

records = [aws_eip.lb.public_ip]

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

Question 21

Which of the following commands will launch the Interactive console for Terraform interpolations?

Options:

A.

terraform

B.

terraform console

C.

terraform cmdline

D.

terraform cli

Question 22

Select all features which are exclusive to Terraform Enterprise. (select three)

Options:

A.

Audit Logs

B.

Cost Estimation

C.

Sentinel

D.

Clustering

E.

SAML/SSO

Question 23

What is a downside to using a Terraform provider, such as the Vault provider, to interact with sensitive data, such as reading secrets from Vault?

Options:

A.

Terraform and Vault must be running on the same physical host

B.

Terraform and Vault must be running on the same version

C.

Terraform requires a unique auth method to work with Vault

D.

Secrets are persisted to the state file and plans

Question 24

What type of token does not have a TTL (time to live)?

Options:

A.

default tokens

B.

parent tokens

C.

user tokens

D.

root tokens

E.

expired tokens

F.

child tokens

Question 25

True or False: When encrypting data with the transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.

Options:

A.

False

B.

True

Question 26

What does the command terraform fmt do?

Options:

A.

formats the state file in order to ensure the latest state of resources can be obtained

B.

updates the font of the configuration file to the official font supported by HashiCorp

C.

rewrite Terraform configuration files to a canonical format and style

D.

deletes the existing configuration file

Question 27

Why is it a good idea to declare the required version of a provider in a Terraform configuration file?

1. terraform {

2. required_providers {

3. aws = "~> 1.0"

4. }

5. }

Options:

A.

to remove older versions of the provider

B.

to ensure that the provider version matches the version of Terraform you are using

C.

providers are released on a separate schedule from Terraform itself; therefore a newer version could introduce breaking changes

D.

to match the version number of your application being deployed via Terraform

Question 28

Environment variables can be used to set variables. The environment variables must be in the format "____"_. Select the correct prefix string from the following list.

Options:

A.

TF_VAR

B.

TF_VAR_NAME

C.

TF_ENV

D.

TF_ENV_VAR

Question 29

In regards to Terraform state file, select all the statements below which are correct: (select four)

Options:

A.

storing state remotely can provide better security

B.

the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access

C.

Terraform Cloud always encrypts state at rest

D.

using the mask feature, you can instruct Terraform to mask sensitive data in the state file

E.

when using local state, the state file is stored in plain-text

F.

the state file is always encrypted at rest

Question 30

Given the following screenshot, how many secrets engines have been enabled?

Question # 30

Options:

A.

4

B.

3

C.

5

D.

2

Page: 1 / 20
Total 200 questions