Online VA-002-P Test Brain Dump Question and Test Engine
Real HashiCorp VA-002-P Exam Dumps with Correct 202 Questions and Answers
NEW QUESTION 68
What is the purpose of using the local-exec provisioner? (select two)
- A. to invoke a local executable
- B. to execute one or more commands on the machine running Terraform
- C. ensures that the resource is only executed in the local infrastructure where Terraform is deployed
- D. executes a command on the resource to invoke an update to the Terraform state
Answer: A,B
Explanation:
The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.
Note that even though the resource will be fully created when the provisioner is run, there is no guarantee that it will be in an operable state - for example, system services such as sshd may not be started yet on compute resources.
NEW QUESTION 69
Vault configuration files can be written in what languages? (select two)
- A. HCL
- B. YAML
- C. JSON
- D. XML
Answer: A,C
Explanation:
The Vault configuration file supports either JSON or HCL, which is HashiCorp Configuration Language
NEW QUESTION 70
After a client has authenticated, what security feature is used to make subsequent calls?
- A. listener
- B. ldap
- C. key shard
- D. pgp
- E. token
- F. path
Answer: E
Explanation:
After authenticating, a client is issued a security token which is associated with a policy. That token is used to make a subsequent request to Vault, such as read, write, etc.
NEW QUESTION 71
True or False: You can migrate the Terraform backend but only if there are no resources currently being managed.
- A. False
- B. True
Answer: A
Explanation:
If you are already using Terraform to manage infrastructure, you probably want to transfer to another backend, such as Terraform Cloud, so you can continue managing it. By migrating your Terraform state, you can hand off infrastructure without de-provisioning anything.
NEW QUESTION 72
When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)
- A. interactively on the command line
- B. command-line key/value pairs
- C. directly querying HashiCorp Vault for the secrets
- D. use the -backend-config=PATH to specify a separate config file
Answer: A,B,D
Explanation:
You do not need to specify every required argument in the backend configuration. Omitting certain arguments may be desirable to avoid storing secrets, such as access keys, within the main configuration. When some or all of the arguments are omitted, we call this a partial configuration.
With a partial configuration, the remaining configuration arguments must be provided as part of the initialization process. There are several ways to supply the remaining arguments:
Interactively: Terraform will interactively ask you for the required values unless interactive input is disabled. Terraform will not prompt for optional values.
File: A configuration file may be specified via the init command line. To specify a file, use the -backend-config=PATH option when running terraform init. If the file contains secrets it may be kept in a secure data store, such as Vault, in which case it must be downloaded to the local disk before running Terraform.
Command-line key/value pairs: Key/value pairs can be specified via the init command line. Note that many shells retain command-line flags in a history file, so this isn't recommended for secrets. To specify a single key/value pair, use the -backend-config="KEY=VALUE" option when running terraform init.
NEW QUESTION 73
After logging into the Vault UI, a user complains that they cannot enable Replication. Why would the replication configuration be missing?
- A. Vault is running an open-source version
- B. replication configuration isn't available in the UI
- C. replication hasn't been enabled
- D. replication wasn't configured in the Vault configuration file
Answer: A
Explanation:
Replication is not available in open-source versions of Vault. It is an enterprise feature.
NEW QUESTION 74
Which of the following is considered a Terraform plugin?
- A. Terraform language
- B. Terraform logic
- C. Terraform provider
- D. Terraform tooling
Answer: C
Explanation:
Terraform is built on a plugin-based architecture. All providers and provisioners that are used in Terraform configurations are plugins, even the core types such as AWS and Heroku. Users of Terraform are able to write new plugins in order to support new functionality in Terraform.
NEW QUESTION 75
After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?
1. Key Value
2. --- -----
3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
- A. the data is stored in Vault using a KV v2 secrets engine
- B. the original encryption key has been rotated at least once
- C. this is the second version of the encrypted data
- D. similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option
Answer: B
Explanation:
When data is encrypted using Vault, the resulting ciphertext is prepended by the version of the key used to encrypt it. In this case, the version is v2, which means that the encryption key was rotated at least one time. Any data that was encrypted with the original key would have been prepended with vault:v1 To rotate a key, use the command vault write -f transit/keys/<key name>/rotate Reference link:- https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit
NEW QUESTION 76
A user has created three workspaces using the command line - prod, dev, and test. The user wants to create a fourth workspace named stage. Which command will the user execute to accomplish this?
- A. terraform workspace -new stage
- B. terraform workspace create stage
- C. terraform workspace -create stage
- D. terraform workspace new stage
Answer: D
Explanation:
The terraform workspace new command is used to create a new workspace. https://www.terraform.io/docs/commands/workspace/new.html
NEW QUESTION 77
True or False:
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. If the drift is detected between the real-world infrastructure and the last known-state, it will modify the infrastructure to correct the drift.
- A. False
- B. True
Answer: A
Explanation:
The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file.
This does not modify infrastructure but does modify the state file. If the state is changed, this may cause changes to occur during the next plan or apply.
https://www.terraform.io/docs/commands/refresh.html
NEW QUESTION 78
To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault
- A. False
- B. True
Answer: A
Explanation:
It is generally considered a best practice to not persist root tokens. Instead, a root token should be generated using Vault's operator generate-root command only when absolutely necessary.
For day-to-day operations, the root token should be deleted after configuring other auth methods which will be used by admins and Vault clients.
NEW QUESTION 79
An application requires a specific key/value to be updated in order to process a batch job. The value should be either "true" or "false". However, when developers have been updating the value, sometimes they mistype the value or capitalize on the value, causing the batch job not to run. What feature of a Vault policy can be used in order to restrict the entry to the required values?
- A. add a deny statement for all possible misspellings of the value
- B. added an allowed_parameters value to the policy
- C. change the policy to include the list capability
- D. use a * wildcard at the end of the policy
Answer: B
Explanation:
allowed_parameters - Whitelists a list of keys and values that are permitted on the given path.
Setting a parameter with a value of the empty list allows the parameter to contain any value.
Reference link:- https://www.vaultproject.io/docs/concepts/policies
NEW QUESTION 80
What could you do with the feature found in the screenshot below? (select two)
- A. using a short TTL, you could encrypt data in order to place only the encrypted data in Vault
- B. use response-wrapping to protect data
- C. encrypt the Vault master key that is stored in memory
- D. encrypt sensitive data to send to a colleague over email
Answer: B,D
Explanation:
Vault includes a feature called response wrapping. When requested, Vault can take the response it would have sent to an HTTP client and instead insert it into the cubbyhole of a single-use token, returning that single-use token instead.
NEW QUESTION 81
Permissions for Vault backend functions are available at which path?
- A. admin/
- B. vault/
- C. backend/
- D. system/
- E. sys/
- F. security/
Answer: E
Explanation:
All backend system functions stored in the sys/ backend.
The system backend is a default backend in Vault that is mounted at the /sys endpoint. This endpoint cannot be disabled or moved, and is used to configure Vault and interact with many of Vault's internal features.
NEW QUESTION 82
Which of the following is an invalid variable name?
- A. web
- B. count
- C. instance_name
- D. var1
Answer: B
Explanation:
count is a reserved word. The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number.
https://www.terraform.io/intro/examples/count.html
NEW QUESTION 83
Which commands are available only after Vault has been unsealed? (select two)
- A. vault operator unseal
- B. vault kv get kv/apps/app01
- C. vault login -method=ldap -username=vault
- D. vault status
Answer: B,C
Explanation:
Once Vault is unsealed, you can run vault login -method=ldap -username=vault and vault kv get kv/apps/app01. The second command assumes that you have authenticated but it cannot be run unless Vault is unsealed. vault status can be run regardless of Vault is sealed or unsealed, and vault operator unseal can only be run when the vault is sealed.
NEW QUESTION 84
In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)
- A. issuing a vault kv metadata delete statement permanently deletes the secret
- B. issuing a vault kv destroy statement deletes all versions of a secret
- C. issuing a vault kv delete statement performs a soft delete
- D. issuing a vault kv delete statement permanently deletes the secret
- E. issuing a vault kv destroy statement permanently deletes a single version of a secret
Answer: A,C,E
Explanation:
The kv delete command is like a soft delete which deletes the data for the provided path in the key/value secrets engine. If using K/V Version 2, its versioned data will not be fully removed, but marked as deleted and will no longer be available for normal get requests.
The kv destroy command permanently removes the specified versions' data from the key/value secrets engine. If no key exists at the path, no action is taken. It does not deletes all versions of a secret.
The kv metadata delete command deletes all versions and metadata for the provided key.
NEW QUESTION 85
In a Consul cluster, participating nodes can be only one of two types. Select the valid types. (select two)
- A. passive
- B. primary
- C. leader
- D. active
- E. secondary
- F. follower
Answer: C,F
Explanation:
Within each datacenter, we have a mixture of clients and servers. It is expected that there be between three to five servers. This strikes a balance between availability in the case of failure and performance, as consensus gets progressively slower as more machines are added. However, there is no limit to the number of clients, and they can easily scale into the thousands or tens of thousands.
Server or Leader - It indicates whether the agent is running in server or client mode. Server nodes participate in the consensus quorum, storing cluster state, and handling queries. At any given time, the peer set elects a single node to be the leader. The leader is responsible for ingesting new log entries, replicating to followers, and managing when an entry is considered committed.
Client or Follower - Client nodes make up the majority of the cluster, and they are very lightweight as they interface with the server nodes for most operations and maintain a very little state of their own.
Reference link:- https://www.consul.io/docs/internals/architecture.html
NEW QUESTION 86
From the answers below, select the advantages of using Infrastructure as Code. (select four)
- A. Easily change and update existing infrastructure
- B. Easily integrate with application workflows (GitLab Actions, Azure DevOps, CI/CD tools)
- C. Provide a codified workflow to develop customer-facing applications
- D. Safely test modifications using a "dry run" before applying any actual changes
- E. Provide reusable modules for easy sharing and collaboration
Answer: A,B,D,E
Explanation:
Infrastructure as Code is not used to develop applications, but it can be used to help deploy or provision those applications to a public cloud provider or on-premises infrastructure.
All of the others are benefits to using Infrastructure as Code over the traditional way of managing infrastructure, regardless if it's public cloud or on-premises.
NEW QUESTION 87
......
HashiCorp VA-002-P Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Valid VA-002-P Test Answers & HashiCorp VA-002-P Exam PDF: https://surepass.free4dump.com/VA-002-P-real-dump.html