HashiCorp VA-002-P Study Guide Archives Updated on Aug 07, 2022
Download VA-002-P Mock Test Study Material
NEW QUESTION 54
What command is used to renew a token, if permitted?
- A. vault operator token renew
- B. vault new <token-id>
- C. vault token update
- D. vault update token
- E. vault token renew
- F. vault renew token <token-id>
Answer: E
Explanation:
In order to renew a token, a user can issue a vault token renew command to extend the TTL. The token can also be renewed using the API
NEW QUESTION 55
Vault has failed to start. You inspect the log and find the error below. What needs to be changed in order to successfully start Vault?
"Error parsing config.hcl: At 1:12: illegal char"
- A. line 1 on the config file is blank
- B. the " character cannot be used in the config file
- C. you must use single quotes vs double quotes in the config file
- D. fix the syntax error in the Vault configuration file
Answer: D
Explanation:
It implies that there is a syntax error in the configuration file. The exact location of the error in the file can be identified in the error message
NEW QUESTION 56
Which type of Vault replication copies all data from Vault, including K/V data, policies, and client tokens?
- A. online replication
- B. performance replication
- C. failover replication
- D. DR replication
Answer: D
Explanation:
Vault Enterprise supports multi-datacenter deployment where you can replicate data across data centers for performance as well as disaster recovery.
In DR replication, secondary clusters do not forward service read or write requests until they are elevated and become a new primary.
DR replicated cluster will replicate all data from the primary cluster, including tokens. A performance replicated cluster, however, will not replicate the tokens from the primary, as the performance replicated cluster will generate its own client tokens for requests made directly to it.
In performance replication, secondaries keep track of their own tokens and leases but share the underlying configuration, policies, and supporting secrets (K/V values, encryption keys for transit, etc).
Note: Failover and Online replication, there is no such replication exist in hashicorp vault.
Check below links for more details:-
https://www.vaultproject.io/docs/enterprise/replication
https://learn.hashicorp.com/vault/operations/ops-disaster-recovery
NEW QUESTION 57
Which of the following commands will remove all secrets at a specific path?
- A. vault lease revoke -prefix <path>
- B. vault delete lease -all <path>
- C. vault lease revoke -all <path>
- D. vault revoke -all <path>
Answer: A
Explanation:
The -prefix flag treats the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously.
NEW QUESTION 58
After logging into the Vault UI, a user complains that they cannot enable Replication. Why would the replication configuration be missing?
- A. replication configuration isn't available in the UI
- B. replication hasn't been enabled
- C. replication wasn't configured in the Vault configuration file
- D. Vault is running an open-source version
Answer: D
Explanation:
Replication is not available in open-source versions of Vault. It is an enterprise feature.
NEW QUESTION 59
Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?
- A. terraform taint
- B. terraform refresh
- C. terraform fmt
- D. terraform destroy
Answer: A
Explanation:
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. This command will not modify infrastructure but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated. The next terraform apply will implement this change.
NEW QUESTION 60
A user has created a module called "my_test_module" and committed it to GitHub. Over time, several commits have been made with updates to the module, each tagged in GitHub with an incremental version number. Which of the following lines would be required in a module configuration block in terraform to select tagged version v1.0.4?
- A. source = "git::https://wpexpertsupport.com/my_test_module.git?ref=v1.0.4"
- B. source = "git::https://wpexpertsupport.com/my_test_module.git@tag=v1.0.4"
- C. source = "git::https://wpexpertsupport.com/my_test_module.git#tag=v1.0.4"
- D. source = "git::https://wpexpertsupport.com/my_test_module.git&ref=v1.0.4"
Answer: A
Explanation:
By default, Terraform will clone and use the default branch (referenced by HEAD) in the selected repository. You can override this using the ref argument:
module "vpc" {source = "git::https://wpexpertsupport.com/vpc.git?ref=v1.2.0"} The value of the ref argument can be any reference that would be accepted by the git checkout command, including branch and tag names.
https://www.terraform.io/docs/modules/sources.html#selecting-a-revision
NEW QUESTION 61
After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?
- A. DEBUG
- B. ERROR
- C. WARN
- D. INFO
- E. TRACE
Answer: E
Explanation:
Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN, or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.
NEW QUESTION 62
Select the two default policies created in Vault. (select two)
- A. base
- B. user
- C. admin
- D. default
- E. root
- F. vault
Answer: D,E
Explanation:
Vault creates two default policies; root, and default.
The root policy cannot be deleted or modified.
The default policy is attached to all tokens, by default, however, this action can be modified if needed.
NEW QUESTION 63
What Terraform command can be used to inspect the current state file?
- A. terraform state
- B. terraform read
- C. terraform inspect
- D. terraform show
Answer: D
Explanation:
The terraform show command is used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.
Machine-readable output can be generated by adding the -json command-line flag.
Note: When using the -json command-line flag, any sensitive values in Terraform state will be displayed in plain text.
NEW QUESTION 64
Terraform has detailed logs which can be enabled by setting the _________ environmental variable.
- A. TF_LOG
- B. TF_DEBUG
- C. TF_TRACE
- D. TF_INFO
Answer: A
Explanation:
Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN, or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.
https://www.terraform.io/docs/internals/debugging.html
NEW QUESTION 65
When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)
1. terraform {
2. required_providers {
3. aws = "~> 1.2.0"
4. }
5. }
- A. 1.3.0
- B. 1.3.1
- C. 1.2.3
- D. 1.2.9
Answer: C,D
Explanation:
~> 1.2.0 will match any non-beta version of the provider between >= 1.2.0 and < 1.3.0. For example, 1.2.X
https://www.terraform.io/docs/configuration/modules.html#gt-1-2-0-1
NEW QUESTION 66
In terraform, most resource dependencies are handled automatically. Which of the following statements describes best how terraform resource dependencies are handled?
- A. Resource dependencies are handled automatically by the depends_on meta_argument, which is set to true by default.
- B. Resource dependencies are identified and maintained in a file called resource. dependencies. Each terraform provider is required to maintain a list of all resource dependencies for the provider and it's included with the plugin during initialization when terraform init is executed. The file is located in the terraform.d folder.
- C. The terraform binary contains a built-in reference map of all defined Terraform resource dependencies. Updates to this dependency map are reflected in terraform versions. To ensure you are working with the latest resource dependency map you much be running the latest version of Terraform.
- D. Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.
Answer: D
Explanation:
Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.
https://www.terraform.io/docs/configuration/resources.html
NEW QUESTION 67
A user creates three workspaces from the command line - prod, dev, and test. Which of the following commands will the user run to switch to the dev workspace?
- A. terraform workspace -switch dev
- B. terraform workspace select dev
- C. terraform workspace dev
- D. terraform workspace switch dev
Answer: B
Explanation:
The terraform workspace select command is used to choose a different workspace to use for further operations. https://www.terraform.io/docs/commands/workspace/select.html
NEW QUESTION 68
Which statements best describes what the local variable assignment is doing in the following code snippet:
1. variable "subnet_details" {
2. type = list(object({
3. cidr = string
4. subnet_name = string
5. route_table_name = string
6. aznum = number
7. }))
8. }
9. locals {
10. route_tables_all = distinct([for s in var.subnet_details : s.route_table_name ])
11. }
- A. Create a map of route table names from a list of subnet names
- B. Create a distinct list of route table name objects
- C. Create a list of route table names eliminating duplicates
- D. Create a map of route table names to subnet names
Answer: C
Explanation:
route_tables_all is assigned a list of unique route table names filtered from a list of objects describing subnet details, one of those object attributes being route_table_name.
NEW QUESTION 69
You've logged into the Vault CLI and attempted to enable an auth method, but received this error message. What can be done to resolve the error and configure Vault?
Error enabling userpass auth: Post https://127.0.0.1:8200/v1/sys/auth/userpass: http: server gave HTTP response to HTTPS client
- A. restart the Vault service on this node
- B. ask an admin to grant you permission to enable the userpass auth method
- C. set the VAULT_ADDR environment variable to HTTP
- D. change 'userpass' to 'username and password'
Answer: C
Explanation:
If you're running Vault in a non-prod environment, you can configure Vault to disable TLS.
In this case, TLS has been disabled but the default value for VAULT_ADDR is https://127.0.0.1:8200, therefore Vault is sending the request over HTTPS but Vault is responding using HTTP since TLS is disabled.
To handle this error, set the VAULT_ADDR environment variable to "http://127.0.0.1:8200".
NEW QUESTION 70
Select all features which are exclusive to Terraform Enterprise. (select three)
- A. Clustering
- B. Cost Estimation
- C. SAML/SSO
- D. Audit Logs
- E. Sentinel
Answer: A,C,D
Explanation:
Sentinel and Cost Estimation are both available in Terraform Cloud, though not at the free tier level.
NEW QUESTION 71
Unsealing Vault creates the encryption keys, which is used to unencrypt the data on the storage backend.
- A. TRUE
- B. FALSE
Answer: B
Explanation:
Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key to decrypt the data, allowing access to the Vault. The master key is used to decrypt the encryption key which can unencrypt the data on the storage backend.
NEW QUESTION 72
Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)
- A. can be used across major cloud providers and VM hypervisors
- B. operations teams only need to learn and manage a single tool to manage infrastructure, regardless of where the infrastructure is deployed
- C. slower provisioning speed allows the operations team to catch mistakes before they are applied
- D. increased risk due to all infrastructure relying on a single tool for management
Answer: A,B
Explanation:
Using a tool like Terraform can be advantageous for organizations deploying workloads across multiple public and private cloud environments. Operations teams only need to learn a single tool, single language, and can use the same tooling to enable a DevOps-like experience and workflows.
NEW QUESTION 73
HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform features are only available in the Enterprise edition? (select four)
- A. Private Module Registry
- B. Clustering
- C. SAML/SSO
- D. Private Network Connectivity
- E. Audit Logs
- F. Sentinel
Answer: B,C,D,E
Explanation:
While there are a ton of features that are available to open source users, many features that are part of the Enterprise offering are geared towards larger teams and enterprise functionality.
NEW QUESTION 74
Which two interfaces automatically assume the token for subsequent requests after successfully authenticating? (select two)
- A. CLI
- B. UI
- C. Consul
- D. API
Answer: A,B
Explanation:
After authenticating, the UI and CLI automatically assume the token for all subsequent requests. The API, however, requires the user to extract the token from the server response after authenticating in order to send with subsequent requests.
NEW QUESTION 75
Environment variables can be used to set variables. The environment variables must be in the format "____"_<variablename>. Select the correct prefix string from the following list.
- A. TF_ENV
- B. TF_ENV_VAR
- C. TF_VAR_NAME
- D. TF_VAR
Answer: D
Explanation:
Environment variables can be used to set variables. The environment variables must be in the format TF_VAR_name and this will be checked last for a value. For example:
export TF_VAR_region=us-west-1
export TF_VAR_ami=ami-049d8641
export TF_VAR_alist='[1,2,3]'
export TF_VAR_amap='{ foo = "bar", baz = "qux" }'
https://www.terraform.io/docs/commands/environment-variables.html
NEW QUESTION 76
Which of the following actions are performed during a terraform init? (select three)
- A. initializes downloaded and/or installed providers
- B. initializes the backend configuration
- C. download the declared providers which are supported by HashiCorp
- D. provisions the declared resources in your configuration
Answer: A,B,C
Explanation:
The terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.
NEW QUESTION 77
A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API. What can be done to resolve this issue?
- A. add LIST to the policy so the user can browse the paths leading up to the key/value's path
- B. remove the deny policy blocking access to the secrets/apps/app1 path
- C. modify the policy to allow the create permission
- D. add read permissions to the path secrets/apps
Answer: A
Explanation:
To view the paths leading up to the secrets/apps/app1 path in the user interface, the user must have at least LIST permissions to avoid permission denied error in the UI.
NEW QUESTION 78
......
HashiCorp VA-002-P Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
VA-002-P Questions Prepare with Learning Information: https://certkiller.passleader.top/HashiCorp/VA-002-P-exam-braindumps.html