New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

HashiCorp VA-002-P HashiCorp Certified: Vault Associate Exam Practice Test

Page: 1 / 20
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

How can Vault be used to programmatically obtain a generated code for MFA, somewhat similar to Google Authenticator?

Options:

A.

cubbyhole

B.

the identity secrets engine

C.

TOTP secrets engine

D.

the random byte generator

Question 2

The following is a snippet from a Terraform configuration file:

1. provider "aws" {

2. region = "us-east-1"

3. }

4. provider "aws" {

5. region = "us-west-1"

6. }

which, when validated, results in the following error:-

1. Error: Duplicate provider configuration

2.

3. on main.tf line 5:

4. 5: provider "aws" {

5.

6. A default provider configuration for "aws" was already given at

7. main.tf:1,1-15. If multiple configurations are required, set the "______"

8. argument for alternative configurations.

Fill in the blank in the error message with the correct string from the list below.

Options:

A.

label

B.

version

C.

alias

D.

multi

Question 3

Which of the following best describes the default local backend?

Options:

A.

The local backend stores state on the local filesystem locks the state using system APIs and performs operations locally.

B.

The local backend is the directory where resources deployed by Terraform have direct access to in order to update their current state

C.

The local backend is how Terraform connects to public cloud services, such as AWS, Azure, or GCP.

D.

The local backend is where Terraform Enterprise stores logs to be processed by a log collector

Question 4

What is the result of the following terraform function call?

zipmap(["a", "b"], [1, 2])

Options:

A.

{

"a",

"b",

"1",

"2",

}

B.

[

"a",

"b",

"1",

"2",

]

C.

{

"a" = 1

"b" = 2

}

D.

[

"a" = 1

"b" = 2

]

Question 5

Which of the following actions are performed during a terraform init? (select three)

Options:

A.

provisions the declared resources in your configuration

B.

download the declared providers which are supported by HashiCorp

C.

initializes the backend configuration

D.

initializes downloaded and/or installed providers

Question 6

When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

Options:

A.

2

B.

5

C.

4

D.

1

Question 7

Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?

Options:

A.

required-provider

B.

required_versions

C.

required_providers

D.

required-version

Question 8

In regards to Terraform state file, select all the statements below which are correct: (select four)

Options:

A.

storing state remotely can provide better security

B.

the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access

C.

Terraform Cloud always encrypts state at rest

D.

using the mask feature, you can instruct Terraform to mask sensitive data in the state file

E.

when using local state, the state file is stored in plain-text

F.

the state file is always encrypted at rest

Question 9

You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?

Options:

A.

disaster recovery replication

B.

single-node replication

C.

performance replication

D.

end-to-end replication

Question 10

You've set up multiple Vault clusters, one on-premises which is intended to be the primary cluster, and the second cluster in AWS, which was deployed to be used for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What happened?

Options:

A.

the data was moved to a recovery path after replication was enabled. Use the vault secrets move command to move the data back to its intended location

B.

there is a certificate mismatch after replication was enabled since Vault replication generates its own TLS certificates to ensure nodes are trusted entities

C.

the data was automatically copied to the primary cluster after replication was enabled since all writes are always forwarded to the primary cluster

D.

all of the data on the secondary cluster was deleted after replication was enabled

Question 11

True or False? By default, Terraform destroy will prompt for confirmation before proceeding.

Options:

A.

True

B.

False

Question 12

While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

Options:

A.

JSON

B.

XML

C.

TypeScript

D.

YAML

Question 13

True or False:

Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to include the features of a KV v2 secrets engine.

Options:

A.

True

B.

False

Question 14

After a client has authenticated, what security feature is used to make subsequent calls?

Options:

A.

key shard

B.

ldap

C.

pgp

D.

token

E.

listener

F.

path

Question 15

What Terraform feature is shown in the example below?

1. resource "aws_security_group" "example" {

2. name = "sg-app-web-01"

3. dynamic "ingress" {

4. for_each = var.service_ports

5. content {

6. from_port = ingress.value

7. to_port = ingress.value

8. protocol = "tcp"

9. }

10. }

11. }

Options:

A.

data source

B.

dynamic block

C.

local values

D.

conditional expression

Question 16

When Vault is sealed, which are the only two options available to a Vault administrator? (select two)

Options:

A.

rotate the encryption key

B.

unseal Vault

C.

view the status of Vault

D.

configure policies

E.

author security policies

F.

view data stored in the key/value store

Question 17

What could you do with the feature found in the screenshot below? (select two)

Options:

A.

encrypt the Vault master key that is stored in memory

B.

using a short TTL, you could encrypt data in order to place only the encrypted data in Vault

C.

encrypt sensitive data to send to a colleague over email

D.

use response-wrapping to protect data

Question 18

Why might a user opt to include the following snippet in their configuration file?

1. terraform {

2. required_version = ">= 0.12"

3. }

Options:

A.

this ensures that all Terraform providers are above a certain version to match the application being deployed

B.

the user wants to ensure that the application being deployed is a minimum version of 0.12

C.

versions before Terraform 0.12 were not approved by HashiCorp to be used in production

D.

Terraform 0.12 introduced substantial changes to the syntax used to write Terraform configuration

Question 19

True or False:

The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. If the drift is detected between the real-world infrastructure and the last known-state, it will modify the infrastructure to correct the drift.

Options:

A.

False

B.

True

Question 20

Which type of Vault replication copies all data from Vault, including K/V data, policies, and client tokens?

Options:

A.

DR replication

B.

performance replication

C.

failover replication

D.

online replication

Question 21

What happens when a terraform plan is executed?

Options:

A.

the backend is initialized and the working directory is prepped

B.

creates an execution plan and determines what changes are required to achieve the desired state in the configuration files.

C.

applies the changes required in the target infrastructure in order to reach the desired configuration

D.

reconciles the state Terraform knows about with the real-world infrastructure

Question 22

Terraform has detailed logs which can be enabled by setting the _________ environmental variable.

Options:

A.

TF_LOG

B.

TF_TRACE

C.

TF_DEBUG

D.

TF_INFO

Question 23

After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?

1. Key Value

2. --- -----

3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

Options:

A.

the original encryption key has been rotated at least once

B.

this is the second version of the encrypted data

C.

similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option

D.

the data is stored in Vault using a KV v2 secrets engine

Question 24

An application is trying to use a secret in which the lease has expired. What can be done in order for the application to successfully request data from Vault?

Options:

A.

request a new secret and associated lease

B.

try the expired secret in hopes it hasn't been deleted yet

C.

request the TTL be extended for the secret

D.

perform a lease renewal

Question 25

Environment variables can be used to set variables. The environment variables must be in the format "____"_. Select the correct prefix string from the following list.

Options:

A.

TF_VAR

B.

TF_VAR_NAME

C.

TF_ENV

D.

TF_ENV_VAR

Question 26

An application requires a specific key/value to be updated in order to process a batch job. The value should be either "true" or "false". However, when developers have been updating the value, sometimes they mistype the value or capitalize on the value, causing the batch job not to run. What feature of a Vault policy can be used in order to restrict the entry to the required values?

Options:

A.

added an allowed_parameters value to the policy

B.

use a * wildcard at the end of the policy

C.

change the policy to include the list capability

D.

add a deny statement for all possible misspellings of the value

Question 27

Which of the following connection types are supported by the remote-exec provisioner? (select two)

Options:

A.

rdp

B.

smb

C.

ssh

D.

winrm

Question 28

What feature of Terraform Cloud and/or Terraform Enterprise can you publish and maintain a set of custom modules which can be used within your organization?

Options:

A.

custom VCS integration

B.

remote runs

C.

private module registry

D.

Terraform registry

Question 29

Select all features which are exclusive to Terraform Enterprise. (select three)

Options:

A.

Audit Logs

B.

Cost Estimation

C.

Sentinel

D.

Clustering

E.

SAML/SSO

Question 30

In the example below, the depends_on argument creates what type of dependency?

1. esource "aws_instance" "example" {

2. ami = "ami-2757f631"

3. instance_type = "t2.micro"

4. depends_on = [aws_s3_bucket.company_data]

5. }

Options:

A.

non-dependency resource

B.

implicit dependency

C.

explicit dependency

D.

internal dependency

Page: 1 / 20
Total 200 questions