• Home
  • Articles
  • Updated Oct-2023 100% Cover Real VA-002-P Exam Questions Make Sure You 100% Pass [Q62-Q78]

Updated Oct-2023 100% Cover Real VA-002-P Exam Questions Make Sure You 100% Pass [Q62-Q78]

Share

Updated Oct-2023 100% Cover Real VA-002-P Exam Questions Make Sure You 100% Pass

VA-002-P dumps Accurate Questions and Answers with Free and Fast Updates


The VA-002-P exam is designed for individuals who want to demonstrate their knowledge of Vault and its features. It is an entry-level exam that tests the skills and knowledge required to use Vault in a production environment. VA-002-P exam covers topics such as Vault architecture, installation, configuration, and usage.

 

NEW QUESTION # 62
As opposed to service tokens, batch tokens are ideal for what type of action?

  • A. generating dynamic credentials
  • B. configuring Vault features
  • C. issuing snapshots
  • D. encrypting data
  • E. writing secrets
  • F. renewing tokens

Answer: D

Explanation:
Batch tokens are generally used for encrypting data because they are lightweight and scalable and also include enough information to use with Vault.


NEW QUESTION # 63
What happens when a terraform plan is executed?

  • A. reconciles the state Terraform knows about with the real-world infrastructure
  • B. applies the changes required in the target infrastructure in order to reach the desired configuration
  • C. the backend is initialized and the working directory is prepped
  • D. creates an execution plan and determines what changes are required to achieve the desired state in the configuration files.

Answer: D

Explanation:
The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.
After a plan has been run, it can be executed by running a terraform apply


NEW QUESTION # 64
Vault secrets engines are used to do what with data? (select three)

  • A. generate
  • B. copy
  • C. encrypt
  • D. transmit
  • E. store

Answer: A,C,E

Explanation:
Vault secrets engines are used to store, generate, or encrypt data.
The KV secrets engine can store data, AWS can generate credentials, and the transit secret engine can encrypt data.


NEW QUESTION # 65
Select the most accurate statement to describe the Terraform language from the following list.

  • A. Terraform is a mutable, procedural, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally YAML.
  • B. Terraform is a mutable, declarative, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.
  • C. Terraform is an immutable, procedural, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.
  • D. Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.

Answer: D

Explanation:
Terraform is not a configuration management tool - https://www.terraform.io/intro/vs/chef-puppet.html Terraform is a declarative language - https://www.terraform.io/docs/configuration/index.html Terraform supports a syntax that is JSON compatible - https://www.terraform.io/docs/configuration/syntax-json.html Terraform is primarily designed on immutable infrastructure principles - https://www.hashicorp.com/resources/what-is-mutable-vs-immutable-infrastructure


NEW QUESTION # 66
What is the purpose of using the local-exec provisioner? (select two)

  • A. executes a command on the resource to invoke an update to the Terraform state
  • B. to invoke a local executable
  • C. ensures that the resource is only executed in the local infrastructure where Terraform is deployed
  • D. to execute one or more commands on the machine running Terraform

Answer: B,D


NEW QUESTION # 67
Why might a user opt to include the following snippet in their configuration file?
1. terraform {
2. required_version = ">= 0.12"
3. }

  • A. the user wants to ensure that the application being deployed is a minimum version of 0.12
  • B. versions before Terraform 0.12 were not approved by HashiCorp to be used in production
  • C. Terraform 0.12 introduced substantial changes to the syntax used to write Terraform configuration
  • D. this ensures that all Terraform providers are above a certain version to match the application being deployed

Answer: C

Explanation:
You can use required_version to ensure that a user deploying infrastructure is using Terraform 0.12 or greater, due to the vast number of changes that were introduced. As a result, many previously written configurations had to be converted or rewritten.


NEW QUESTION # 68
Which TCP port does Vault use, by default, for its API and UI?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4
  • F. 5

Answer: F

Explanation:
By default, Vault uses port 8200 for its API and UI.
8201 is used for the cluster to cluster communication,
8300 is used for Consul Server RPC,
8500 is used for the Consul interface,
8600 is used for Consul DNS,
and 8301 is used for its LAN gossip protocol.


NEW QUESTION # 69
In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?

  • A. seal/unseal
  • B. secrets engine
  • C. replication
  • D. plugins
  • E. snapshots

Answer: C

Explanation:
To extend Vault beyond a data center or cloud regional boundary, replication can be used. Vault supports both DR replication and Performance replication to copy data from the primary cluster to a secondary cluster safely.


NEW QUESTION # 70
Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)

  • A. path "secrets/apps/*" {
    capabilities = ["create"]
    allowed_parameters = {
    "foo" = ["bar", "zip"]
    }
    }
  • B. path "secrets/+/my_secret" {
    capabilities = ["create"]
    allowed_parameters = {
    "*" = ["bar"]
    }
    }
  • C. path "secrets/apps/my_secret" {
    capabilities = ["create"]
    allowed_parameters = {
    "foo" = []
    }
    }
  • D. path "secrets/apps/my_secret" {
    capabilities = ["update"]
    }

Answer: B,C

Explanation:
Setting a parameter with a value of the empty list allows the parameter to contain any value.
Setting a parameter with a value of a populated list allows the parameter to contain only those values.
If any keys are specified, all non-specified parameters will be denied unless the parameter "*" is set to an empty array, which will allow all other parameters to be modified. Parameters with specific values will still be restricted to those values.


NEW QUESTION # 71
Complete the following sentence:
For the local state, the workspaces are stored directly in a...

  • A. directory called terraform.workspaces.tfstate
  • B. directory called terraform.tfstate.d
  • C. a file called terraform.tfstate
  • D. a file called terraform.tfstate.backup

Answer: B

Explanation:
For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d.
https://www.terraform.io/docs/state/workspaces.html#workspace-internals


NEW QUESTION # 72
In the example below, where is the value of the DNS record's IP address originating from?
1. resource "aws_route53_record" "www" {
2. zone_id = aws_route53_zone.primary.zone_id
3. name = "www.helloworld.com"
4. type = "A"
5. ttl = "300"
6. records = [module.web_server.instance_ip_addr]
7. }

  • A. the output of a module named web_server
  • B. by querying the AWS EC2 API to retrieve the IP address
  • C. the regular expression named module.web_server
  • D. value of the web_server parameter from the variables.tf file

Answer: A

Explanation:
In a parent module, outputs of child modules are available in expressions as module.<MODULE NAME>.<OUTPUT NAME>. For example, if a child module named web_server declared an output named instance_ip_addr, you could access that value as module.web_server.instance_ip_addr.


NEW QUESTION # 73
Select the feature below that best completes the sentence:
The following list represents the different types of __________ available in Terraform.
1. max
2. min
3. join
4. replace
5. list
6. length
7. range

  • A. functions
  • B. backends
  • C. named values
  • D. data sources

Answer: A

Explanation:
The Terraform language includes a number of built-in functions that you can call from within expressions to transform and combine values. The Terraform language does not support user-defined functions, and only the functions built into the language are available for use.


NEW QUESTION # 74
An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like?
Requirement: Each user can perform all operations on their allocated key/value secret path

  • A. path "user-kv/data/{{user}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ]
    }
  • B. path "user-kv/data/{{identity.entity.id.name}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ]
    }
  • C. path "user-kv/data/{{identity.entity.name}}/*" {
    capabilities = [ "create", "update", "read", "delete", "list" ]
    }
  • D. path "user-kv/data/{{identity.entity.aliases.<<mount accessor>>.id}}/*" { capabilities = [ "create", "update", "read", "delete", "list" ]
    }

Answer: C

Explanation:
Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault.
The policy template makes it very flexible to customize the environment. By using parameters within your template, you can have Vault "insert" a value into the path based upon things like identity values, group membership, and metadata associated with either the user's identity or group they are a member of.
Using the parameter, the path user-kv/data/{{identity.entity.name}}/* converts to user-kv/data/student01/*


NEW QUESTION # 75
After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?

  • A. DEBUG
  • B. ERROR
  • C. TRACE
  • D. INFO
  • E. WARN

Answer: C

Explanation:
Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN, or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.


NEW QUESTION # 76
The security barrier protects all of the following Vault components except ___.

  • A. token store
  • B. storage backend
  • C. audit devices
  • D. secret engine
  • E. auth method

Answer: B

Explanation:
storage backend and HTTP API are outside of the security barrier hence can't be protected.


NEW QUESTION # 77
What is the result of the following terraform function call?
index(["a", "b", "c"], "c")

  • A. true
  • B. 0
  • C. 1
  • D. 2

Answer: D

Explanation:
index finds the element index for a given value in a list starting with index 0.
https://www.terraform.io/docs/configuration/functions/index.html


NEW QUESTION # 78
......

Real VA-002-P Quesions Pass Certification Exams Easily: https://www.testpdf.com/VA-002-P-exam-braindumps.html

Practice with these VA-002-P dumps Certification Sample Questions: https://drive.google.com/open?id=1hfcvUZ5PZC4AQGvSyEnb4sSG0kADJc5k

Related Articles

more
HashiCorp VA-002-P Certification Practice Exam