[May 18, 2023] Free HashiCorp VA-002-P Exam Questions & Answer [Q47-Q69]

[May 18, 2023] Free HashiCorp VA-002-P Exam Questions and Answer

Verified VA-002-P dumps Q&As Latest VA-002-P Download

The VA-002-P exam covers various topics related to Vault, including the basic concepts of secrets management, Vault architecture, installation and configuration, authentication and authorization, secrets engines, and more. Test takers will need to demonstrate their ability to perform tasks such as creating policies, managing authentication methods, configuring secrets engines, and using Vault APIs.

 

NEW QUESTION # 47
A user has created three workspaces using the command line - prod, dev, and test. The user wants to create a fourth workspace named stage. Which command will the user execute to accomplish this?

• A. terraform workspace -create stage
• B. terraform workspace create stage
• C. terraform workspace new stage
• D. terraform workspace -new stage

Answer: C

Explanation:
The terraform workspace new command is used to create a new workspace. https://www.terraform.io/docs/commands/workspace/new.html

NEW QUESTION # 48
In regards to deploying resources in multi-cloud environments, what are some of the benefits of using Terraform rather than a provider's native tooling? (select three)

• A. Terraform simplifies management and orchestration, helping operators build large-scale, multi-cloud infrastructure
• B. Terraform can manage cross-cloud dependencies
• C. Terraform can help businesses deploy applications on multiple clouds and on-premises infrastructure
• D. Terraform is not cloud-agnostic and can be used to deploy resources across a single public cloud

Answer: A,B,C

Explanation:
Terraform is a cloud-agnostic tool, and therefore isn't limited to a single cloud provider, such as AWS CloudFormation or Azure Resource Manager. Terraform supports all of the major cloud providers and allows IT organizations to focus on learning a single tool for deploying its infrastructure, regardless of what platform it's being deployed on.

NEW QUESTION # 49
Select the operating systems which are supported for a clustered Terraform Enterprise: (select four)

• A. Ubuntu
• B. Unix
• C. Red Hat
• D. Amazon Linux
• E. CentOS

Answer: A,C,D,E

Explanation:
Note: (5/27/20) This Question: has been recently updated to reflect documentation updates on the HashiCorp website. It seems they have removed the clustering-specific requirements and are now following the standard Enterprise operating system requirements.
Terraform Enterprise currently supports running under the following operating systems for a Clustered deployment:
- Ubuntu 16.04.3 - 16.04.5 / 18.04
- Red Hat Enterprise Linux 7.4 through 7.7
- CentOS 7.4 - 7.7
- Amazon Linux
- Oracle Linux
Clusters currently don't support other Linux variants.
https://www.terraform.io/docs/enterprise/before-installing/index.html#operating-system-requirements

NEW QUESTION # 50
Using the Vault CLI, what command is used to authenticate to Vault?

• A. vault login
• B. vault auth
• C. vault creds
• D. vault user

Answer: A

Explanation:
vault login command would be issued to log in to Vault via CLI followed by the type of login.
For example, an LDAP login would use vault login method=ldap username=<user>

NEW QUESTION # 51
Given the Terraform configuration below, in which order will the resources be created?
1. resource "aws_instance" "web_server" {
2. ami = "i-abdce12345"
3. instance_type = "t2.micro"
4. }
5. resource "aws_eip" "web_server_ip" {
6. vpc = true
7. instance = aws_instance.web_server.id
8. }

• A. resources will be created simultaneously
• B. aws_instance will be created first
  aws_eip will be created second
• C. aws_eip will be created first
  aws_instance will be created second
• D. no resources will be created

Answer: B

Explanation:
The aws_instance will be created first, and then aws_eip will be created second due to the aws_eip's resource dependency of the aws_instance id

NEW QUESTION # 52
While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

• A. YAML
• B. JSON
• C. XML
• D. TypeScript

Answer: B

Explanation:
The constructs in the Terraform language can also be expressed in JSON syntax, which is harder for humans to read and edit but easier to generate and parse programmatically.

NEW QUESTION # 53
From the options below, select the benefits of using a batch token over a service token. (select three)

• A. used for ephemeral, high-performance workloads
• B. lightweight and scalable
• C. has accessors
• D. no storage cost for token creation
• E. can be a root token

Answer: A,B,D

Explanation:
Service Tokens
Service tokens are what users will generally think of as "normal" Vault tokens. They support all features, such as renewal, revocation, creating child tokens, and more. They are correspondingly heavyweight to create and track.
Batch Tokens
Batch tokens are encrypted blobs that carry enough information for them to be used for Vault actions, but they require no storage on disk to track them. As a result, they are extremely lightweight and scalable but lack most of the flexibility and features of service tokens.
Reference link:- https://www.vaultproject.io/docs/concepts/tokens

NEW QUESTION # 54
What Terraform command can be used to inspect the current state file?

• A. terraform state
• B. terraform inspect
• C. terraform read
• D. terraform show

Answer: D

Explanation:
The terraform show command is used to provide human-readable output from a state or plan file. This can be used to inspect a plan to ensure that the planned operations are expected, or to inspect the current state as Terraform sees it.
Machine-readable output can be generated by adding the -json command-line flag.
Note: When using the -json command-line flag, any sensitive values in Terraform state will be displayed in plain text.

NEW QUESTION # 55
What type of token does not have a TTL (time to live)?

• A. user tokens
• B. root tokens
• C. default tokens
• D. expired tokens
• E. child tokens
• F. parent tokens

Answer: B

Explanation:
Non-root tokens are associated with a TTL, which determines how long a token is valid. Root tokens are not associated with a TTL, and therefore, do not expire.
Root tokens are tokens that have the root policy attached to them. They are the only type of token within Vault that are not associated with a TTL, and therefore, do not expire.

NEW QUESTION # 56
Which of the following Vault features is available only in the Enterprise version? (select three)

• A. cloud auto unseal
• B. MFA
• C. dynamic credentials
• D. replication
• E. auto unseal with HSM

Answer: B,D,E

Explanation:
Most of the important features of Vault are available in the open-source version, however, some of the features which are generally required by large organizations are only available in the Enterprise version such as:-
- MFA - Multi-factor Authentication
- Replication
- Auto unseal with HSM and many more.
Check all the features at the below link.
Reference link:- https://www.hashicorp.com/products/vault/pricing/

NEW QUESTION # 57
What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

• A. Vault provider
• B. API access using the AppRole auth method
• C. Integration with a tool like Jenkins
• D. CLI access from the same machine running Terraform

Answer: A

Explanation:
The Vault provider allows Terraform to read from, write to, and configure Harshicorp Vault.

NEW QUESTION # 58
An application requires a specific key/value to be updated in order to process a batch job. The value should be either "true" or "false". However, when developers have been updating the value, sometimes they mistype the value or capitalize on the value, causing the batch job not to run. What feature of a Vault policy can be used in order to restrict the entry to the required values?

• A. add a deny statement for all possible misspellings of the value
• B. use a * wildcard at the end of the policy
• C. added an allowed_parameters value to the policy
• D. change the policy to include the list capability

Answer: C

Explanation:
allowed_parameters - Whitelists a list of keys and values that are permitted on the given path.
Setting a parameter with a value of the empty list allows the parameter to contain any value.
Reference link:- https://www.vaultproject.io/docs/concepts/policies

NEW QUESTION # 59
Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)

• A. operations teams only need to learn and manage a single tool to manage infrastructure, regardless of where the infrastructure is deployed
• B. increased risk due to all infrastructure relying on a single tool for management
• C. slower provisioning speed allows the operations team to catch mistakes before they are applied
• D. can be used across major cloud providers and VM hypervisors

Answer: A,D

Explanation:
Using a tool like Terraform can be advantageous for organizations deploying workloads across multiple public and private cloud environments. Operations teams only need to learn a single tool, single language, and can use the same tooling to enable a DevOps-like experience and workflows.

NEW QUESTION # 60
HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform features are only available in the Enterprise edition? (select four)

• A. Audit Logs
• B. Private Network Connectivity
• C. SAML/SSO
• D. Clustering
• E. Sentinel
• F. Private Module Registry

Answer: A,B,C,D

Explanation:
While there are a ton of features that are available to open source users, many features that are part of the Enterprise offering are geared towards larger teams and enterprise functionality.

NEW QUESTION # 61
Which auth method is ideal for machine to machine authentication?

• A. Okta
• B. GitHub
• C. UserPass
• D. AppRole

Answer: D

Explanation:
The ideal method for a machine to machine authentication is AppRole although it's not the only method. The other options are frequently reserved for human access.
Reference link:- https://www.hashicorp.com/blog/authenticating-applications-with-vault-approle/

NEW QUESTION # 62
Select two answers to complete the following sentence:
Before a new provider can be used, it must be ______ and _______.

• A. uploaded to source control
• B. approved by HashiCorp
• C. declared in the configuration
• D. initialized

Answer: C,D

Explanation:
Each time a new provider is added to configuration -- either explicitly via a provider block or by adding a resource from that provider -- Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin so that it can later be executed.

NEW QUESTION # 63
Vault secrets engines are used to do what with data? (select three)

• A. transmit
• B. store
• C. encrypt
• D. copy
• E. generate

Answer: B,C,E

Explanation:
Vault secrets engines are used to store, generate, or encrypt data.
The KV secrets engine can store data, AWS can generate credentials, and the transit secret engine can encrypt data.

NEW QUESTION # 64
The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)

• A. /* and */
• B. #
• C. <* and *>
• D. //

Answer: A,B,D

Explanation:
Terraform supports the #, //, and /*..*/ for commenting Terraform configuration files. Please use them when writing Terraform so both you and others who are using your code have a full understanding of what the code is intended to do.
https://www.terraform.io/docs/configuration/syntax.html#comments

NEW QUESTION # 65
What feature of Terraform Cloud and/or Terraform Enterprise can you publish and maintain a set of custom modules which can be used within your organization?

• A. private module registry
• B. custom VCS integration
• C. Terraform registry
• D. remote runs

Answer: A

Explanation:
You can use modules from a private registry, like the one provided by Terraform Cloud. Private registry modules have source strings of the form <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>. This is the same format as the public registry, but with an added hostname prefix.

NEW QUESTION # 66
Select the answer below that completes the following statement:
Terraform Cloud can be managed from the CLI but requires __________?

• A. a TOTP token
• B. authentication using MFA
• C. a username and password
• D. an API token

Answer: D

Explanation:
API and CLI access are managed with API tokens, which can be generated in the Terraform Cloud UI. Each user can generate any number of personal API tokens, which allow access with their own identity and permissions. Organizations and teams can also generate tokens for automating tasks that aren't tied to an individual user.

NEW QUESTION # 67
Which of the following cloud providers are not supported by Vault secrets engines?

• A. Azure
• B. Oracle
• C. AWS
• D. GCP
• E. AliCloud

Answer: B

Explanation:
Vault supports AWS, Azure, Google Cloud, and Alibaba Cloud out of the box for secrets engines

NEW QUESTION # 68
Permissions for Vault backend functions are available at which path?

• A. admin/
• B. system/
• C. sys/
• D. vault/
• E. security/
• F. backend/

Answer: C

Explanation:
All backend system functions stored in the sys/ backend.
The system backend is a default backend in Vault that is mounted at the /sys endpoint. This endpoint cannot be disabled or moved, and is used to configure Vault and interact with many of Vault's internal features.

NEW QUESTION # 69
......

Use Real Dumps - 100% Free VA-002-P Exam Dumps: https://www.pass4cram.com/VA-002-P_free-download.html

Updated 100% Cover Real VA-002-P Exam Questions - 100% Pass Guarantee: https://drive.google.com/open?id=1CO2_xi2R8Z1atwKevzvU_4k2421dU9Kg