New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

VA-002-P HashiCorp Certified: Vault Associate Questions and Answers

Questions 4

The userpass auth method has the ability to access external services in order to provide authentication to Vault.

Options:

A.

FALSE

B.

TRUE

Buy Now
Questions 5

From the options below, select the benefits of using a batch token over a service token. (select three)

Options:

A.

no storage cost for token creation

B.

lightweight and scalable

C.

can be a root token

D.

used for ephemeral, high-performance workloads

E.

has accessors

Buy Now
Questions 6

Which of the following commands will launch the Interactive console for Terraform interpolations?

Options:

A.

terraform

B.

terraform console

C.

terraform cmdline

D.

terraform cli

Buy Now
Questions 7

To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault

Options:

A.

False

B.

True

Buy Now
Questions 8

True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.

Options:

A.

False

B.

True

Buy Now
Questions 9

In terraform, most resource dependencies are handled automatically. Which of the following statements describes best how terraform resource dependencies are handled?

Options:

A.

The terraform binary contains a built-in reference map of all defined Terraform resource dependencies. Updates to this dependency map are reflected in terraform versions. To ensure you are working with the latest resource dependency map you much be running the latest version of Terraform.

B.

Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.

C.

Resource dependencies are identified and maintained in a file called resource. dependencies. Each terraform provider is required to maintain a list of all resource dependencies for the provider and it's included with the plugin during initialization when terraform init is executed. The file is located in the terraform.d folder.

D.

Resource dependencies are handled automatically by the depends_on meta_argument, which is set to true by default.

Buy Now
Questions 10

You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?

Options:

A.

a vault policy is preventing you from logging in

B.

the vault configuration file has an incorrect configuration

C.

the consul storage backend was not configured correctly

D.

vault needs to be initialized before it can be used

Buy Now
Questions 11

Vault's User Interface (UI) needs to be enabled in the command line before it can be used.

Options:

A.

FALSE

B.

TRUE

Buy Now
Questions 12

What is the result of the following Vault command?

vault auth enable userpass

Options:

A.

Imports usernames and passwords from LDAP to the local database

B.

allows Vault to access usernames and passwords stored in a second Vault cluster

C.

Enables Vault to use external services to authenticate clients to Vault

D.

mounts the userpass auth method to the default path

Buy Now
Questions 13

When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:

Options:

A.

place a space in between each line

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

B.

align their equals signs

ami = "abc123"

instance_type = "t2.micro"

C.

place all arguments using a variable at the top

ami = var.aws_ami

instance_type = var.instance_size

subnet_id = "subnet-0bb1c79de3EXAMPLE"

tags = {

Name = "HelloWorld"

}

D.

put arguments in alphabetical order

name = "www.pythonfanclub.com "

records = [aws_eip.lb.public_ip]

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

Buy Now
Questions 14

Select two answers to complete the following sentence:

Before a new provider can be used, it must be ______ and _______.

Options:

A.

approved by HashiCorp

B.

declared in the configuration

C.

initialized

D.

uploaded to source control

Buy Now
Questions 15

Select all Operating Systems that Terraform is available for. (select five)

Options:

A.

Linux

B.

Windows

C.

Unix

D.

FreeBSD

E.

Solaris

F.

macOS

Buy Now
Questions 16

Beyond encryption and decryption of data, which of the following is not a function of the Vault transit secrets engine?

Options:

A.

generate hashes and HMACs of data

B.

sign and verify data

C.

act as a source of random bytes

D.

store the encrypted data securely in Vault for retrieval

Buy Now
Questions 17

Vault policies are deny by default

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 18

Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)

Options:

A.

path "secrets/apps/my_secret" {

capabilities = ["create"]

allowed_parameters = {

"foo" = []

}

}

B.

path "secrets/+/my_secret" {

capabilities = ["create"]

allowed_parameters = {

"*" = ["bar"]

}

}

C.

path "secrets/apps/my_secret" {

capabilities = ["update"]

}

D.

path "secrets/apps/*" {

capabilities = ["create"]

allowed_parameters = {

"foo" = ["bar", "zip"]

}

}

Buy Now
Questions 19

Select the answer below that completes the following statement:

Terraform Cloud can be managed from the CLI but requires __________?

Options:

A.

a TOTP token

B.

a username and password

C.

authentication using MFA

D.

an API token

Buy Now
Questions 20

What is the purpose of using the local-exec provisioner? (select two)

Options:

A.

ensures that the resource is only executed in the local infrastructure where Terraform is deployed

B.

to execute one or more commands on the machine running Terraform

C.

to invoke a local executable

D.

executes a command on the resource to invoke an update to the Terraform state

Buy Now
Questions 21

Which of the following cloud providers are not supported by Vault secrets engines?

Options:

A.

Oracle

B.

Azure

C.

AWS

D.

GCP

E.

AliCloud

Buy Now
Questions 22

Complete the following sentence:

For the local state, the workspaces are stored directly in a...

Options:

A.

a file called terraform.tfstate

B.

directory called terraform.workspaces.tfstate

C.

directory called terraform.tfstate.d

D.

a file called terraform.tfstate.backup

Buy Now
Questions 23

Given the policy below, what would the user be able to access?

1. path "*" {

2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]

3. }

Options:

A.

anything they want to within Vault

B.

ability to enable a secret engine at the path *

C.

only make changes to policies

D.

nothing, since the policy doesn't specify any specific paths

Buy Now
Questions 24

Which of the following best describes a Terraform provider?

Options:

A.

describes an infrastructure object, such as a virtual network, compute instance, or other components

B.

a container for multiple resources that are used together

C.

serves as a parameter for a Terraform module that allows a module to be customized

D.

a plugin that Terraform uses to translate the API interactions with the service or provider

Buy Now
Questions 25

A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API. What can be done to resolve this issue?

Options:

A.

add read permissions to the path secrets/apps

B.

modify the policy to allow the create permission

C.

remove the deny policy blocking access to the secrets/apps/app1 path

D.

add LIST to the policy so the user can browse the paths leading up to the key/value's path

Buy Now
Questions 26

After enabling the vault to autocomplete feature, you type vault and press the tab button, but nothing happens. Why doesn't vault display the available completions?

1. $ vault -autocomplete-install

2. $ vault

Options:

A.

your SSH client doesn't support autocompletion

B.

the SSH session needs to be restarted upon installation

C.

you don't have the permissions to use autocomplete

D.

you didn't use -force when enabling the feature

Buy Now
Questions 27

True or False: Provisioners should only be used as a last resort.

Options:

A.

true

B.

false

Buy Now
Questions 28

After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?

1. $ vault kv delete kv/applications/app01

2. Success! Data deleted (if it existed) at: kv/applications/app01

3. $ vault kv list kv/applications

4. Keys

5. ----

6. app01

Options:

A.

vault kv metadata delete kv/applications/app01

B.

vault kv delete -all kv/applications/app01

C.

vault kv delete -force kv/applications/app01

D.

vault kv destroy -versions=1 kv/applications/app01

Buy Now
Questions 29

Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)

Options:

A.

Transit

B.

HSM

C.

AWS KMS

D.

Key Shards

E.

Azure KMS

Buy Now
Questions 30

Which two characters can be used when writing a policy to reflect a wildcard or path segment? (select two)

Options:

A.

@

B.

$

C.

&

D.

*

E.

+

Buy Now
Exam Code: VA-002-P
Exam Name: HashiCorp Certified: Vault Associate
Last Update: Dec 27, 2024
Questions: 200
VA-002-P pdf

VA-002-P PDF

$25.5  $84.99
VA-002-P Engine

VA-002-P Testing Engine

$30  $99.99
VA-002-P PDF + Engine

VA-002-P PDF + Testing Engine

$40.5  $134.99