New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

VA-002-P Questions and Answers

Question # 6

True or False?

terraform init cannot automatically download Community providers.

A.

False

B.

True

Full Access
Question # 7

By default, where does Terraform store its state file?

A.

shared directory

B.

current working directory

C.

Amazon S3 bucket

D.

remotely using Terraform Cloud

Full Access
Question # 8

What feature of Vault would allow you to architect a "Vault within a Vault"?

A.

sentinel

B.

secrets engines

C.

control groups

D.

namespaces

Full Access
Question # 9

Which TCP port does Vault use, by default, for its API and UI?

A.

8600

B.

8201

C.

8500

D.

8301

E.

8300

F.

8200

Full Access
Question # 10

You want to encrypt a credit card number using the transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?

1. $ vault write -format=json transit/encrypt/creditcards plaintext="1234 5678 9101 1121"

2. Error writing data to transit/encrypt/orders: Error making API request.

3.

4. URL: PUT http://10.25.16.165:8200/v1/transit/encrypt/creditcards

5. Code: 400. Errors:

6.

7. * illegal base64 data at input byte 4

A.

credit card numbers are not supported using the transit secrets engine since it is considered sensitive data

B.

the token used to issue the encryption request does not have the appropriate permissions

C.

the plain text data needs to be encoded to base64

D.

the credit card number should not include spaces

Full Access
Question # 11

You have been given requirements to create a security group for a new application. Since your organization standardizes on Terraform, you want to add this new security group with the fewest number of lines

of code. What feature could you use to iterate over a list of required tcp ports to add to the new security group?

A.

terraform import

B.

splat expression

C.

dynamic block

D.

dynamic backend

Full Access
Question # 12

Vault secrets engines are used to do what with data? (select three)

A.

copy

B.

generate

C.

store

D.

transmit

E.

encrypt

Full Access
Question # 13

What is the purpose of using the local-exec provisioner? (select two)

A.

ensures that the resource is only executed in the local infrastructure where Terraform is deployed

B.

to execute one or more commands on the machine running Terraform

C.

to invoke a local executable

D.

executes a command on the resource to invoke an update to the Terraform state

Full Access
Question # 14

In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?

A.

plugins

B.

secrets engine

C.

replication

D.

seal/unseal

E.

snapshots

Full Access
Question # 15

Which of the following connection types are supported by the remote-exec provisioner? (select two)

A.

rdp

B.

smb

C.

ssh

D.

winrm

Full Access
Question # 16

Given the policy below, what would the user be able to access?

1. path "*" {

2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]

3. }

A.

anything they want to within Vault

B.

ability to enable a secret engine at the path *

C.

only make changes to policies

D.

nothing, since the policy doesn't specify any specific paths

Full Access
Question # 17

When registering a plugin with Vault, where would you configure the location where the binaries are located in order for Vault to properly register the plugin?

A.

in the Vault configuration file using plugin_directory=

B.

in the UI underneath the plugin tab

C.

in the plugin configuration file using directory=

D.

within the CLI command when registering a plug

Full Access
Question # 18

After a client has authenticated, what security feature is used to make subsequent calls?

A.

key shard

B.

ldap

C.

pgp

D.

token

E.

listener

F.

path

Full Access
Question # 19

Vault has failed to start. You inspect the log and find the error below. What needs to be changed in order to successfully start Vault?

"Error parsing config.hcl: At 1:12: illegal char"

A.

the " character cannot be used in the config file

B.

fix the syntax error in the Vault configuration file

C.

you must use single quotes vs double quotes in the config file

D.

line 1 on the config file is blank

Full Access
Question # 20

You've logged into the Vault CLI and attempted to enable an auth method, but received this error message. What can be done to resolve the error and configure Vault?

Error enabling userpass auth: Post https://127.0.0.1:8200/v1/sys/auth/userpass: http: server gave HTTP response to HTTPS client

A.

change 'userpass' to 'username and password'

B.

restart the Vault service on this node

C.

set the VAULT_ADDR environment variable to HTTP

D.

ask an admin to grant you permission to enable the userpass auth method

Full Access
Question # 21

What is the default method of authentication after first initializing Vault?

A.

GitHub

B.

AppRole

C.

Admin account

D.

Tokens

E.

Userpass

F.

TLS certificates

Full Access
Question # 22

When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

A.

2

B.

5

C.

4

D.

1

Full Access
Question # 23

When creating a dynamic secret in Vault, Vault returns what value that can be used to renew or revoke the lease?

A.

lease_id

B.

vault_accessor

C.

revocation_access

D.

token_revocation_id

Full Access
Question # 24

Which of the following cloud providers are not supported by Vault secrets engines?

A.

Oracle

B.

Azure

C.

AWS

D.

GCP

E.

AliCloud

Full Access
Question # 25

After logging into the Vault UI, a user complains that they cannot enable Replication. Why would the replication configuration be missing?

A.

replication wasn't configured in the Vault configuration file

B.

replication hasn't been enabled

C.

Vault is running an open-source version

D.

replication configuration isn't available in the UI

Full Access
Question # 26

Select the two default policies created in Vault. (select two)

A.

default

B.

vault

C.

base

D.

root

E.

admin

F.

user

Full Access
Question # 27

In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?

A.

regular expressions

B.

module

C.

input parameters

D.

output value

Full Access
Question # 28

What system endpoint can you query to determine which node is the leader of a cluster?

A.

/sys/tools

B.

/sys/leader

C.

/sys/health

D.

/sys/init

Full Access
Question # 29

The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)

A.

#

B.

/* and */

C.

<* and *>

D.

//

Full Access
Question # 30

Which of the following storage backends are supported by HashiCorp technical support? (select four)

A.

Filesystem

B.

Consul

C.

In-Memory

D.

Raft

E.

DynamoDB

F.

MySQL

Full Access