New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

HashiCorp VA-002-P HashiCorp Certified: Vault Associate Exam Practice Test

Demo: 30 questions
Total 200 questions

HashiCorp Certified: Vault Associate Questions and Answers

Question 1

Your organization is running Vault open source and has decided it wants to use the Identity secrets engine. You log into Vault but are unable to find it in the list to enable. What gives?

Options:

A.

because you are running open-source and the identity secrets engine is an Enterprise feature, it is not available to enable.

B.

the identity secrets engine was deprecated in previous versions

C.

this secrets engine will be mounted by default.

D.

the policy attached to your user doesn't allow access to the Identity secrets engine.

Question 2

Which two characters can be used when writing a policy to reflect a wildcard or path segment? (select two)

Options:

A.

@

B.

$

C.

&

D.

*

E.

+

Question 3

Which of the following allows Terraform users to apply policy as code to enforce standardized configurations for resources being deployed via infrastructure as code?

Options:

A.

functions

B.

workspaces

C.

module registry

D.

sentinel

Question 4

Select the answer below that completes the following statement:

Terraform Cloud can be managed from the CLI but requires __________?

Options:

A.

a TOTP token

B.

a username and password

C.

authentication using MFA

D.

an API token

Question 5

After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?

1. Key Value

2. --- -----

3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

Options:

A.

the original encryption key has been rotated at least once

B.

this is the second version of the encrypted data

C.

similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option

D.

the data is stored in Vault using a KV v2 secrets engine

Question 6

When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)

Options:

A.

directly querying HashiCorp Vault for the secrets

B.

command-line key/value pairs

C.

use the -backend-config=PATH to specify a separate config file

D.

interactively on the command line

Question 7

When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:

Options:

A.

place a space in between each line

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

B.

align their equals signs

ami = "abc123"

instance_type = "t2.micro"

C.

place all arguments using a variable at the top

ami = var.aws_ami

instance_type = var.instance_size

subnet_id = "subnet-0bb1c79de3EXAMPLE"

tags = {

Name = "HelloWorld"

}

D.

put arguments in alphabetical order

name = "www.pythonfanclub.com "

records = [aws_eip.lb.public_ip]

type = "A"

ttl = "300"

zone_id = aws_route53_zone.primary.zone_id

Question 8

You've deployed Vault in your production environment and are curious to understand metrics on your Vault cluster, such as the number of writes to the backend, the status of WALs, and the seal status. What feature would you configure in order to view these metrics?

Options:

A.

audit device

B.

telemetry

C.

nothing to configure, these are available in the Vault log found on the OS

D.

enable logs for each individual secrets engines

Question 9

Choose the correct answer which fixes the syntax of the following Terraform code:

Options:

A.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = var_Vault ELB

vpc_id = var.vpc_id

}

B.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = Vault ELB

vpc_id = var.vpc_id

}

C.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = "${Vault ELB}"

vpc_id = var.vpc_id

}

D.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = [Vault ELB]

vpc_id = var.vpc_id

}

E.

resource "aws_security_group" "vault_elb" {

name = "${var.name_prefix}-vault-elb"

description = "Vault ELB"

vpc_id = var.vpc_id

}

Question 10

What Terraform command can be used to inspect the current state file?

Options:

A.

terraform inspect

B.

terraform show

C.

terraform read

D.

terraform state

Question 11

Vault policies are deny by default

Options:

A.

TRUE

B.

FALSE

Question 12

Environment variables can be used to set variables. The environment variables must be in the format "____"_. Select the correct prefix string from the following list.

Options:

A.

TF_VAR

B.

TF_VAR_NAME

C.

TF_ENV

D.

TF_ENV_VAR

Question 13

Select the feature below that best completes the sentence:

The following list represents the different types of __________ available in Terraform.

1. max

2. min

3. join

4. replace

5. list

6. length

7. range

Options:

A.

named values

B.

backends

C.

functions

D.

data sources

Question 14

The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/

Options:

A.

False

B.

True

Question 15

Which of the following commands will launch the Interactive console for Terraform interpolations?

Options:

A.

terraform

B.

terraform console

C.

terraform cmdline

D.

terraform cli

Question 16

What are some of the problems of how infrastructure was traditionally managed before Infrastructure as Code? (select three)

Options:

A.

Requests for infrastructure or hardware required a ticket, increasing the time required to deploy applications

B.

Traditional deployment methods are not able to meet the demands of the modern business where resources tend to live days to weeks, rather than months to years

C.

Traditionally managed infrastructure can't keep up with cyclic or elastic applications

D.

Pointing and clicking in a management console is a scalable approach and reduces human error as businesses are moving to a multi-cloud deployment model

Question 17

Which of the following is not a valid Terraform string function?

Options:

A.

tostring

B.

replace

C.

format

D.

join

Question 18

In Terraform Enterprise, a workspace can be mapped to how many VCS repos?

Options:

A.

5

B.

3

C.

2

D.

1

Question 19

When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

Options:

A.

2

B.

5

C.

4

D.

1

Question 20

Which of the following statements best describes the Terraform list(...) type?

Options:

A.

a collection of unique values that do not have any secondary identifiers or ordering.

B.

a collection of values where each is identified by a string label.

C.

a sequence of values identified by consecutive whole numbers starting with zero.

D.

a collection of named attributes that each have their own type.

Question 21

True or False?

terraform init cannot automatically download Community providers.

Options:

A.

False

B.

True

Question 22

Which of the following is not an activity associated with the Vault transit secrets engine?

Options:

A.

encrypt

B.

decrypt

C.

update

D.

rewrap

Question 23

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

Options:

A.

CVS Version Control

B.

GitHub Enterprise

C.

Bitbucket Cloud

D.

Azure DevOps Server

E.

GitHub

Question 24

True or False:

Similar to how Vault works with databases and cloud providers, the Active Directory secrets engine dynamically generates the account and password for the requesting Vault client.

Options:

A.

False

B.

True

Question 25

Which of the following represents a feature of Terraform Cloud that is NOT free to customers?

Options:

A.

private module registry

B.

VCS integration

C.

roles and team management

D.

workspace management

Question 26

What does the following API request return?

1. $ curl \

2. --header "X-Vault-Token: ..." \

3. --request POST \

4. --data @payload.json \

5. http://127.0.0.1:8200/v1/sys/tools/random/164

Options:

A.

a random string of 164 characters

B.

a random token valid for 164 uses

C.

None

D.

a secured secret based on 164 bytes of data

Question 27

When creating a dynamic secret in Vault, Vault returns what value that can be used to renew or revoke the lease?

Options:

A.

lease_id

B.

vault_accessor

C.

revocation_access

D.

token_revocation_id

Question 28

While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

Options:

A.

JSON

B.

XML

C.

TypeScript

D.

YAML

Question 29

Which of the following actions are performed during a terraform init? (select three)

Options:

A.

provisions the declared resources in your configuration

B.

download the declared providers which are supported by HashiCorp

C.

initializes the backend configuration

D.

initializes downloaded and/or installed providers

Question 30

When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

Options:

A.

the root token isn't a secure way of logging into Vault

B.

the root token is attached to the root policy, which likely provides too many privileges to a user

C.

the root token should be revoked and not used on a day-to-day basis

D.

It's easier to just use the root token than to configure additional auth methods

Demo: 30 questions
Total 200 questions