New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > HashiCorp > HashiCorp Security Automation Certification > VA-002-P

VA-002-P HashiCorp Certified: Vault Associate Question and Answers

Question # 4

In the example below, where is the value of the DNS record's IP address originating from?

1. resource "aws_route53_record" "www" {

2. zone_id = aws_route53_zone.primary.zone_id

3. name = "www.helloworld.com "

4. type = "A"

5. ttl = "300"

6. records = [module.web_server.instance_ip_addr]

7. }

A.

value of the web_server parameter from the variables.tf file

B.

the output of a module named web_server

C.

the regular expression named module.web_server

D.

by querying the AWS EC2 API to retrieve the IP address

Full Access
Question # 5

Which of the following statements best describes the Terraform list(...) type?

A.

a collection of unique values that do not have any secondary identifiers or ordering.

B.

a collection of values where each is identified by a string label.

C.

a sequence of values identified by consecutive whole numbers starting with zero.

D.

a collection of named attributes that each have their own type.

Full Access
Question # 6

What system endpoint can you query to determine which node is the leader of a cluster?

A.

/sys/tools

B.

/sys/leader

C.

/sys/health

D.

/sys/init

Full Access
Question # 7

Vault has failed to start. You inspect the log and find the error below. What needs to be changed in order to successfully start Vault?

"Error parsing config.hcl: At 1:12: illegal char"

A.

the " character cannot be used in the config file

B.

fix the syntax error in the Vault configuration file

C.

you must use single quotes vs double quotes in the config file

D.

line 1 on the config file is blank

Full Access
Question # 8

True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.

A.

False

B.

True

Full Access
Question # 9

What could you do with the feature found in the screenshot below? (select two)

A.

encrypt the Vault master key that is stored in memory

B.

using a short TTL, you could encrypt data in order to place only the encrypted data in Vault

C.

encrypt sensitive data to send to a colleague over email

D.

use response-wrapping to protect data

Full Access
Question # 10

The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)

A.

#

B.

/* and */

C.

<* and *>

D.

//

Full Access
Question # 11

A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API. What can be done to resolve this issue?

A.

add read permissions to the path secrets/apps

B.

modify the policy to allow the create permission

C.

remove the deny policy blocking access to the secrets/apps/app1 path

D.

add LIST to the policy so the user can browse the paths leading up to the key/value's path

Full Access
Question # 12

When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)

1. terraform {

2. required_providers {

3. aws = "~> 1.2.0"

4. }

5. }

A.

1.2.9

B.

1.3.1

C.

1.3.0

D.

1.2.3

Full Access
Question # 13

When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?

A.

2

B.

5

C.

4

D.

1

Full Access
Question # 14

Which three interfaces can be used to access Vault? (select three)

A.

JSON

B.

CLI

C.

RPC

D.

UI

E.

API

F.

Consul

Full Access
Question # 15

During a terraform apply, a resource is successfully created but eventually fails during provisioning. What happens to the resource?

A.

Terraform attempts to provide the resource up to three times before exiting with an error

B.

the terraform plan is rolled back and all provisioned resources are removed

C.

it is automatically deleted

D.

the resource is marked as tainted

Full Access
Question # 16

Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)

A.

operations teams only need to learn and manage a single tool to manage infrastructure, regardless of where the infrastructure is deployed

B.

slower provisioning speed allows the operations team to catch mistakes before they are applied

C.

can be used across major cloud providers and VM hypervisors

D.

increased risk due to all infrastructure relying on a single tool for management

Full Access
Question # 17

Using the Vault CLI, what command is used to authenticate to Vault?

A.

vault creds

B.

vault user

C.

vault login

D.

vault auth

Full Access
Question # 18

Terraform Enterprise (also referred to as pTFE) requires what type of backend database for a clustered deployment?

A.

Cassandra

B.

MSSQL

C.

PostgreSQL

D.

MySQL

Full Access
Question # 19

By default, where does Terraform store its state file?

A.

shared directory

B.

current working directory

C.

Amazon S3 bucket

D.

remotely using Terraform Cloud

Full Access
Question # 20

A user creates three workspaces from the command line - prod, dev, and test. Which of the following commands will the user run to switch to the dev workspace?

A.

terraform workspace select dev

B.

terraform workspace -switch dev

C.

terraform workspace dev

D.

terraform workspace switch dev

Full Access
Question # 21

In regards to the transit secrets engine, which of the following is true given the following command and output: (select three)

1. $ vault write encryption/encrypt/creditcard plaintext=$(base64 <<< "1234 5678 9101 1121")

2. Key Value

3. --- -----

4. ciphertext vault:v3:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=

A.

there are at least three data keys associated with this keyring

B.

the name of the keyring used to encrypt the data is creditcard

C.

the data was written to the encryption path, which is provided by default when enabling the transit secrets engine

D.

the transit secrets engine is mounted at the encryption path

Full Access
Question # 22

When Vault is sealed, which are the only two options available to a Vault administrator? (select two)

A.

rotate the encryption key

B.

unseal Vault

C.

view the status of Vault

D.

configure policies

E.

author security policies

F.

view data stored in the key/value store

Full Access
Question # 23

In regards to deploying resources in multi-cloud environments, what are some of the benefits of using Terraform rather than a provider's native tooling? (select three)

A.

Terraform simplifies management and orchestration, helping operators build large-scale, multi-cloud infrastructure

B.

Terraform can help businesses deploy applications on multiple clouds and on-premises infrastructure

C.

Terraform can manage cross-cloud dependencies

D.

Terraform is not cloud-agnostic and can be used to deploy resources across a single public cloud

Full Access
Question # 24

Which of the following is an invalid variable name?

A.

instance_name

B.

web

C.

var1

D.

count

Full Access
Question # 25

When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)

A.

directly querying HashiCorp Vault for the secrets

B.

command-line key/value pairs

C.

use the -backend-config=PATH to specify a separate config file

D.

interactively on the command line

Full Access
Question # 26

Given the policy below, what would the user be able to access?

1. path "*" {

2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]

3. }

A.

anything they want to within Vault

B.

ability to enable a secret engine at the path *

C.

only make changes to policies

D.

nothing, since the policy doesn't specify any specific paths

Full Access
Question # 27

What happens when a terraform apply command is executed?

A.

applies the changes required in the target infrastructure in order to reach the desired configuration

B.

creates the execution plan for the deployment of resources

C.

reconciles the state Terraform knows about with the real-world infrastructure

D.

the backend is initialized and the working directory is prepped

Full Access
Question # 28

A user has created three workspaces using the command line - prod, dev, and test. The user wants to create a fourth workspace named stage. Which command will the user execute to accomplish this?

A.

terraform workspace -new stage

B.

terraform workspace -create stage

C.

terraform workspace create stage

D.

terraform workspace new stage

Full Access
Question # 29

Which of the following connection types are supported by the remote-exec provisioner? (select two)

A.

rdp

B.

smb

C.

ssh

D.

winrm

Full Access
Question # 30

Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)

A.

Use of any resource belonging to a particular provider in a resource or data block in the configuration.

B.

Existence of any provider plugins found locally in the working directory.

C.

Explicit use of a provider block in configuration, optionally including a version constraint.

D.

Existence of any resource instance belonging to a particular provider in the current state.

Full Access