This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 2:58:39 2024 / +0000 GMT ___________________________________________________ Title: [Dec-2022] VA-002-P Exam Dumps, VA-002-P Practice Test Questions [Q35-Q51] --------------------------------------------------- [Dec-2022] VA-002-P Exam Dumps, VA-002-P Practice Test Questions Attested VA-002-P Dumps PDF Resource [2022] QUESTION 35True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.  False  True The persistent data stored in the backend belongs to a workspace. Initially, the backend has only one workspace, called “default”, and thus there is only one Terraform state associated with that configuration.QUESTION 36Vault configuration files can be written in what languages? (select two)  XML  JSON  YAML  HCL The Vault configuration file supports either JSON or HCL, which is HashiCorp Configuration LanguageQUESTION 37In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?  plugins  secrets engine  replication  seal/unseal  snapshots To extend Vault beyond a data center or cloud regional boundary, replication can be used. Vault supports both DR replication and Performance replication to copy data from the primary cluster to a secondary cluster safely.QUESTION 38True or False: When encrypting data with the transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.  False  True Vault doesn’t store the data sent to the secrets engine.The transit secrets engine handles cryptographic functions on data-in-transit. It can also be viewed as “cryptography as a service” or “encryption as a service”. The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes.Reference link:- https://www.vaultproject.io/docs/secrets/transitQUESTION 39Why is it a good idea to declare the required version of a provider in a Terraform configuration file?1. terraform {2. required_providers {3. aws = “~> 1.0”4. }5. }  to remove older versions of the provider  to ensure that the provider version matches the version of Terraform you are using  providers are released on a separate schedule from Terraform itself; therefore a newer version could introduce breaking changes  to match the version number of your application being deployed via Terraform Providers are plugins released on a separate rhythm from Terraform itself, and so they have their own version numbers. For production use, you should constrain the acceptable provider version via configuration. This helps to ensure that new versions with potentially breaking changes will not be automatically installed by terraform init in the future.QUESTION 40Which of the following Vault features is available only in the Enterprise version? (select three)  MFA  dynamic credentials  cloud auto unseal  replication  auto unseal with HSM Most of the important features of Vault are available in the open-source version, however, some of the features which are generally required by large organizations are only available in the Enterprise version such as:-– MFA – Multi-factor Authentication– Replication– Auto unseal with HSM and many more.Check all the features at the below link.Reference link:- https://www.hashicorp.com/products/vault/pricing/QUESTION 41What is the default method of authentication after first initializing Vault?  GitHub  AppRole  Admin account  Tokens  Userpass  TLS certificates After initializing, Vault provides the root token to the user, this is the only way to log in to Vault to configure additional auth methods.QUESTION 42In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?  regular expressions  module  input parameters  output value Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module’s own source code, and allowing modules to be shared between different configurations.QUESTION 43After encrypting data using the transit secrets engine, you’ve received the following output. Which of the following is true based upon the output?1. Key Value2. — —–3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3  the original encryption key has been rotated at least once  this is the second version of the encrypted data  similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option  the data is stored in Vault using a KV v2 secrets engine When data is encrypted using Vault, the resulting ciphertext is prepended by the version of the key used to encrypt it. In this case, the version is v2, which means that the encryption key was rotated at least one time. Any data that was encrypted with the original key would have been prepended with vault:v1 To rotate a key, use the command vault write -f transit/keys/<key name>/rotate Reference link:- https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transitQUESTION 44In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?  20  50  5  10 Terraform can limit the number of concurrent operations as Terraform walks the graph using the -parallelism=n argument. The default value for this setting is 10. This setting might be helpful if you’re running into API rate limits.QUESTION 45In terraform, most resource dependencies are handled automatically. Which of the following statements describes best how terraform resource dependencies are handled?  The terraform binary contains a built-in reference map of all defined Terraform resource dependencies. Updates to this dependency map are reflected in terraform versions. To ensure you are working with the latest resource dependency map you much be running the latest version of Terraform.  Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.  Resource dependencies are identified and maintained in a file called resource. dependencies. Each terraform provider is required to maintain a list of all resource dependencies for the provider and it’s included with the plugin during initialization when terraform init is executed. The file is located in the terraform.d folder.  Resource dependencies are handled automatically by the depends_on meta_argument, which is set to true by default. Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.https://www.terraform.io/docs/configuration/resources.htmlQUESTION 46From the code below, identify the implicit dependency:1. resource “aws_eip” “public_ip” {2. vpc = true3. instance = aws_instance.web_server.id4. }5. resource “aws_instance” “web_server” {6. ami = “ami-2757f631”7. instance_type = “t2.micro”8. depends_on = [aws_s3_bucket.company_data]9. }  The EC2 instance labeled web_server  The EIP with an id of ami-2757f631  The AMI used for the EC2 instance  The S3 bucket labeled company_data The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.Note that aws_s3_bucket.example is an explicit dependency.QUESTION 47Which is not a capability that can be used when writing a Vault policy?  read  list  delete  create  modify  update When writing a Vault policy, permissions which can be applied to paths include create, read, update, delete, list, deny, and sudo.https://www.vaultproject.io/docs/concepts/policiesModify is not one of them.QUESTION 48The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)  #  /* and */  <* and *>  // Terraform supports the #, //, and /*..*/ for commenting Terraform configuration files. Please use them when writing Terraform so both you and others who are using your code have a full understanding of what the code is intended to do.https://www.terraform.io/docs/configuration/syntax.html#commentsQUESTION 49Anyone can publish and share modules on the Terraform Public Module Registry, and meeting the requirements for publishing a module is extremely easy. Select from the following list all valid requirements. (select three)  The registry uses tags to identify module versions. Release tag names must be for the format x.y.z, and can optionally be prefixed with a v.  Module repositories must use this three-part name format, terraform-<PROVIDER>-<NAME>.  The module must be PCI/HIPPA compliant.  The module must be on GitHub and must be a public repo The list below contains all the requirements for publishing a module. Meeting the requirements for publishing a module is extremely easy. The list may appear long only to ensure we’re detailed, but adhering to the requirements should happen naturally.GitHub. The module must be on GitHub and must be a public repo. This is only a requirement for the public registry. If you’re using a private registry, you may ignore this requirement.Named terraform-<PROVIDER>-<NAME>. Module repositories must use this three-part name format, where <NAME> reflects the type of infrastructure the module manages, and <PROVIDER> is the main provider where it creates that infrastructure. The <NAME> segment can contain additional hyphens. Examples: terraform-google-vault or terraform-aws-ec2-instance.Repository description. The GitHub repository description is used to populate the short description of the module. This should be a simple one-sentence description of the module.Standard module structure. The module must adhere to the standard module structure. This allows the registry to inspect your module and generate documentation, track resource usage, parse submodules and examples, and more.x.y.z tags for releases. The registry uses tags to identify module versions. Release tag names must be a semantic version, which can optionally be prefixed with a v. For example, v1.0.4 and 0.9.2. To publish a module initially, at least one release tag must be present. Tags that don’t look like version numbers are ignored.https://www.terraform.io/docs/registry/modules/publish.html#requirementsQUESTION 50Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?  path “secrets/applications/+/api_*” {capabilities = [“read”]}  path “secrets/applications/” {capabilities = [“read”]allowed_parameters = {“certificate” = []}}  path “secrets/*” {capabilities = [“list”]}  path “secrets/applications/app01/api_key” {capabilities = [“update”, “list”]} Wildcards and path segments can be used to allow access to a broader set of secrets rather than having to call out each individual secret itself. None of the other policies will allow a client to actually read the data stored at the path secrets/applications/app01/api_keyQUESTION 51What happens to child tokens when a parent token is revoked?  the child tokens are renewed  the child tokens are converted to parent tokens  the child tokens create their own child tokens to be used  the child tokens are revoked When a parent token is revoked, all of its child tokens and leases are revoked as well. This ensures that a user cannot skip revocation by simply making a timeless tree of child tokens. Loading … Latest VA-002-P Actual Free Exam Questions Updated 202 Questions: https://www.test4engine.com/VA-002-P_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-04 10:48:59 Post date GMT: 2022-12-04 10:48:59 Post modified date: 2022-12-04 10:48:59 Post modified date GMT: 2022-12-04 10:48:59