UPDATED [2022] Pass HashiCorp VA-002-P Exam in First Attempt Guaranteed
Pass VA-002-P Exam Latest Practice Questions
NEW QUESTION 89
Given the Terraform configuration below, in which order will the resources be created?
1. resource "aws_instance" "web_server" {
2. ami = "i-abdce12345"
3. instance_type = "t2.micro"
4. }
5. resource "aws_eip" "web_server_ip" {
6. vpc = true
7. instance = aws_instance.web_server.id
8. }
- A. aws_eip will be created first
aws_instance will be created second - B. resources will be created simultaneously
- C. no resources will be created
- D. aws_instance will be created first
aws_eip will be created second
Answer: D
Explanation:
The aws_instance will be created first, and then aws_eip will be created second due to the aws_eip's resource dependency of the aws_instance id
NEW QUESTION 90
When configuring Vault replication and monitoring its status, you keep seeing something called 'WALs'. What are WALs?
- A. wake after lan
- B. write along logging
- C. write-ahead log
- D. warning of allocated logs
Answer: C
Explanation:
Reference links:-
https://learn.hashicorp.com/vault/day-one/monitor-replication
https://www.vaultproject.io/docs/internals/replication
NEW QUESTION 91
After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?
1. Key Value
2. --- -----
3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
- A. this is the second version of the encrypted data
- B. the data is stored in Vault using a KV v2 secrets engine
- C. similar to the KV secrets engine, the transit secrets engine was enabled using the transit v2 option
- D. the original encryption key has been rotated at least once
Answer: D
Explanation:
When data is encrypted using Vault, the resulting ciphertext is prepended by the version of the key used to encrypt it. In this case, the version is v2, which means that the encryption key was rotated at least one time. Any data that was encrypted with the original key would have been prepended with vault:v1 To rotate a key, use the command vault write -f transit/keys/<key name>/rotate Reference link:- https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit
NEW QUESTION 92
Select the answer below that completes the following statement:
Terraform Cloud can be managed from the CLI but requires __________?
- A. a TOTP token
- B. an API token
- C. a username and password
- D. authentication using MFA
Answer: B
Explanation:
API and CLI access are managed with API tokens, which can be generated in the Terraform Cloud UI. Each user can generate any number of personal API tokens, which allow access with their own identity and permissions. Organizations and teams can also generate tokens for automating tasks that aren't tied to an individual user.
NEW QUESTION 93
In the example below, the depends_on argument creates what type of dependency?
1. esource "aws_instance" "example" {
2. ami = "ami-2757f631"
3. instance_type = "t2.micro"
4. depends_on = [aws_s3_bucket.company_data]
5. }
- A. non-dependency resource
- B. explicit dependency
- C. internal dependency
- D. implicit dependency
Answer: B
Explanation:
Sometimes there are dependencies between resources that are not visible to Terraform. The depends_on argument is accepted by any resource and accepts a list of resources to create explicit dependencies for.
NEW QUESTION 94
When Vault is sealed, which are the only two options available to a Vault administrator? (select two)
- A. author security policies
- B. rotate the encryption key
- C. unseal Vault
- D. view data stored in the key/value store
- E. view the status of Vault
- F. configure policies
Answer: C,E
Explanation:
When Vault is sealed, the only two options available are, viewing the vault status and unsealing Vault. All the other actions performed after the Vault is unsealed and the user is authenticated.
NEW QUESTION 95
Which of the following variable declarations is going to result in an error?
- A. variable "example" {}
- B. variable "example" {
type = object({})
} - C. variable "example" {
description = "This is a test"
type = map
default = {"one" = 1, "two" = 2, "Three" = "3"}
} - D. variable "example" {
description = "This is a variable description"
type = list(string)
default = {}
}
Answer: A
Explanation:
Lists are defined with [ ], maps are defined with { }.
https://www.terraform.io/docs/configuration/types.html#structural-types
NEW QUESTION 96
Which of the following secrets engine can generate dynamic credentials? (select three)
- A. AWS
- B. Transit
- C. database
- D. Azure
- E. key/value
Answer: A,C,D
Explanation:
Vault has many secrets engines that can generate dynamic credentials, including AWS, Azure, and database secrets engines. The key/value secret engine is used to store data, and the transit secret engine is used to encrypt data.
NEW QUESTION 97
Beyond encryption and decryption of data, which of the following is not a function of the Vault transit secrets engine?
- A. sign and verify data
- B. act as a source of random bytes
- C. store the encrypted data securely in Vault for retrieval
- D. generate hashes and HMACs of data
Answer: C
Explanation:
Vault doesn't store the data sent to the secrets engine.
The transit secrets engine handles cryptographic functions on data-in-transit. It can also be viewed as "cryptography as a service" or "encryption as a service". The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes.
NEW QUESTION 98
You've deployed Vault in your production environment and are curious to understand metrics on your Vault cluster, such as the number of writes to the backend, the status of WALs, and the seal status. What feature would you configure in order to view these metrics?
- A. enable logs for each individual secrets engines
- B. audit device
- C. telemetry
- D. nothing to configure, these are available in the Vault log found on the OS
Answer: C
Explanation:
The Vault server process collects various runtime metrics about the performance of different libraries and subsystems. These metrics are aggregated on a ten-second interval and are retained for one minute. This telemetry information can be used for debugging or otherwise getting a better view of what Vault is doing.
Telemetry information can be streamed directly from Vault to a range of metrics aggregation solutions as described in the telemetry Stanza documentation.
Reference link:- https://www.vaultproject.io/docs/internals/telemetry
NEW QUESTION 99
A user has logged into the Vault user interface but cannot browse to a secret located at kv/applications/app3, however, the policy the user is bound by permits read permission to the secret.
Because of the read permission, the user should be able to read the secret in the Vault UI.
- A. True
- B. False
Answer: B
Explanation:
To browse Vault paths in the UI, the user must have list permissions on the mount and the paths leading up to the secret.
NEW QUESTION 100
Which of the following storage backends are supported by HashiCorp technical support? (select four)
- A. Raft
- B. MySQL
- C. In-Memory
- D. Consul
- E. Filesystem
- F. DynamoDB
Answer: A,C,D,E
Explanation:
Just to clarify, "HashiCorp supported" means, it is supported by HashiCorp's technical support, it doesn't mean that Vault supports the platform as a storage backend.
For example, DynamoDB is a valid storage backend, but it is not officially supported by HashiCorp technical support but it has got the community support.
In-Memory - HashiCorp Supported
MySQL - Community Supported
Raft - HashiCorp Supported
Dynamo DB - Community Supported
Consul - HashiCorp Supported
Filesystem - HashiCorp Supported
Check more details on below link:- https://www.vaultproject.io/docs/configuration/storage/in-memory
NEW QUESTION 101
True or False:
Multiple providers can be declared within a single Terraform configuration file.
- A. False
- B. True
Answer: B
Explanation:
Multiple provider blocks can exist if a Terraform configuration is composed of multiple providers, which is a common situation. To add multiple providers in your configuration, declare the providers, and create resources associated with those providers.
NEW QUESTION 102
The following is a snippet from a Terraform configuration file:
1. provider "aws" {
2. region = "us-east-1"
3. }
4. provider "aws" {
5. region = "us-west-1"
6. }
which, when validated, results in the following error:-
1. Error: Duplicate provider configuration
2.
3. on main.tf line 5:
4. 5: provider "aws" {
5.
6. A default provider configuration for "aws" was already given at
7. main.tf:1,1-15. If multiple configurations are required, set the "______"
8. argument for alternative configurations.
Fill in the blank in the error message with the correct string from the list below.
- A. multi
- B. alias
- C. version
- D. label
Answer: B
Explanation:
An alias meta-argument is used when using the same provider with different configurations for different resources.
https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-instances
NEW QUESTION 103
What type of policy is shown below?
1. key_prefix "vault/" {
2. policy = "write"
3. }
4. node_prefix "" {
5. policy = "write"
6. }
7. service "vault" {
8. policy = "write"
9. }
10. agent_prefix "" {
11. policy = "write"
12. }
13. session_prefix "" {
14. policy = "write"
15. }
- A. Vault policy allowing access to certain paths
- B. Vault token policy is written for a user
- C. Consul configuration policy to enable Consul features
- D. Consul ACL policy for a Vault node
Answer: D
Explanation:
If using ACLs in Consul, you'll need appropriate permissions. For Consul 0.8, these policies will work for most use-cases, assuming that your service name is vault and the prefix being used is vault/Consul ACLs should always be enabled when using Consul as a storage backend. This policy allows Vault to communicate to the required services hosted on Consul.
Reference link:- https://www.vaultproject.io/docs/configuration/storage/consul
NEW QUESTION 104
You've hit the URL for the Vault UI, but you're presented with this screen. Why doesn't Vault present you with a way to log in?
- A. the vault configuration file has an incorrect configuration
- B. a vault policy is preventing you from logging in
- C. the consul storage backend was not configured correctly
- D. vault needs to be initialized before it can be used
Answer: D
Explanation:
Before Vault can be used, it must be initialized and unsealed. This screen indicates that Vault has not been initialized yet and is offering you a way to do so.
NEW QUESTION 105
What does the following API request return?
1. $ curl \
2. --header "X-Vault-Token: ..." \
3. --request POST \
4. --data @payload.json \
5. http://127.0.0.1:8200/v1/sys/tools/random/164
- A. a secured secret based on 164 bytes of data
- B. a random string of 164 characters
- C. a random token valid for 164 uses
- D. None
Answer: B
Explanation:
This endpoint returns high-quality random bytes of the specified length.
NEW QUESTION 106
True or False: Provisioners should only be used as a last resort.
- A. true
- B. false
Answer: A
Explanation:
Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc. Even if the functionality you need is not available in a provider today, HashiCorp suggests that you consider local-exec usage as a temporary workaround and to open an issue in the relevant provider's repo to discuss adding first-class support.
NEW QUESTION 107
Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?
- A. required-provider
- B. required-version
- C. required_providers
- D. required_versions
Answer: C
Explanation:
For production use, you should constrain the acceptable provider versions via configuration file to ensure that new versions with breaking changes will not be automatically installed by terraform init in the future. When terraform init is run without provider version constraints, it prints a suggested version constraint string for each provider For example:
terraform {
required_providers {
aws = ">= 2.7.0"
}
}
NEW QUESTION 108
When writing the Terraform code, HashiCorp recommends that you use how many spaces between each nesting level?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
HashiCorp style conventions state that you should use 2 spaces between each nesting level to improve the readability of Terraform configurations.
NEW QUESTION 109
When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).
- A. the root token should be revoked and not used on a day-to-day basis
- B. the root token is attached to the root policy, which likely provides too many privileges to a user
- C. It's easier to just use the root token than to configure additional auth methods
- D. the root token isn't a secure way of logging into Vault
Answer: A,B
Explanation:
The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.
NEW QUESTION 110
In the example below, where is the value of the DNS record's IP address originating from?
1. resource "aws_route53_record" "www" {
2. zone_id = aws_route53_zone.primary.zone_id
3. name = "www.helloworld.com"
4. type = "A"
5. ttl = "300"
6. records = [module.web_server.instance_ip_addr]
7. }
- A. value of the web_server parameter from the variables.tf file
- B. the regular expression named module.web_server
- C. the output of a module named web_server
- D. by querying the AWS EC2 API to retrieve the IP address
Answer: C
Explanation:
In a parent module, outputs of child modules are available in expressions as module.<MODULE NAME>.<OUTPUT NAME>. For example, if a child module named web_server declared an output named instance_ip_addr, you could access that value as module.web_server.instance_ip_addr.
NEW QUESTION 111
......
HashiCorp VA-002-P Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
HashiCorp VA-002-P Study Guide Archives : https://www.trainingquiz.com/VA-002-P-practice-quiz.html

