2023 Best VA-002-P Exam Preparation Material with New Dumps Questions [Q20-Q42]

2023 Best VA-002-P Exam Preparation Material with New Dumps Questions [Q20-Q42]

August 24, 2023 latestexam 0 Comments

4/5 - (2 votes)

2023 Best VA-002-P Exam Preparation Material with New Dumps Questions

Free VA-002-P Exam Files Verified & Correct Answers Downloaded Instantly

Q20. Why is it a good idea to declare the required version of a provider in a Terraform configuration file?
1. terraform {
2. required_providers {
3. aws = “~> 1.0”
4. }
5. }

to remove older versions of the provider

to ensure that the provider version matches the version of Terraform you are using

providers are released on a separate schedule from Terraform itself; therefore a newer version could introduce breaking changes

to match the version number of your application being deployed via Terraform

Providers are plugins released on a separate rhythm from Terraform itself, and so they have their own version numbers. For production use, you should constrain the acceptable provider version via configuration. This helps to ensure that new versions with potentially breaking changes will not be automatically installed by terraform init in the future.

Q21. Which of the following actions are performed during a terraform init? (select three)

provisions the declared resources in your configuration

download the declared providers which are supported by HashiCorp

initializes the backend configuration

initializes downloaded and/or installed providers

The terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.

Q22. By default, the max TTL for a token is how many days?

14 days

32 days

31 days

7 days

The system max TTL, which is 32 days but can be changed in Vault’s configuration file.
The max TTL set on a mount using mount tuning. This value is allowed to override the system max TTL — it can be longer or shorter, and if set this value will be respected.
A value suggested by the auth method that issued the token. This might be configured on a per-role, per-group, or per-user basis. This value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer.
Reference link:- https://www.vaultproject.io/docs/concepts/tokens

Q23. What command is used to renew a token, if permitted?

vault operator token renew

vault token update

vault new <token-id>

vault update token

vault token renew

vault renew token <token-id>

In order to renew a token, a user can issue a vault token renew command to extend the TTL. The token can also be renewed using the API

Q24. Terraform has detailed logs which can be enabled by setting the _________ environmental variable.

TF_LOG

TF_TRACE

TF_DEBUG

TF_INFO

Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN, or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.
https://www.terraform.io/docs/internals/debugging.html

Q25. Choose the correct answer which fixes the syntax of the following Terraform code:

resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = var_Vault ELB
vpc_id = var.vpc_id
}

resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = Vault ELB
vpc_id = var.vpc_id
}

resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = “${Vault ELB}”
vpc_id = var.vpc_id
}

resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = [Vault ELB]
vpc_id = var.vpc_id
}

resource “aws_security_group” “vault_elb” {
name = “${var.name_prefix}-vault-elb”
description = “Vault ELB”
vpc_id = var.vpc_id
}

When assigning a value to an argument, it must be enclosed in quotes (“…”) unless it is being generated programmatically.

Q26. You’ve deployed Vault in your production environment and are curious to understand metrics on your Vault cluster, such as the number of writes to the backend, the status of WALs, and the seal status. What feature would you configure in order to view these metrics?

audit device

telemetry

nothing to configure, these are available in the Vault log found on the OS

enable logs for each individual secrets engines

The Vault server process collects various runtime metrics about the performance of different libraries and subsystems. These metrics are aggregated on a ten-second interval and are retained for one minute. This telemetry information can be used for debugging or otherwise getting a better view of what Vault is doing.
Telemetry information can be streamed directly from Vault to a range of metrics aggregation solutions as described in the telemetry Stanza documentation.
Reference link:- https://www.vaultproject.io/docs/internals/telemetry

Q27. From the code below, identify the implicit dependency:
1. resource “aws_eip” “public_ip” {
2. vpc = true
3. instance = aws_instance.web_server.id
4. }
5. resource “aws_instance” “web_server” {
6. ami = “ami-2757f631”
7. instance_type = “t2.micro”
8. depends_on = [aws_s3_bucket.company_data]
9. }

The EC2 instance labeled web_server

The EIP with an id of ami-2757f631

The AMI used for the EC2 instance

The S3 bucket labeled company_data

The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.
Note that aws_s3_bucket.example is an explicit dependency.

Q28. Which TCP port does Vault replication use?

8200

8201

8300

8301

Check below link for details:- https://learn.hashicorp.com/vault/operations/ops-reference-architecture

Q29. You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?

run terraform refresh to ensure that the state file has the latest information for existing resources.

update the configuration file to include the new resources

modify the Terraform state file to add the new resources

shut down or stop using the resources being imported so no changes are inadvertently missed

The current implementation of Terraform import can only import resources into the state. It does not generate a configuration. Because of this, and prior to running terraform import, it is necessary to manually write a resource configuration block for the resource to which the imported object will be mapped.
First, add the resources to the configuration file:
resource “aws_instance” “example” {
# …instance configuration…
}
Then run the following command:
$ terraform import aws_instance.example i-abcd1234

Q30. A user runs terraform init on their RHEL based server and per the output, two provider plugins are downloaded:
1. $ terraform init
2.
3. Initializing the backend…
4.
5. Initializing provider plugins…
6. – Checking for available provider plugins…
7. – Downloading plugin for provider “aws” (hashicorp/aws) 2.44.0…
8. – Downloading plugin for provider “random” (hashicorp/random) 2.2.1…
9.
10. Terraform has been successfully initialized!
Where are these plugins downloaded to?

/etc/terraform/plugins

The .terraform.plugins directory in the directory terraform init was executed in.

The .terraform.d directory in the directory terraform init was executed in.

The .terraform/plugins directory in the directory terraform init was executed in.

By default, terraform init downloads plugins into a subdirectory of the working directory, .terraform/plugins, so that each working directory is self-contained.

Q31. What Terraform feature is shown in the example below?
1. resource “aws_security_group” “example” {
2. name = “sg-app-web-01”
3. dynamic “ingress” {
4. for_each = var.service_ports
5. content {
6. from_port = ingress.value
7. to_port = ingress.value
8. protocol = “tcp”
9. }
10. }
11. }

data source

dynamic block

local values

conditional expression

You can dynamically construct repeatable nested blocks like ingress using a special dynamic block type, which is supported inside resource, data, provider, and provisioner blocks

Q32. You want to encrypt a credit card number using the transit secrets engine. You enter the following command and receive an error. What can you do to ensure that the credit card number is properly encrypted and the ciphertext is returned?
1. $ vault write -format=json transit/encrypt/creditcards plaintext=”1234 5678 9101 1121″
2. Error writing data to transit/encrypt/orders: Error making API request.
3.
4. URL: PUT http://10.25.16.165:8200/v1/transit/encrypt/creditcards
5. Code: 400. Errors:
6.
7. * illegal base64 data at input byte 4

credit card numbers are not supported using the transit secrets engine since it is considered sensitive data

the token used to issue the encryption request does not have the appropriate permissions

the plain text data needs to be encoded to base64

the credit card number should not include spaces

When you send data to Vault for encryption, it must be in the form of base64-encoded plaintext for safe transport.

Q33. What is the purpose of using the local-exec provisioner? (select two)

ensures that the resource is only executed in the local infrastructure where Terraform is deployed

to execute one or more commands on the machine running Terraform

to invoke a local executable

executes a command on the resource to invoke an update to the Terraform state

The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.
Note that even though the resource will be fully created when the provisioner is run, there is no guarantee that it will be in an operable state – for example, system services such as sshd may not be started yet on compute resources.

Q34. Which of the following represents a feature of Terraform Cloud that is NOT free to customers?

private module registry

VCS integration

roles and team management

workspace management

Q35. From the answers below, select the advantages of using Infrastructure as Code. (select four)

Easily integrate with application workflows (GitLab Actions, Azure DevOps, CI/CD tools)

Safely test modifications using a “dry run” before applying any actual changes

Provide reusable modules for easy sharing and collaboration

Easily change and update existing infrastructure

Provide a codified workflow to develop customer-facing applications

Infrastructure as Code is not used to develop applications, but it can be used to help deploy or provision those applications to a public cloud provider or on-premises infrastructure.
All of the others are benefits to using Infrastructure as Code over the traditional way of managing infrastructure, regardless if it’s public cloud or on-premises.

Q36. What is the result of the following terraform function call?
zipmap([“a”, “b”], [1, 2])

{
“a”,
“b”,
“1”,
“2”,
}

[
“a”,
“b”,
“1”,
“2”,
]

{
“a” = 1
“b” = 2
}

[
“a” = 1
“b” = 2
]

zipmap constructs a map from a list of keys and a corresponding list of values. A map is denoted by { } whereas a list is donated by [ ].
https://www.terraform.io/docs/configuration/functions/zipmap.html

Q37. Which of the following terraform subcommands could be used to remove the lock on the state for the current configuration?

unlock

Removing the lock on a state file is not possible

force-unlock

state-unlock

terraform force-unlock removes the lock on the state for the current configuration.

Q38. A user has logged into the Vault user interface but cannot browse to a secret located at kv/applications/app3, however, the policy the user is bound by permits read permission to the secret.
Because of the read permission, the user should be able to read the secret in the Vault UI.

False

True

To browse Vault paths in the UI, the user must have list permissions on the mount and the paths leading up to the secret.

Q39. Beyond encryption and decryption of data, which of the following is not a function of the Vault transit secrets engine?

generate hashes and HMACs of data

sign and verify data

act as a source of random bytes

store the encrypted data securely in Vault for retrieval

Vault doesn’t store the data sent to the secrets engine.
The transit secrets engine handles cryptographic functions on data-in-transit. It can also be viewed as “cryptography as a service” or “encryption as a service”. The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes.

Q40. Complete the following sentence:
For the local state, the workspaces are stored directly in a…

a file called terraform.tfstate

directory called terraform.workspaces.tfstate

directory called terraform.tfstate.d

a file called terraform.tfstate.backup

For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d.
https://www.terraform.io/docs/state/workspaces.html#workspace-internals

Q41. Which of the following is not a valid Terraform string function?

tostring

replace

format

join

tostring is not a string function, it is a type conversion function. tostring converts its argument to a string value. https://www.terraform.io/docs/configuration/functions/tostring.html

Q42. What does the following API request return?
1. $ curl
2. –header “X-Vault-Token: …”
3. –request POST
4. –data @payload.json
5. http://127.0.0.1:8200/v1/sys/tools/random/164

a random string of 164 characters

a random token valid for 164 uses

None

a secured secret based on 164 bytes of data

This endpoint returns high-quality random bytes of the specified length.

Loading …

Instant Download VA-002-P Dumps Q&As Provide PDF&Test Engine: https://www.latestcram.com/VA-002-P-exam-cram-questions.html

Related Certifications

C-TS414-2021 (1)
C-TS411-2022 (1)
C_C4H420_13 (1)
C-HANATEC-17 (1)
P-SAPEA-2023 (1)
C-S4CAM-2202 (1)
C-TS411-2021 (1)
C_THR83_2305 (1)
C-THR94-2311 (1)
C_HANAIMP_18 (1)

Free Cram & Latest Exams Dumps

2023 Best VA-002-P Exam Preparation Material with New Dumps Questions [Q20-Q42]

leave a comment Cancel reply

Related Certifications

Recent Posts

Archives

Categories