100% Reliable VA-002-P Exam Dumps Test Pdf Exam Material [Q66-Q89]

Share

100% Reliable Microsoft VA-002-P Exam Dumps Test Pdf Exam Material

Based on Official Syllabus Topics of Actual HashiCorp VA-002-P Exam

NEW QUESTION # 66
Which TCP port does Vault replication use?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Check below link for details:- https://learn.hashicorp.com/vault/operations/ops-reference-architecture


NEW QUESTION # 67
Select the two default policies created in Vault. (select two)

  • A. vault
  • B. base
  • C. admin
  • D. root
  • E. default
  • F. user

Answer: D,E

Explanation:
Vault creates two default policies; root, and default.
The root policy cannot be deleted or modified.
The default policy is attached to all tokens, by default, however, this action can be modified if needed.


NEW QUESTION # 68
What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

  • A. Integration with a tool like Jenkins
  • B. API access using the AppRole auth method
  • C. CLI access from the same machine running Terraform
  • D. Vault provider

Answer: D

Explanation:
The Vault provider allows Terraform to read from, write to, and configure Harshicorp Vault.


NEW QUESTION # 69
Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward.
What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?

  • A. using terraform import, import the existing infrastructure into your Terraform state
  • B. resources that are manually deployed in the AWS console cannot be imported by Terraform
  • C. delete the existing resources and recreate them using new a Terraform configuration so Terraform can manage them moving forward
  • D. submit a ticket to AWS and ask them to export the state of all existing resources and use terraform import to import them into the state file

Answer: A

Explanation:
Terraform is able to import existing infrastructure. This allows you to take resources you've created by some other means and bring it under Terraform management.
This is a great way to slowly transition infrastructure to Terraform or to be sure you're confident that you can use Terraform in the future if it currently doesn't support every AWS service or feature you need today.


NEW QUESTION # 70
Which of the following terraform subcommands could be used to remove the lock on the state for the current configuration?

  • A. Removing the lock on a state file is not possible
  • B. force-unlock
  • C. state-unlock
  • D. unlock

Answer: B

Explanation:
terraform force-unlock removes the lock on the state for the current configuration.


NEW QUESTION # 71
Which auth method is ideal for machine to machine authentication?

  • A. AppRole
  • B. UserPass
  • C. GitHub
  • D. Okta

Answer: A

Explanation:
The ideal method for a machine to machine authentication is AppRole although it's not the only method. The other options are frequently reserved for human access.
Reference link:- https://www.hashicorp.com/blog/authenticating-applications-with-vault-approle/


NEW QUESTION # 72
The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/

  • A. True
  • B. False

Answer: A

Explanation:
The lease command groups subcommands for interacting with leases attached to secrets.
Subcommands:
renew Renews the lease of a secret
revoke Revokes leases and secrets
Using the '-prefix' flag allows you to revoke the entire tree of secrets.


NEW QUESTION # 73
While Vault provides businesses tons of functionality out of the box, what feature allows you to extend its functionality with solutions written by third-party providers?

  • A. plugin backend
  • B. control groups
  • C. namespaces
  • D. vault agent

Answer: A

Explanation:
Plugin backends are the components in Vault that can be implemented separately from Vault's built-in backends. These backends can be either authentication or secrets engines. All Vault auth and secret backends are considered plugins. This simple concept allows both built-in and external plugins to be treated like Legos. Any plugin can exist at multiple different locations. Different versions of a plugin may be at each one, with each version differing from Vault's version.
Reference links:-
https://www.vaultproject.io/docs/plugin
https://www.vaultproject.io/docs/internals/plugins


NEW QUESTION # 74
What does the following API request return?
1. $ curl \
2. --header "X-Vault-Token: ..." \
3. --request POST \
4. --data @payload.json \
5. http://127.0.0.1:8200/v1/sys/tools/random/164

  • A. None
  • B. a random string of 164 characters
  • C. a random token valid for 164 uses
  • D. a secured secret based on 164 bytes of data

Answer: B

Explanation:
This endpoint returns high-quality random bytes of the specified length.


NEW QUESTION # 75
Your organization is running Vault open source and has decided it wants to use the Identity secrets engine. You log into Vault but are unable to find it in the list to enable. What gives?

  • A. the policy attached to your user doesn't allow access to the Identity secrets engine.
  • B. because you are running open-source and the identity secrets engine is an Enterprise feature, it is not available to enable.
  • C. this secrets engine will be mounted by default.
  • D. the identity secrets engine was deprecated in previous versions

Answer: C

Explanation:
The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault. This secrets engine will be mounted by default. This secrets engine cannot be disabled or moved.
Reference link:- https://www.vaultproject.io/docs/secrets/identity


NEW QUESTION # 76
You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active. Which type of replication would be best in this scenario?

  • A. disaster recovery replication
  • B. end-to-end replication
  • C. single-node replication
  • D. performance replication

Answer: D

Explanation:
In this scenario, the key to answering is that there are applications actively running the secondary data center. Because of this, you can deploy Performance Replication and the applications can now use the Vault cluster in their respective data center. This reduces network latency for your applications and provides you with a secondary cluster for redundancy.


NEW QUESTION # 77
When multiple engineers start deploying infrastructure using the same state file, what is a feature of remote state storage that is critical to ensure the state does not become corrupt?

  • A. encryption
  • B. object storage
  • C. state locking
  • D. workspaces

Answer: C

Explanation:
If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state.
State locking happens automatically on all operations that could write state. You won't see any message that it is happening. If state locking fails, Terraform will not continue. You can disable state locking for most commands with the -lock flag but it is not recommended.


NEW QUESTION # 78
After logging into the Vault UI, a user complains that they cannot enable Replication. Why would the replication configuration be missing?

  • A. replication hasn't been enabled
  • B. replication wasn't configured in the Vault configuration file
  • C. replication configuration isn't available in the UI
  • D. Vault is running an open-source version

Answer: D

Explanation:
Replication is not available in open-source versions of Vault. It is an enterprise feature.


NEW QUESTION # 79
What happens to child tokens when a parent token is revoked?

  • A. the child tokens are converted to parent tokens
  • B. the child tokens are renewed
  • C. the child tokens are revoked
  • D. the child tokens create their own child tokens to be used

Answer: C

Explanation:
When a parent token is revoked, all of its child tokens and leases are revoked as well. This ensures that a user cannot skip revocation by simply making a timeless tree of child tokens.


NEW QUESTION # 80
After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to coerce Vault to remove the secret?

  • A. vault lease revoke -force -prefix <lease_path>
  • B. vault lease revoke -enforce
  • C. vault revoke -apply
  • D. vault lease -renew

Answer: A

Explanation:
The -force flag is meant for recovery when the secret in the target secrets engine was manually deleted.


NEW QUESTION # 81
What are the primary benefits of running Vault in a production deployment over dev server mode? (select two)

  • A. encryption via TLS
  • B. ability to enable auth methods
  • C. persistent storage
  • D. faster deployment
  • E. access to all of the secret engines

Answer: A,C

Explanation:
Dev server mode stores its data in memory, therefore if the Vault service is shut down, any data stored will be lost. Additionally, dev server mode does not use TLS, and all data is sent in cleartext.


NEW QUESTION # 82
When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

  • A. It's easier to just use the root token than to configure additional auth methods
  • B. the root token isn't a secure way of logging into Vault
  • C. the root token should be revoked and not used on a day-to-day basis
  • D. the root token is attached to the root policy, which likely provides too many privileges to a user

Answer: C,D

Explanation:
The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.


NEW QUESTION # 83
When Vault is sealed, which are the only two options available to a Vault administrator? (select two)

  • A. view data stored in the key/value store
  • B. view the status of Vault
  • C. rotate the encryption key
  • D. unseal Vault
  • E. configure policies
  • F. author security policies

Answer: B,D

Explanation:
When Vault is sealed, the only two options available are, viewing the vault status and unsealing Vault. All the other actions performed after the Vault is unsealed and the user is authenticated.


NEW QUESTION # 84
After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?
1. $ vault kv delete kv/applications/app01
2. Success! Data deleted (if it existed) at: kv/applications/app01
3. $ vault kv list kv/applications
4. Keys
5. ----
6. app01

  • A. vault kv delete -all kv/applications/app01
  • B. vault kv destroy -versions=1 kv/applications/app01
  • C. vault kv metadata delete kv/applications/app01
  • D. vault kv delete -force kv/applications/app01

Answer: C

Explanation:
The kv metadata command has subcommands for interacting with the metadata and versions for the versioned secrets (K/V Version 2 secrets engine) at the specified path.
The kv metadata delete command deletes all versions and metadata for the provided key.
Reference link:- https://www.vaultproject.io/docs/commands/kv/metadata


NEW QUESTION # 85
Which is not a capability that can be used when writing a Vault policy?

  • A. read
  • B. create
  • C. modify
  • D. update
  • E. delete
  • F. list

Answer: C

Explanation:
When writing a Vault policy, permissions which can be applied to paths include create, read, update, delete, list, deny, and sudo.
https://www.vaultproject.io/docs/concepts/policies
Modify is not one of them.


NEW QUESTION # 86
Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)

  • A. operations teams only need to learn and manage a single tool to manage infrastructure, regardless of where the infrastructure is deployed
  • B. slower provisioning speed allows the operations team to catch mistakes before they are applied
  • C. increased risk due to all infrastructure relying on a single tool for management
  • D. can be used across major cloud providers and VM hypervisors

Answer: A,D

Explanation:
Using a tool like Terraform can be advantageous for organizations deploying workloads across multiple public and private cloud environments. Operations teams only need to learn a single tool, single language, and can use the same tooling to enable a DevOps-like experience and workflows.


NEW QUESTION # 87
In a Consul cluster, participating nodes can be only one of two types. Select the valid types. (select two)

  • A. follower
  • B. secondary
  • C. active
  • D. leader
  • E. primary
  • F. passive

Answer: A,D

Explanation:
Within each datacenter, we have a mixture of clients and servers. It is expected that there be between three to five servers. This strikes a balance between availability in the case of failure and performance, as consensus gets progressively slower as more machines are added. However, there is no limit to the number of clients, and they can easily scale into the thousands or tens of thousands.
Server or Leader - It indicates whether the agent is running in server or client mode. Server nodes participate in the consensus quorum, storing cluster state, and handling queries. At any given time, the peer set elects a single node to be the leader. The leader is responsible for ingesting new log entries, replicating to followers, and managing when an entry is considered committed.
Client or Follower - Client nodes make up the majority of the cluster, and they are very lightweight as they interface with the server nodes for most operations and maintain a very little state of their own.
Reference link:- https://www.consul.io/docs/internals/architecture.html


NEW QUESTION # 88
The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)

  • A. <* and *>
  • B. #
  • C. /* and */
  • D. //

Answer: B,C,D

Explanation:
Terraform supports the #, //, and /*..*/ for commenting Terraform configuration files. Please use them when writing Terraform so both you and others who are using your code have a full understanding of what the code is intended to do.
https://www.terraform.io/docs/configuration/syntax.html#comments


NEW QUESTION # 89
......


HashiCorp VA-002-P certification exam is an excellent opportunity for IT professionals who are looking to validate their skills in using HashiCorp Vault. VA-002-P exam is designed to assess the candidate's knowledge and skills related to Vault's core concepts, features, and functionalities. HashiCorp Certified: Vault Associate Exam certification can help professionals to demonstrate their expertise in using Vault and can be a valuable asset in advancing their careers in the field of cloud infrastructure management.

 

Free VA-002-P Dumps are Available for Instant Access: https://www.prepawaypdf.com/HashiCorp/VA-002-P-practice-exam-dumps.html

View All VA-002-P Actual Exam Questions Answers and Explanations for Free: https://drive.google.com/open?id=1t8GCXxQmLtmSwH6cbF3Ha5lqP8DHGrsz