Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

VA-002-P Questions and Answers

Question # 4

Given the policy below, what would the user be able to access?

1. path "*" {

2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]

3. }

A.

anything they want to within Vault

B.

ability to enable a secret engine at the path *

C.

only make changes to policies

D.

nothing, since the policy doesn't specify any specific paths

Full Access
Question # 5

Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?

A.

terraform fmt

B.

terraform destroy

C.

terraform taint

D.

terraform refresh

Full Access
Question # 6

As opposed to service tokens, batch tokens are ideal for what type of action?

A.

generating dynamic credentials

B.

configuring Vault features

C.

renewing tokens

D.

issuing snapshots

E.

encrypting data

F.

writing secrets

Full Access
Question # 7

Which TCP port does Vault use, by default, for its API and UI?

A.

8600

B.

8201

C.

8500

D.

8301

E.

8300

F.

8200

Full Access
Question # 8

Vault policies are deny by default

A.

TRUE

B.

FALSE

Full Access
Question # 9

After decrypting data using the transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?

1. $ vault write transit/decrypt/creditcard\ ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \

2.

3. Key Value

4. --- -----

5. plaintext Y3JlZGl0LWNhcmQtbnVtYmVyCg==

A.

The resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 --decode command.

B.

The data is corrupted. Execute the encryption command again using a different data key

C.

the user doesn't have permission to decrypt the data, therefore Vault returns false data so as not to reveal if the data was actually encrypted by Vault

D.

Vault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

Full Access
Question # 10

A "backend" in Terraform determines how the state is loaded and how an operation such as apply is executed. Which of the following is not a supported backend type?

A.

terraform enterprise

B.

s3

C.

github

D.

consul

E.

artifactory

Full Access
Question # 11

Which of the following cloud providers are not supported by Vault secrets engines?

A.

Oracle

B.

Azure

C.

AWS

D.

GCP

E.

AliCloud

Full Access
Question # 12

Which TCP port does Vault replication use?

A.

8200

B.

8201

C.

8300

D.

8301

Full Access
Question # 13

HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform features are only available in the Enterprise edition? (select four)

A.

Sentinel

B.

SAML/SSO

C.

Audit Logs

D.

Private Network Connectivity

E.

Private Module Registry

F.

Clustering

Full Access
Question # 14

Vault does not trust the storage backend.

A.

False

B.

True

Full Access
Question # 15

What system endpoint can you query to determine which node is the leader of a cluster?

A.

/sys/tools

B.

/sys/leader

C.

/sys/health

D.

/sys/init

Full Access
Question # 16

Select the most accurate statement to describe the Terraform language from the following list.

A.

Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.

B.

Terraform is a mutable, declarative, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

C.

Terraform is an immutable, procedural, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

D.

Terraform is a mutable, procedural, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally YAML.

Full Access
Question # 17

In terraform, most resource dependencies are handled automatically. Which of the following statements describes best how terraform resource dependencies are handled?

A.

The terraform binary contains a built-in reference map of all defined Terraform resource dependencies. Updates to this dependency map are reflected in terraform versions. To ensure you are working with the latest resource dependency map you much be running the latest version of Terraform.

B.

Terraform analyses any expressions within a resource block to find references to other objects and treats those references as implicit ordering requirements when creating, updating, or destroying resources.

C.

Resource dependencies are identified and maintained in a file called resource. dependencies. Each terraform provider is required to maintain a list of all resource dependencies for the provider and it's included with the plugin during initialization when terraform init is executed. The file is located in the terraform.d folder.

D.

Resource dependencies are handled automatically by the depends_on meta_argument, which is set to true by default.

Full Access
Question # 18

What does the command terraform fmt do?

A.

formats the state file in order to ensure the latest state of resources can be obtained

B.

updates the font of the configuration file to the official font supported by HashiCorp

C.

rewrite Terraform configuration files to a canonical format and style

D.

deletes the existing configuration file

Full Access
Question # 19

What could you do with the feature found in the screenshot below? (select two)

A.

encrypt the Vault master key that is stored in memory

B.

using a short TTL, you could encrypt data in order to place only the encrypted data in Vault

C.

encrypt sensitive data to send to a colleague over email

D.

use response-wrapping to protect data

Full Access
Question # 20

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

A.

CVS Version Control

B.

GitHub Enterprise

C.

Bitbucket Cloud

D.

Azure DevOps Server

E.

GitHub

Full Access
Question # 21

What are some of the features of Terraform state? (select three)

A.

inspection of cloud resources

B.

increased performance

C.

mapping configuration to real-world resources

D.

determining the correct order to destroy resources

Full Access
Question # 22

In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?

A.

regular expressions

B.

module

C.

input parameters

D.

output value

Full Access
Question # 23

In the example below, the depends_on argument creates what type of dependency?

1. esource "aws_instance" "example" {

2. ami = "ami-2757f631"

3. instance_type = "t2.micro"

4. depends_on = [aws_s3_bucket.company_data]

5. }

A.

non-dependency resource

B.

implicit dependency

C.

explicit dependency

D.

internal dependency

Full Access
Question # 24

When Terraform needs to be installed in a location where it does not have internet access to download the installer and upgrades, the installation is generally known as to be __________.

A.

a private install

B.

disconnected

C.

non-traditional

D.

air-gapped

Full Access
Question # 25

Which of the following commands will remove all secrets at a specific path?

A.

vault lease revoke -prefix

B.

vault delete lease -all

C.

vault lease revoke -all

D.

vault revoke -all

Full Access
Question # 26

A user creates three workspaces from the command line - prod, dev, and test. Which of the following commands will the user run to switch to the dev workspace?

A.

terraform workspace select dev

B.

terraform workspace -switch dev

C.

terraform workspace dev

D.

terraform workspace switch dev

Full Access
Question # 27

Which of the following policies would permit a user to generate dynamic credentials on a database?

A.

path "database/creds/read_only_role" {

capabilities = ["read"]

}

B.

path "database/creds/read_only_role" {

capabilities = ["generate"]

}

C.

path "database/creds/read_only_role" {

capabilities = ["list"]

}

D.

path "database/creds/read_only_role" {

capabilities = ["sudo"]

}

Full Access
Question # 28

Given the Terraform configuration below, in which order will the resources be created?

1. resource "aws_instance" "web_server" {

2. ami = "i-abdce12345"

3. instance_type = "t2.micro"

4. }

5. resource "aws_eip" "web_server_ip" {

6. vpc = true

7. instance = aws_instance.web_server.id

8. }

A.

aws_eip will be created first

aws_instance will be created second

B.

no resources will be created

C.

aws_instance will be created first

aws_eip will be created second

D.

resources will be created simultaneously

Full Access
Question # 29

Which auth method is ideal for machine to machine authentication?

A.

GitHub

B.

UserPass

C.

AppRole

D.

Okta

Full Access
Question # 30

After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?

1. $ vault kv delete kv/applications/app01

2. Success! Data deleted (if it existed) at: kv/applications/app01

3. $ vault kv list kv/applications

4. Keys

5. ----

6. app01

A.

vault kv metadata delete kv/applications/app01

B.

vault kv delete -all kv/applications/app01

C.

vault kv delete -force kv/applications/app01

D.

vault kv destroy -versions=1 kv/applications/app01

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 26 Sep 2022