HashiCorp Certified: Vault Associate VA-002-P Exam Questions

HashiCorp Certified Vault Associate certification is for Cloud Engineers specializing in security, development, or operations who know the basic concepts, skills, and use cases associated with open source HashiCorp Vault. PassQuestion has developed HashiCorp Certified: Vault Associate VA-002-P Exam Questions that will get you through your VA-002-P exam in a 100% sure shot way. Use our ultimate online HashiCorp Certified: Vault Associate VA-002-P Exam Questions and secure your certification.

HashiCorp Certified: Vault Associate VA-002-P Free Questions

1. True or False: You can migrate the Terraform backend but only if there are no resources currently being managed.


2. When multiple engineers start deploying infrastructure using the same state file, what is a feature of remote state storage that is critical to ensure the state does not become corrupt?


3. Vault secrets engines are used to do what with data? (select three)


4. What is the purpose of using the local-exec provisioner? (select two)


5. Which command is used to initialize Vault after first starting the Vault service?


6. True or False:

Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to include the features of a KV v2 secrets engine.


7. Which of the following Terraform files should be ignored by Git when committing code to a repo? (select two)


8. Vault has failed to start. You inspect the log and find the error below.

What needs to be changed in order to successfully start Vault? "Error parsing config.hcl: At 1:12: illegal char"


9. When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required?


10. The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)


11. What is the result of the following terraform function call? index(["a", "b", "c"], "c")


12. True or False: When encrypting data with the transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.


13. Which three interfaces can be used to access Vault? (select three)


14. Select the answer below that completes the following statement:

Terraform Cloud can be managed from the CLI but requires __________?


15. Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)


16. If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?


17. True or False:

Multiple providers can be declared within a single Terraform configuration file.


18. }


19. }


20. When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).


21. When Vault is sealed, which are the only two options available to a Vault administrator? (select two)


22. What happens when a terraform plan is executed?


23. While Vault provides businesses tons of functionality out of the box, what feature allows you to extend its functionality with solutions written by third-party providers?


24. Choose the correct answer which fixes the syntax of the following Terraform code:


25. You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code.

Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?


26. Which auth method is ideal for machine to machine authentication?


27. In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?


28. Which of the following is an invalid variable name?


29. What are the primary benefits of running Vault in a production deployment over dev server mode? (select two)


30. Which type of Vault replication copies all data from Vault, including K/V data, policies, and client tokens?


31. Vault configuration files can be written in what languages? (select two)


32. True or False:

When using the transit secrets engine, setting the min_decryption_version will determine the minimum key length of the data key (i.e., 2048, 4096, etc.)


33. A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API.

What can be done to resolve this issue?


34. Select all features which are exclusive to Terraform Enterprise. (select three)


35. }


36. Given the following screenshot, how many secrets engines have been enabled?


37. Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward.

What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?


38. Which of the following commands will remove all secrets at a specific path?


39. What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?


40. What is the result of the following terraform function call?

zipmap(["a", "b"], [1, 2])


41. When using parent/child modules to deploy infrastructure, how would you export value from one module to import into another module?

For example, a module dynamically deploys an application instance or virtual machine, and you need the IP address in another module to configure a related DNS record in order to reach the newly deployed application.


42. Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)


43. After executing a terraform apply, you notice that a resource has a tilde (~) next to it.

What does this infer?


44. range


45. Which of the following allows Terraform users to apply policy as code to enforce standardized configurations for resources being deployed via infrastructure as code?


46. Which commands are available only after Vault has been unsealed? (select two)


47. Which of the following is not a valid Terraform string function?


48. Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)


49. Which is not a capability that can be used when writing a Vault policy?


50. Terraform Enterprise (also referred to as pTFE) requires what type of backend database for a clustered deployment?


51. In order to extend a Consul storage backend, Consul nodes should be provisioned across multiple data centers or cloud regions.


52. The security barrier protects all of the following Vault components except ___.


53. What happens when a terraform apply command is executed?


54. Which TCP port does Vault use, by default, for its API and UI?


55. You’ve set up multiple Vault clusters, one on-premises which is intended to be the primary cluster, and the second cluster in AWS, which was deployed to be used for performance replication. After enabling replication, developers complain that all the data they’ve stored in the AWS Vault cluster is missing.

What happened?


56. }


57. }


58. Select two answers to complete the following sentence:

Before a new provider can be used, it must be ______ and _______.


59. Which of the following policies would permit a user to generate dynamic credentials on a database?


60. True or False:

The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. If the drift is detected between the real-world infrastructure and the last known-state, it will modify the infrastructure to correct the drift.


61. True or False? By default, Terraform destroy will prompt for confirmation before proceeding.


62. In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)


63. In terraform, most resource dependencies are handled automatically.

Which of the following statements describes best how terraform resource dependencies are handled?


64. An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don’t need to write a new one for each new user?

With the requirements listed below, what would such a policy look like?

Requirement: Each user can perform all operations on their allocated key/value secret path


65. }


66. When configuring Vault replication and monitoring its status, you keep seeing something called ‘WALs’.

What are WALs?


67. In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?


68. You have been given requirements to create a security group for a new application. Since your organization standardizes on Terraform, you want to add this new security group with the fewest number of lines of code.

What feature could you use to iterate over a list of required tcp ports to add to the new security group?




70. plaintext Y3JlZGl0LWNhcmQtbnVtYmVyCg==


71. Unsealing Vault creates the encryption keys, which is used to unencrypt the data on the storage backend.


72. An application requires a specific key/value to be updated in order to process a batch job. The value should be either "true" or "false". However, when developers have been updating the value, sometimes they mistype the value or capitalize on the value, causing the batch job not to run.

What feature of a Vault policy can be used in order to restrict the entry to the required values?


73. You are deploying Vault in a local data center, but want to be sure you have a secondary cluster in the event the primary cluster goes offline. In the secondary data center, you have applications that are running, as they are architected to run active/active.

Which type of replication would be best in this scenario?


74. The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/


75. What happens to child tokens when a parent token is revoked?


76. After logging into the Vault UI, a user complains that they cannot enable Replication.

Why would the replication configuration be missing?


77. True or False?

terraform init cannot automatically download Community providers.


78. Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)


79. You’ve logged into the Vault CLI and attempted to enable an auth method, but received this error message.

What can be done to resolve the error and configure Vault?

Error enabling userpass auth: Post http: server gave HTTP response to HTTPS client


80. Which of the following secrets engine can generate dynamic credentials? (select three)


Question 1 of 80

Leave a Reply

Your email address will not be published. Required fields are marked *