良質なVA-002-PのPDF問題集でVA-002-P試験問題を試せます
一番最新のHashiCorp VA-002-P試験問題集PDF2023年更新
この試験は、資格とキャリアの見通しを向上させたいITプロフェッショナルや開発者に適しています。HashiCorp VA-002-P試験に合格した個人は、Vault管理の専門知識の証明として、グローバルに認められたHashiCorp Certified:Vault Associateの称号を獲得します。また、試験に合格した応募者は、ネットワーク機会やメンターシップの機会を提供するHashiCorpの認定コミュニティにも独占的にアクセスできます。
質問 # 18
The command vault lease revoke -prefix aws/ will revoke all leases associated with the secret engine mounted at aws/
- A. True
- B. False
正解:A
解説:
The lease command groups subcommands for interacting with leases attached to secrets.
Subcommands:
renew Renews the lease of a secret
revoke Revokes leases and secrets
Using the '-prefix' flag allows you to revoke the entire tree of secrets.
質問 # 19
When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)
- A. directly querying HashiCorp Vault for the secrets
- B. interactively on the command line
- C. command-line key/value pairs
- D. use the -backend-config=PATH to specify a separate config file
正解:B、C、D
解説:
You do not need to specify every required argument in the backend configuration. Omitting certain arguments may be desirable to avoid storing secrets, such as access keys, within the main configuration. When some or all of the arguments are omitted, we call this a partial configuration.
With a partial configuration, the remaining configuration arguments must be provided as part of the initialization process. There are several ways to supply the remaining arguments:
Interactively: Terraform will interactively ask you for the required values unless interactive input is disabled. Terraform will not prompt for optional values.
File: A configuration file may be specified via the init command line. To specify a file, use the -backend-config=PATH option when running terraform init. If the file contains secrets it may be kept in a secure data store, such as Vault, in which case it must be downloaded to the local disk before running Terraform.
Command-line key/value pairs: Key/value pairs can be specified via the init command line. Note that many shells retain command-line flags in a history file, so this isn't recommended for secrets. To specify a single key/value pair, use the -backend-config="KEY=VALUE" option when running terraform init.
質問 # 20
In order to extend a Consul storage backend, Consul nodes should be provisioned across multiple data centers or cloud regions.
- A. True
- B. False
正解:B
解説:
Consul nodes in the same cluster should not be provisioned across multiple data centers or cloud regions due to the low-latency requirements.
質問 # 21
What command is used to renew a token, if permitted?
- A. vault operator token renew
- B. vault renew token <token-id>
- C. vault update token
- D. vault new <token-id>
- E. vault token renew
- F. vault token update
正解:E
解説:
In order to renew a token, a user can issue a vault token renew command to extend the TTL. The token can also be renewed using the API
質問 # 22
Which of the following is an invalid variable name?
- A. count
- B. instance_name
- C. web
- D. var1
正解:A
解説:
count is a reserved word. The count parameter on resources can simplify configurations and let you scale resources by simply incrementing a number.
https://www.terraform.io/intro/examples/count.html
質問 # 23
Which of the following connection types are supported by the remote-exec provisioner? (select two)
- A. ssh
- B. smb
- C. rdp
- D. winrm
正解:A、D
解説:
The remote-exec provisioner invokes a script on a remote resource after it is created. The remote-exec provisioner supports both ssh and winrm type connections.
質問 # 24
When a primary Vault cluster fails, Vault will automatically promote a secondary cluster to ensure maximum uptime.
- A. True
- B. False
正解:B
解説:
Vault secondary clusters must be manually promoted to a primary.
質問 # 25
The userpass auth method has the ability to access external services in order to provide authentication to Vault.
- A. FALSE
- B. TRUE
正解:A
解説:
The userpass auth method uses a local database that cannot interact with any services outside of the Vault instance.
質問 # 26
In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?
- A. module
- B. output value
- C. input parameters
- D. regular expressions
正解:C
解説:
Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module's own source code, and allowing modules to be shared between different configurations.
質問 # 27
Which of the following secrets engine can generate dynamic credentials? (select three)
- A. AWS
- B. database
- C. Transit
- D. Azure
- E. key/value
正解:A、B、D
解説:
Vault has many secrets engines that can generate dynamic credentials, including AWS, Azure, and database secrets engines. The key/value secret engine is used to store data, and the transit secret engine is used to encrypt data.
質問 # 28
An application is trying to use a secret in which the lease has expired. What can be done in order for the application to successfully request data from Vault?
- A. perform a lease renewal
- B. request a new secret and associated lease
- C. request the TTL be extended for the secret
- D. try the expired secret in hopes it hasn't been deleted yet
正解:B
解説:
A lease must be renewed before it has expired. Once it has expired, it is permanently revoked and a new secret must be requested.
質問 # 29
By default, where does Terraform store its state file?
- A. current working directory
- B. remotely using Terraform Cloud
- C. shared directory
- D. Amazon S3 bucket
正解:A
解説:
By default, the state file is stored in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment.
質問 # 30
Vault has failed to start. You inspect the log and find the error below. What needs to be changed in order to successfully start Vault?
"Error parsing config.hcl: At 1:12: illegal char"
- A. you must use single quotes vs double quotes in the config file
- B. fix the syntax error in the Vault configuration file
- C. the " character cannot be used in the config file
- D. line 1 on the config file is blank
正解:B
解説:
It implies that there is a syntax error in the configuration file. The exact location of the error in the file can be identified in the error message
質問 # 31
Which of the following best describes the default local backend?
- A. The local backend is where Terraform Enterprise stores logs to be processed by a log collector
- B. The local backend is the directory where resources deployed by Terraform have direct access to in order to update their current state
- C. The local backend stores state on the local filesystem locks the state using system APIs and performs operations locally.
- D. The local backend is how Terraform connects to public cloud services, such as AWS, Azure, or GCP.
正解:C
解説:
Information on the default local backend can be found at this link.
Example:
terraform {
backend "local" {
path = "relative/path/to/terraform.tfstate"
}
}
質問 # 32
When Terraform needs to be installed in a location where it does not have internet access to download the installer and upgrades, the installation is generally known as to be __________.
- A. disconnected
- B. a private install
- C. air-gapped
- D. non-traditional
正解:C
解説:
A Terraform Enterprise install that is provisioned on a network that does not have Internet access is generally known as an air-gapped install. These types of installs require you to pull updates, providers, etc. from external sources vs. being able to download them directly.
質問 # 33
Your organization is running Vault open source and has decided it wants to use the Identity secrets engine. You log into Vault but are unable to find it in the list to enable. What gives?
- A. the policy attached to your user doesn't allow access to the Identity secrets engine.
- B. because you are running open-source and the identity secrets engine is an Enterprise feature, it is not available to enable.
- C. this secrets engine will be mounted by default.
- D. the identity secrets engine was deprecated in previous versions
正解:C
解説:
The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault. This secrets engine will be mounted by default. This secrets engine cannot be disabled or moved.
Reference link:- https://www.vaultproject.io/docs/secrets/identity
質問 # 34
A user runs terraform init on their RHEL based server and per the output, two provider plugins are downloaded:
1. $ terraform init
2.
3. Initializing the backend...
4.
5. Initializing provider plugins...
6. - Checking for available provider plugins...
7. - Downloading plugin for provider "aws" (hashicorp/aws) 2.44.0...
8. - Downloading plugin for provider "random" (hashicorp/random) 2.2.1...
9.
10. Terraform has been successfully initialized!
Where are these plugins downloaded to?
- A. The .terraform.plugins directory in the directory terraform init was executed in.
- B. The .terraform/plugins directory in the directory terraform init was executed in.
- C. /etc/terraform/plugins
- D. The .terraform.d directory in the directory terraform init was executed in.
正解:B
解説:
By default, terraform init downloads plugins into a subdirectory of the working directory, .terraform/plugins, so that each working directory is self-contained.
質問 # 35
......
HashiCorp VA-002-P 認定試験は、IT プロフェッショナルや開発者が HashiCorp Vault の管理における専門知識を証明する機会です。この試験はオンラインで監督され、Vault の展開やメンテナンスに関連する様々な主題をカバーしています。この試験に合格した受験者は、HashiCorp 認定:Vault アソシエイトとなり、独占的なグローバルコミュニティへのアクセスを獲得します。
HashiCorp VA-002-P試験は、HashiCorp Vaultに新しく取り組む人や、ある程度の経験がある人に適した初級認定です。システム管理者、開発者、DevOpsエンジニア、セキュリティ専門家など、Vaultのスキルと知識を証明したい人は誰でも受験できます。
100%無料HashiCorp Security Automation VA-002-P問題集PDFお試しサンプル認定ガイドカバー率:https://www.passtest.jp/HashiCorp/VA-002-P-shiken.html
PDF試験材料は2023年最新の実際に出るVA-002-P問題集:https://drive.google.com/open?id=13QZU8L2FCvyhRk4ZU96Rfh8mwGJLsCwL