Tag - VA-002-P exam

You've set up multiple Vault clusters, one on-premises which is intended to be the primary cluster, and the second cluster in AWS, which was deployed to be used for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What...

When using parent/child modules to deploy infrastructure, how would you export value from one module to import into another module? For example, a module dynamically deploys an application instance or virtual machine, and you need the IP address in another module to configure a related DNS record in order to...

The security barrier protects all of the following Vault components except ___.A . secret engineB . auth methodC . storage backendD . audit devicesE . token storeView AnswerAnswer: C Explanation: storage backend and HTTP API are outside of the security barrier hence can't be protected.

}A . The EC2 instance labeled web_serverB . The EIP with an id of ami-2757f631C . The AMI used for the EC2 instanceD . The S3 bucket labeled company_dataView AnswerAnswer: A Explanation: The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance...

}A . The EC2 instance labeled web_serverB . The EIP with an id of ami-2757f631C . The AMI used for the EC2 instanceD . The S3 bucket labeled company_dataView AnswerAnswer: A Explanation: The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance...

In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?A . pluginsB . secrets engineC . replicationD . seal/unsealE . snapshotsView AnswerAnswer: C Explanation: To extend Vault beyond a data center or cloud regional boundary, replication can be used. Vault supports both...

Which commands are available only after Vault has been unsealed? (select two)A . vault login -method=ldap -username=vaultB . vault operator unsealC . vault kv get kv/apps/app01D . vault statusView AnswerAnswer: A,C Explanation: Once Vault is unsealed, you can run vault login -method=ldap -username=vault and vault kv get kv/apps/app01. The second...

True or False: Multiple providers can be declared within a single Terraform configuration file.A . FalseB . TrueView AnswerAnswer: B Explanation: Multiple provider blocks can exist if a Terraform configuration is composed of multiple providers, which is a common situation. To add multiple providers in your configuration, declare the providers,...

You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource's current state, what must you do in order to prepare to manage these resources using Terraform?A . run terraform refresh to ensure that the state...

Which of the following commands will remove all secrets at a specific path?A . vault lease revoke -prefix <path>B . vault delete lease -all <path>C . vault lease revoke -all <path>D . vault revoke -all <path>View AnswerAnswer: A Explanation: The -prefix flag treats the ID as a prefix instead of...