New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Permissions for Vault backend functions are available at which path?

A.

security/

B.

admin/

C.

backend/

D.

system/

E.

vault/

F.

sys/

Full Access
Question # 5

In regards to the transit secrets engine, which of the following is true given the following command and output: (select three)

1. $ vault write encryption/encrypt/creditcard plaintext=$(base64 <<< "1234 5678 9101 1121")

2. Key Value

3. --- -----

4. ciphertext vault:v3:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=

A.

there are at least three data keys associated with this keyring

B.

the name of the keyring used to encrypt the data is creditcard

C.

the data was written to the encryption path, which is provided by default when enabling the transit secrets engine

D.

the transit secrets engine is mounted at the encryption path

Full Access
Question # 6

What are the benefits of using Infrastructure as Code? (select five)

A.

Infrastructure as Code easily replaces development languages such as Go and .Net for application development

B.

Infrastructure as Code allows a user to turn a manual task into a simple, automated deployment

C.

Infrastructure as Code is relatively simple to learn and write, regardless of a user's prior experience with developing code

D.

Infrastructure as Code is easily repeatable, allowing the user to reuse code to deploy similar, yet different resources

E.

Infrastructure as Code provides configuration consistency and standardization among deployments

F.

Infrastructure as Code gives the user the ability to recreate an application's infrastructure for disaster recovery scenarios

Full Access
Question # 7

Which auth method is ideal for machine to machine authentication?

A.

GitHub

B.

UserPass

C.

AppRole

D.

Okta

Full Access
Question # 8

Terraform-specific settings and behaviors are declared in which configuration block type?

A.

data

B.

resource

C.

terraform

D.

provider

Full Access
Question # 9

If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

A.

path "secret/apps/confidential/*" {

capabilities = ["deny"]

}

B.

path "secret/apps/*" {

capabilities = ["deny"]

}

C.

path "secret/apps/confidential" {

capabilities = ["deny"]

}

D.

path "secret/apps/*" {

capabilities = ["create", "read", "update", "delete", "list"]

}

path "secret/*" {

capabilities = ["read", "deny"]

}

Full Access
Question # 10

Which of the following commands will remove all secrets at a specific path?

A.

vault lease revoke -prefix

B.

vault delete lease -all

C.

vault lease revoke -all

D.

vault revoke -all

Full Access
Question # 11

After decrypting data using the transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?

1. $ vault write transit/decrypt/creditcard\ ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \

2.

3. Key Value

4. --- -----

5. plaintext Y3JlZGl0LWNhcmQtbnVtYmVyCg==

A.

The resulting plaintext data is base64-encoded. To reveal the original plaintext, use the base64 --decode command.

B.

The data is corrupted. Execute the encryption command again using a different data key

C.

the user doesn't have permission to decrypt the data, therefore Vault returns false data so as not to reveal if the data was actually encrypted by Vault

D.

Vault is sealed, therefore the data cannot be decrypted. Unseal Vault to properly decrypt the data

Full Access
Question # 12

Which of the following best describes a Terraform provider?

A.

describes an infrastructure object, such as a virtual network, compute instance, or other components

B.

a container for multiple resources that are used together

C.

serves as a parameter for a Terraform module that allows a module to be customized

D.

a plugin that Terraform uses to translate the API interactions with the service or provider

Full Access
Question # 13

What is the default method of authentication after first initializing Vault?

A.

GitHub

B.

AppRole

C.

Admin account

D.

Tokens

E.

Userpass

F.

TLS certificates

Full Access
Question # 14

What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

A.

CLI access from the same machine running Terraform

B.

API access using the AppRole auth method

C.

Vault provider

D.

Integration with a tool like Jenkins

Full Access
Question # 15

During a terraform apply, a resource is successfully created but eventually fails during provisioning. What happens to the resource?

A.

Terraform attempts to provide the resource up to three times before exiting with an error

B.

the terraform plan is rolled back and all provisioned resources are removed

C.

it is automatically deleted

D.

the resource is marked as tainted

Full Access
Question # 16

What does the following API request return?

1. $ curl \

2. --header "X-Vault-Token: ..." \

3. --request POST \

4. --data @payload.json \

5. http://127.0.0.1:8200/v1/sys/tools/random/164

A.

a random string of 164 characters

B.

a random token valid for 164 uses

C.

None

D.

a secured secret based on 164 bytes of data

Full Access
Question # 17

When registering a plugin with Vault, where would you configure the location where the binaries are located in order for Vault to properly register the plugin?

A.

in the Vault configuration file using plugin_directory=

B.

in the UI underneath the plugin tab

C.

in the plugin configuration file using directory=

D.

within the CLI command when registering a plug

Full Access
Question # 18

Which of the following best describes the default local backend?

A.

The local backend stores state on the local filesystem locks the state using system APIs and performs operations locally.

B.

The local backend is the directory where resources deployed by Terraform have direct access to in order to update their current state

C.

The local backend is how Terraform connects to public cloud services, such as AWS, Azure, or GCP.

D.

The local backend is where Terraform Enterprise stores logs to be processed by a log collector

Full Access
Question # 19

In order to extend Vault beyond a data center or cloud regional boundary, what feature should be used?

A.

plugins

B.

secrets engine

C.

replication

D.

seal/unseal

E.

snapshots

Full Access
Question # 20

You've logged into the Vault CLI and attempted to enable an auth method, but received this error message. What can be done to resolve the error and configure Vault?

Error enabling userpass auth: Post https://127.0.0.1:8200/v1/sys/auth/userpass: http: server gave HTTP response to HTTPS client

A.

change 'userpass' to 'username and password'

B.

restart the Vault service on this node

C.

set the VAULT_ADDR environment variable to HTTP

D.

ask an admin to grant you permission to enable the userpass auth method

Full Access
Question # 21

What system endpoint can you query to determine which node is the leader of a cluster?

A.

/sys/tools

B.

/sys/leader

C.

/sys/health

D.

/sys/init

Full Access
Question # 22

A user creates three workspaces from the command line - prod, dev, and test. Which of the following commands will the user run to switch to the dev workspace?

A.

terraform workspace select dev

B.

terraform workspace -switch dev

C.

terraform workspace dev

D.

terraform workspace switch dev

Full Access
Question # 23

Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?

A.

path "secrets/applications/+/api_*" {

capabilities = ["read"]

}

B.

path "secrets/applications/" {

capabilities = ["read"]

allowed_parameters = {

"certificate" = []

}

}

C.

path "secrets/*" {

capabilities = ["list"]

}

D.

path "secrets/applications/app01/api_key" {

capabilities = ["update", "list"]

}

Full Access
Question # 24

In the example below, the depends_on argument creates what type of dependency?

1. esource "aws_instance" "example" {

2. ami = "ami-2757f631"

3. instance_type = "t2.micro"

4. depends_on = [aws_s3_bucket.company_data]

5. }

A.

non-dependency resource

B.

implicit dependency

C.

explicit dependency

D.

internal dependency

Full Access
Question # 25

Given the policy below, what would the user be able to access?

1. path "*" {

2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]

3. }

A.

anything they want to within Vault

B.

ability to enable a secret engine at the path *

C.

only make changes to policies

D.

nothing, since the policy doesn't specify any specific paths

Full Access
Question # 26

Complete the following sentence:

For the local state, the workspaces are stored directly in a...

A.

a file called terraform.tfstate

B.

directory called terraform.workspaces.tfstate

C.

directory called terraform.tfstate.d

D.

a file called terraform.tfstate.backup

Full Access
Question # 27

Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?

A.

terraform fmt

B.

terraform destroy

C.

terraform taint

D.

terraform refresh

Full Access
Question # 28

Beyond encryption and decryption of data, which of the following is not a function of the Vault transit secrets engine?

A.

generate hashes and HMACs of data

B.

sign and verify data

C.

act as a source of random bytes

D.

store the encrypted data securely in Vault for retrieval

Full Access
Question # 29

When configuring Vault replication and monitoring its status, you keep seeing something called 'WALs'. What are WALs?

A.

wake after lan

B.

warning of allocated logs

C.

write-ahead log

D.

write along logging

Full Access
Question # 30

Select all Operating Systems that Terraform is available for. (select five)

A.

Linux

B.

Windows

C.

Unix

D.

FreeBSD

E.

Solaris

F.

macOS

Full Access