CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HashiCorp
  5. VA-002-P

Free VA-002-P Exam Braindumps (page: 21)

Page 21 of 51
PDF with 200 Questions

After logging into the Vault UI, a user complains that they cannot enable Replication. Why would the replication configuration be missing?

  1. replication wasn't configured in the Vault configuration file
  2. replication hasn't been enabled
  3. Vault is running an open-source version
  4. replication configuration isn't available in the UI

Answer(s): C

Explanation:

Replication is not available in open-source versions of Vault. It is an enterprise feature.



When configuring Vault replication and monitoring its status, you keep seeing something called 'WALs'. What are WALs?

  1. wake after lan
  2. warning of allocated logs
  3. write-ahead log
  4. write along logging

Answer(s): C

Explanation:

Reference links:-
https://learn.hashicorp.com/vault/day-one/monitor-replication https://www.vaultproject.io/docs/internals/replication



You've set up multiple Vault clusters, one on-premises which is intended to be the primary cluster, and the second cluster in AWS, which was deployed to be used for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What happened?

  1. the data was moved to a recovery path after replication was enabled. Use the vault secrets move command to move the data back to its intended location
  2. there is a certificate mismatch after replication was enabled since Vault replication generates its own TLS certificates to ensure nodes are trusted entities
  3. the data was automatically copied to the primary cluster after replication was enabled since all writes are always forwarded to the primary cluster
  4. all of the data on the secondary cluster was deleted after replication was enabled

Answer(s): D

Explanation:

Replication relies on having a shared keyring between primary and secondaries and a shared understanding of the data store state.
As soon as replication is enabled, all of the secondary's existing data will be destroyed, which is irrevocable.
Generally, activating as a secondary will be the first thing that is done upon setting up a new cluster for replication.
Hence, create a backup first if there is a slight chance that you would need this existing storage in the future.


Reference:

https://www.hashicorp.com/resources/setting-up-configuring-performance- replication/



Which of the following Vault policies will allow a Vault client to read a secret stored at secrets/applications/app01/api_key?

  1. path "secrets/applications/+/api_*" {
    capabilities = ["read"]
    }
  2. path "secrets/applications/" {
    capabilities = ["read"]
    allowed_parameters = {
    "certificate" = []
    }
    }
  3. path "secrets/*" {
    capabilities = ["list"]
    }
  4. path "secrets/applications/app01/api_key" {
    capabilities = ["update", "list"]
    }

Answer(s): A

Explanation:

Wildcards and path segments can be used to allow access to a broader set of secrets rather than having to call out each individual secret itself. None of the other policies will allow a client to actually read the data stored at the path secrets/applications/app01/api_key



Page 21 of 51



Post your Comments and Discuss HashiCorp VA-002-P exam with other Community members:

Bruno commented on October 10, 2023
PDF is Vault, EXM is Teraform.
UNITED STATES
upvote