VA-002-P exam

}A . anything they want to within VaultB . ability to enable a secret engine at the path *C . only make changes to policiesD . nothing, since the policy doesn't specify any specific pathsView AnswerAnswer: A Explanation: All interactions with Vault are done through its pathing structure. If you...

The Terraform language supports a number of different syntaxes for comments. Select all that are supported. (select three)A . #B . /* and */C . <* and *>D . //View AnswerAnswer: A,B,D Explanation: Terraform supports the #, //, and /*..*/ for commenting Terraform configuration files. Please use them when writing...

}A . anything they want to within VaultB . ability to enable a secret engine at the path *C . only make changes to policiesD . nothing, since the policy doesn't specify any specific pathsView AnswerAnswer: A Explanation: All interactions with Vault are done through its pathing structure. If you...

Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward. What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?A ....

Which auth method is ideal for machine to machine authentication?A . GitHubB . UserPassC . AppRoleD . OktaView AnswerAnswer: C Explanation: The ideal method for a machine to machine authentication is AppRole although it's not the only method. The other options are frequently reserved for human access. Reference link: -...

Select all features which are exclusive to Terraform Enterprise. (select three)A . Audit LogsB . Cost EstimationC . SentinelD . ClusteringE . SAML/SSOView AnswerAnswer: A,D,E Explanation: Sentinel and Cost Estimation are both available in Terraform Cloud, though not at the free tier level.

Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)A . path "secrets/apps/my_secret" { capabilities = ["create"] allowed_parameters = { "foo" = [] } }B . path "secrets/+/my_secret" { capabilities = ["create"] allowed_parameters = { "*" = ["bar"] } }C...

When Vault is sealed, which are the only two options available to a Vault administrator? (select two)A . rotate the encryption keyB . unseal VaultC . view the status of VaultD . configure policiesE . author security policiesF . view data stored in the key/value storeView AnswerAnswer: B,C Explanation: When...

You've set up multiple Vault clusters, one on-premises which is intended to be the primary cluster, and the second cluster in AWS, which was deployed to be used for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What...

An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like?...