• Home
  • Blogs
  • Free HashiCorp VA-002-P Exam 2024 Practice Materials Collection [Q70-Q90]

Free HashiCorp VA-002-P Exam 2024 Practice Materials Collection [Q70-Q90]

Share

Free HashiCorp VA-002-P Exam 2024 Practice Materials Collection

VA-002-P Exam Info and Free Practice Test All-in-One Exam Guide Dec-2024

NEW QUESTION # 70
In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)

  • A. issuing a vault kv destroy statement permanently deletes a single version of a secret
  • B. issuing a vault kv metadata delete statement permanently deletes the secret
  • C. issuing a vault kv delete statement performs a soft delete
  • D. issuing a vault kv delete statement permanently deletes the secret
  • E. issuing a vault kv destroy statement deletes all versions of a secret

Answer: A,B,C

Explanation:
The kv delete command is like a soft delete which deletes the data for the provided path in the key/value secrets engine. If using K/V Version 2, its versioned data will not be fully removed, but marked as deleted and will no longer be available for normal get requests.
The kv destroy command permanently removes the specified versions' data from the key/value secrets engine. If no key exists at the path, no action is taken. It does not deletes all versions of a secret.
The kv metadata delete command deletes all versions and metadata for the provided key.


NEW QUESTION # 71
Which of the following commands will remove all secrets at a specific path?

  • A. vault lease revoke -all <path>
  • B. vault lease revoke -prefix <path>
  • C. vault delete lease -all <path>
  • D. vault revoke -all <path>

Answer: B

Explanation:
The -prefix flag treats the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously.


NEW QUESTION # 72
Select two answers to complete the following sentence:
Before a new provider can be used, it must be ______ and _______.

  • A. uploaded to source control
  • B. initialized
  • C. declared in the configuration
  • D. approved by HashiCorp

Answer: B,C

Explanation:
Each time a new provider is added to configuration -- either explicitly via a provider block or by adding a resource from that provider -- Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin so that it can later be executed.


NEW QUESTION # 73
Choose the correct answer which fixes the syntax of the following Terraform code:

  • A. resource "aws_security_group" "vault_elb" {
    name = "${var.name_prefix}-vault-elb"
    description = "Vault ELB"
    vpc_id = var.vpc_id
    }
  • B. resource "aws_security_group" "vault_elb" {
    name = "${var.name_prefix}-vault-elb"
    description = "${Vault ELB}"
    vpc_id = var.vpc_id
    }
  • C. resource "aws_security_group" "vault_elb" {
    name = "${var.name_prefix}-vault-elb"
    description = var_Vault ELB
    vpc_id = var.vpc_id
    }
  • D. resource "aws_security_group" "vault_elb" {
    name = "${var.name_prefix}-vault-elb"
    description = [Vault ELB]
    vpc_id = var.vpc_id
    }
  • E. resource "aws_security_group" "vault_elb" {
    name = "${var.name_prefix}-vault-elb"
    description = Vault ELB
    vpc_id = var.vpc_id
    }

Answer: A

Explanation:
When assigning a value to an argument, it must be enclosed in quotes ("...") unless it is being generated programmatically.


NEW QUESTION # 74
Which is not a benefit of running HashiCorp Vault in your environment?

  • A. Integrate with your code repository to pull secrets when deploying your applications
  • B. Act as root or intermediate certificate authority to automate the generation of PKI certificates
  • C. The ability to generate dynamic secrets for applications and resource access
  • D. Consolidate static, long-lived passwords used throughout your organization

Answer: A

Explanation:
Vault does not integrate with any VCS (Version Control System) to checkout or read code. However, It can use GitHub as an auth method.


NEW QUESTION # 75
Select the feature below that best completes the sentence:
The following list represents the different types of __________ available in Terraform.
1. max
2. min
3. join
4. replace
5. list
6. length
7. range

  • A. backends
  • B. named values
  • C. functions
  • D. data sources

Answer: C

Explanation:
The Terraform language includes a number of built-in functions that you can call from within expressions to transform and combine values. The Terraform language does not support user-defined functions, and only the functions built into the language are available for use.


NEW QUESTION # 76
What is the purpose of using the local-exec provisioner? (select two)

  • A. to execute one or more commands on the machine running Terraform
  • B. ensures that the resource is only executed in the local infrastructure where Terraform is deployed
  • C. to invoke a local executable
  • D. executes a command on the resource to invoke an update to the Terraform state

Answer: A,C


NEW QUESTION # 77
What feature of Terraform Cloud and/or Terraform Enterprise can you publish and maintain a set of custom modules which can be used within your organization?

  • A. remote runs
  • B. Terraform registry
  • C. custom VCS integration
  • D. private module registry

Answer: D

Explanation:
You can use modules from a private registry, like the one provided by Terraform Cloud. Private registry modules have source strings of the form <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>. This is the same format as the public registry, but with an added hostname prefix.


NEW QUESTION # 78
While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

  • A. JSON
  • B. TypeScript
  • C. YAML
  • D. XML

Answer: A

Explanation:
The constructs in the Terraform language can also be expressed in JSON syntax, which is harder for humans to read and edit but easier to generate and parse programmatically.


NEW QUESTION # 79
Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?

  • A. required-provider
  • B. required-version
  • C. required_providers
  • D. required_versions

Answer: C

Explanation:
For production use, you should constrain the acceptable provider versions via configuration file to ensure that new versions with breaking changes will not be automatically installed by terraform init in the future. When terraform init is run without provider version constraints, it prints a suggested version constraint string for each provider For example:
terraform {
required_providers {
aws = ">= 2.7.0"
}
}


NEW QUESTION # 80
In the example below, the depends_on argument creates what type of dependency?
1. esource "aws_instance" "example" {
2. ami = "ami-2757f631"
3. instance_type = "t2.micro"
4. depends_on = [aws_s3_bucket.company_data]
5. }

  • A. non-dependency resource
  • B. internal dependency
  • C. implicit dependency
  • D. explicit dependency

Answer: D

Explanation:
Sometimes there are dependencies between resources that are not visible to Terraform. The depends_on argument is accepted by any resource and accepts a list of resources to create explicit dependencies for.


NEW QUESTION # 81
Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

  • A. Bitbucket Cloud
  • B. GitHub Enterprise
  • C. GitHub
  • D. CVS Version Control
  • E. Azure DevOps Server

Answer: A,B,C,E

Explanation:
Terraform Cloud supports the following VCS providers:
- GitHub
- GitHub.com (OAuth)
- GitHub Enterprise
- GitLab.com
- GitLab EE and CE
- Bitbucket Cloud
- Bitbucket Server
- Azure DevOps Server
- Azure DevOps Services
https://www.terraform.io/docs/cloud/vcs/index.html#supported-vcs-providers


NEW QUESTION # 82
What is the default method of authentication after first initializing Vault?

  • A. Userpass
  • B. TLS certificates
  • C. AppRole
  • D. Tokens
  • E. GitHub
  • F. Admin account

Answer: D

Explanation:
After initializing, Vault provides the root token to the user, this is the only way to log in to Vault to configure additional auth methods.


NEW QUESTION # 83
Select the two default policies created in Vault. (select two)

  • A. root
  • B. default
  • C. admin
  • D. base
  • E. user
  • F. vault

Answer: A,B

Explanation:
Vault creates two default policies; root, and default.
The root policy cannot be deleted or modified.
The default policy is attached to all tokens, by default, however, this action can be modified if needed.


NEW QUESTION # 84
When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).

  • A. It's easier to just use the root token than to configure additional auth methods
  • B. the root token should be revoked and not used on a day-to-day basis
  • C. the root token isn't a secure way of logging into Vault
  • D. the root token is attached to the root policy, which likely provides too many privileges to a user

Answer: B,D

Explanation:
The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.


NEW QUESTION # 85
To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault

  • A. False
  • B. True

Answer: A

Explanation:
It is generally considered a best practice to not persist root tokens. Instead, a root token should be generated using Vault's operator generate-root command only when absolutely necessary.
For day-to-day operations, the root token should be deleted after configuring other auth methods which will be used by admins and Vault clients.


NEW QUESTION # 86
What command is used to renew a token, if permitted?

  • A. vault new <token-id>
  • B. vault token update
  • C. vault operator token renew
  • D. vault renew token <token-id>
  • E. vault token renew
  • F. vault update token

Answer: E

Explanation:
In order to renew a token, a user can issue a vault token renew command to extend the TTL. The token can also be renewed using the API


NEW QUESTION # 87
Which of the following policies would permit a user to generate dynamic credentials on a database?

  • A. path "database/creds/read_only_role" {
    capabilities = ["list"]
    }
  • B. path "database/creds/read_only_role" {
    capabilities = ["generate"]
    }
  • C. path "database/creds/read_only_role" {
    capabilities = ["read"]
    }
  • D. path "database/creds/read_only_role" {
    capabilities = ["sudo"]
    }

Answer: C

Explanation:
The HTTP request is a GET which corresponds to a read capability. Thus, to grant access to generate database credentials, the policy would grant read access on the appropriate path.


NEW QUESTION # 88
What could you do with the feature found in the screenshot below? (select two)

  • A. using a short TTL, you could encrypt data in order to place only the encrypted data in Vault
  • B. encrypt sensitive data to send to a colleague over email
  • C. encrypt the Vault master key that is stored in memory
  • D. use response-wrapping to protect data

Answer: B,D

Explanation:
Vault includes a feature called response wrapping. When requested, Vault can take the response it would have sent to an HTTP client and instead insert it into the cubbyhole of a single-use token, returning that single-use token instead.


NEW QUESTION # 89
Which of the following storage backends are supported by HashiCorp technical support? (select four)

  • A. Raft
  • B. Filesystem
  • C. In-Memory
  • D. DynamoDB
  • E. Consul
  • F. MySQL

Answer: A,B,C,E

Explanation:
Just to clarify, "HashiCorp supported" means, it is supported by HashiCorp's technical support, it doesn't mean that Vault supports the platform as a storage backend.
For example, DynamoDB is a valid storage backend, but it is not officially supported by HashiCorp technical support but it has got the community support.
In-Memory - HashiCorp Supported
MySQL - Community Supported
Raft - HashiCorp Supported
Dynamo DB - Community Supported
Consul - HashiCorp Supported
Filesystem - HashiCorp Supported
Check more details on below link:- https://www.vaultproject.io/docs/configuration/storage/in-memory


NEW QUESTION # 90
......


HashiCorp Certified: Vault Associate (VA-002-P) exam is available online and can be taken from anywhere in the world. It is a timed exam and consists of multiple-choice questions. VA-002-P exam is designed to be challenging, but there are many resources available to help individuals prepare. These resources include training courses, practice exams, and study guides.


HashiCorp VA-002-P certification exam is a valuable certification for IT professionals who want to specialize in the use of HashiCorp's Vault product. It validates the candidate's knowledge and skills in the use of Vault, which is a critical component of any organization's security strategy. With the increasing demand for Vault expertise, obtaining this certification can help professionals stay relevant and competitive in the industry.

 

Pass HashiCorp VA-002-P Actual Free Exam Q&As Updated Dump: https://freecert.test4sure.com/VA-002-P-exam-materials.html

Related Blogs

more
HashiCorp VA-002-P Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.