HashiCorp HashiCorp Certifications VA-002-P Questions & Answers

• Question 81:

  What are some of the problems of how infrastructure was traditionally managed before Infrastructure as Code? (select three)

  A. Requests for infrastructure or hardware required a ticket, increasing the time required to deploy applications

  B. Traditional deployment methods are not able to meet the demands of the modern business where resources tend to live days to weeks, rather than months to years

  C. Traditionally managed infrastructure can't keep up with cyclic or elastic applications

  D. Pointing and clicking in a management console is a scalable approach and reduces human error as businesses are moving to a multi-cloud deployment model

  Correct Answer: ABC

  Businesses are making a transition where traditionally-managed infrastructure can no longer meet the demands of today's businesses. IT organizations are quickly adopting the public cloud, which is predominantly API-driven. To meet customer demands and save costs, application teams are architecting their applications to support a much higher level of elasticity, supporting technology like containers and public cloud resources. These resources may only live for a matter of hours; therefore the traditional method of raising a ticket to request resources is no longer a viable option Pointing and clicking in a management console is NOT scale and increases the change of human error.

• Question 82:

  What are the benefits of using Infrastructure as Code? (select five)

  A. Infrastructure as Code easily replaces development languages such as Go and .Net for application development

  B. Infrastructure as Code allows a user to turn a manual task into a simple, automated deployment

  C. Infrastructure as Code is relatively simple to learn and write, regardless of a user's prior experience with developing code

  D. Infrastructure as Code is easily repeatable, allowing the user to reuse code to deploy similar, yet different resources E. Infrastructure as Code provides configuration consistency and standardization among deployments

  F. Infrastructure as Code gives the user the ability to recreate an application's infrastructure for disaster recovery scenarios

  Correct Answer: BCDEF

  If you are new to infrastructure as code as a concept, it is the process of managing infrastructure in a file or files rather than manually configuring resources in a user interface. A resource in this instance is any piece of infrastructure in a given environment, such as a virtual machine, security group, network interface, etc. At a high level, Terraform allows operators to use HCL to author files containing definitions of their desired resources on almost any provider (AWS, GCP, GitHub, Docker, etc) and automates the creation of those resources at the time of application.

• Question 83:

  In regards to Terraform state file, select all the statements below which are correct: (select four)

  A. storing state remotely can provide better security

  B. the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access

  C. Terraform Cloud always encrypts state at rest

  D. using the mask feature, you can instruct Terraform to mask sensitive data in the state file

  E. when using local state, the state file is stored in plain-text

  F. the state file is always encrypted at rest

  Correct Answer: ABCE

  Terraform state can contain sensitive data, depending on the resources in use and your definition of "sensitive." The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords. When using local state, state is stored in plain-text JSON files. If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data. Storing Terraform state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when remote state is in use, and some backends can be configured to encrypt the state data at rest.

• Question 84:

  What Terraform feature is shown in the example below?

  1.

  resource "aws_security_group" "example" {

  2.

  name = "sg-app-web-01"

  3.

  dynamic "ingress" {

  4.

  for_each = var.service_ports

  5.

  content {

  6.

  from_port = ingress.value

  7.

  to_port = ingress.value

  8.

  protocol = "tcp"

  9.

  }

  10.

  }

  11.

  }

  A. data source

  B. dynamic block

  C. local values

  D. conditional expression

  Correct Answer: B

  You can dynamically construct repeatable nested blocks like ingress using a special dynamic block type, which is supported inside resource, data, provider, and provisioner blocks

• Question 85:

  True or False:

  Multiple providers can be declared within a single Terraform configuration file.

  A. False

  B. True

  Correct Answer: B

  Multiple provider blocks can exist if a Terraform configuration is composed of multiple providers, which is a common situation. To add multiple providers in your configuration, declare the providers, and create resources associated with those providers.

• Question 86:

  Which of the following best describes the default local backend?

  A. The local backend stores state on the local filesystem locks the state using system APIs and performs operations locally.

  B. The local backend is the directory where resources deployed by Terraform have direct access to in order to update their current state

  C. The local backend is how Terraform connects to public cloud services, such as AWS, Azure, or GCP.

  D. The local backend is where Terraform Enterprise stores logs to be processed by a log collector

  Correct Answer: A

  Information on the default local backend can be found at this link.

  Example:

  terraform {

  backend "local" {

  path = "relative/path/to/terraform.tfstate"

  }

  }

• Question 87:

  Select two answers to complete the following sentence:

  Before a new provider can be used, it must be ______ and _______.

  A. approved by HashiCorp

  B. declared in the configuration

  C. initialized

  D. uploaded to source control

  Correct Answer: BC

  Each time a new provider is added to configuration -- either explicitly via a provider block or by adding a resource from that provider -- Terraform must initialize the provider before it can be used. Initialization downloads and installs the provider's plugin so that it can later be executed.

• Question 88:

  When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (select three)

  A. directly querying HashiCorp Vault for the secrets

  B. command-line key/value pairs

  C. use the -backend-config=PATH to specify a separate config file

  D. interactively on the command line

  Correct Answer: BCD

  You do not need to specify every required argument in the backend configuration. Omitting certain arguments may be desirable to avoid storing secrets, such as access keys, within the main configuration. When some or all of the arguments are omitted, we call this a partial configuration. With a partial configuration, the remaining configuration arguments must be provided as part of the initialization process. There are several ways to supply the remaining arguments: Interactively: Terraform will interactively ask you for the required values unless interactive input is disabled. Terraform will not prompt for optional values. File: A configuration file may be specified via the init command line. To specify a file, use the - backend-config=PATH option when running terraform init. If the file contains secrets it may be kept in a secure data store, such as Vault, in which case it must be

  downloaded to the local disk before running Terraform.

  Command-line key/value pairs: Key/value pairs can be specified via the init command line. Note that many

  shells retain command-line flags in a history file, so this isn't recommended for secrets. To specify a single

  key/value pair, use the -backend-config="KEY=VALUE" option when running terraform init.

• Question 89:

  Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?

  A. terraform fmt

  B. terraform destroy

  C. terraform taint

  D. terraform refresh

  Correct Answer: C

  The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. This command will not modify infrastructure but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated. The next terraform apply will implement this change.

• Question 90:

  In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?

  A. regular expressions

  B. module

  C. input parameters

  D. output value

  Correct Answer: C

  Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module's own source code, and allowing modules to be shared between different configurations.