EMT Practice Test

1. Question Content...


Question List

Question1: The security barrier protects all of the following Vault components except ___.

Question2: What is the purpose of using the local-exec provisioner? (select two)

Question3: What is the purpose of using the local-exec provisioner? (select two)

Question4: Select two answers to complete the following sentence:
Before a new provider can be used, it must be ______ and _______.

Question5: When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:

Question6: You've logged into the Vault CLI and attempted to enable an auth method, but received this error message. What can be done to resolve the error and configure Vault?
Error enabling userpass auth: Post https://127.0.0.1:8200/v1/sys/auth/userpass: http: server gave HTTP response to HTTPS client

Question7: In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently?

Question8: Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?

Question9: Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)

Question10: True or False?
terraform init cannot automatically download Community providers.

Question11: An administrator wants to create a new KV mount for individual users to maintain their own secrets but needs a way to simplify the policy so they don't need to write a new one for each new user? With the requirements listed below, what would such a policy look like?
Requirement: Each user can perform all operations on their allocated key/value secret path

Question12: Which of the following best describes a token accessor?

Question13: Terraform Enterprise (also referred to as pTFE) requires what type of backend database for a clustered deployment?

Question14: Complete the following sentence:
For the local state, the workspaces are stored directly in a...

Question15: After executing a terraform apply, you notice that a resource has a tilde (~) next to it. What does this infer?

Question16: In regards to using a K/V v2 secrets engine, select the three correct statements below: (select three)

Question17: After encrypting data using the transit secrets engine, you've received the following output. Which of the following is true based upon the output?
1. Key Value
2. --- -----
3. ciphertext vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3

Question18: In the example below, the depends_on argument creates what type of dependency?
1. esource "aws_instance" "example" {
2. ami = "ami-2757f631"
3. instance_type = "t2.micro"
4. depends_on = [aws_s3_bucket.company_data]
5. }

Question19: Select the policies below that permit you to create a new entry of foo=bar at the path /secrets/apps/my_secret (select three)

Question20: Select all features which are exclusive to Terraform Enterprise. (select three)

Question21: After decrypting data using the transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?
1. $ vault write transit/decrypt/creditcard\ ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \
2.
3. Key Value
4. --- -----
5. plaintext Y3JlZGl0LWNhcmQtbnVtYmVyCg==

Question22: After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?
1. $ vault kv delete kv/applications/app01
2. Success! Data deleted (if it existed) at: kv/applications/app01
3. $ vault kv list kv/applications
4. Keys
5. ----
6. app01

Question23: Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

Question24: True or False:
Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to include the features of a KV v2 secrets engine.

Question25: From the options below, select the benefits of using a batch token over a service token. (select three)

Question26: What system endpoint can you query to determine which node is the leader of a cluster?

Question27: While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?

Question28: True or False:
Multiple providers can be declared within a single Terraform configuration file.

Question29: Which of the following best describes a Terraform provider?

Question30: What is the result of the following terraform function call?
zipmap(["a", "b"], [1, 2])

Question31: After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?

Question32: By default, where does Terraform store its state file?

Question33: What is the result of the following terraform function call?
lookup({a="hello", b="goodbye"}, "c", "what?")

Question34: Vault does not trust the storage backend.

Question35: When configuring Vault replication and monitoring its status, you keep seeing something called 'WALs'. What are WALs?

Question36: Which of the following best describes the default local backend?

Question37: Which of the following cloud providers are not supported by Vault secrets engines?

Question38: What type of policy is shown below?
1. key_prefix "vault/" {
2. policy = "write"
3. }
4. node_prefix "" {
5. policy = "write"
6. }
7. service "vault" {
8. policy = "write"
9. }
10. agent_prefix "" {
11. policy = "write"
12. }
13. session_prefix "" {
14. policy = "write"
15. }

Question39: Which of the following secrets engine can generate dynamic credentials? (select three)

Question40: A Vault client who has read access to the path secrets/apps/app1 is having trouble viewing the secret in the user interface (UI) but can access via the API. What can be done to resolve this issue?

Question41: You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource's current state, what must you do in order to prepare to manage these resources using Terraform?

Question42: Which of the following actions are performed during a terraform init? (select three)

Question43: Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?

Question44: True or False:
Similar to how Vault works with databases and cloud providers, the Active Directory secrets engine dynamically generates the account and password for the requesting Vault client.

Question45: What is the result of the following Vault command?
vault auth enable userpass

Question46: When using parent/child modules to deploy infrastructure, how would you export value from one module to import into another module?
For example, a module dynamically deploys an application instance or virtual machine, and you need the IP address in another module to configure a related DNS record in order to reach the newly deployed application.

Question47: Which statements best describes what the local variable assignment is doing in the following code snippet:
1. variable "subnet_details" {
2. type = list(object({
3. cidr = string
4. subnet_name = string
5. route_table_name = string
6. aznum = number
7. }))
8. }
9. locals {
10. route_tables_all = distinct([for s in var.subnet_details : s.route_table_name ])
11. }

Question48: When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required?

Question49: What is the proper command to enable the AWS secrets engine at the default path?

Question50: Select the feature below that best completes the sentence:
The following list represents the different types of __________ available in Terraform.
1. max
2. min
3. join
4. replace
5. list
6. length
7. range

Question51: By default, the max TTL for a token is how many days?

Question52: If a client is currently assigned the following policy, what additional policy can be added to ensure they cannot access the data stored at secret/apps/confidential but still, read all other secrets?

Question53: Select the most accurate statement to describe the Terraform language from the following list.

Question54: From the code below, identify the implicit dependency:
1. resource "aws_eip" "public_ip" {
2. vpc = true
3. instance = aws_instance.web_server.id
4. }
5. resource "aws_instance" "web_server" {
6. ami = "ami-2757f631"
7. instance_type = "t2.micro"
8. depends_on = [aws_s3_bucket.company_data]
9. }

Question55: Anyone can publish and share modules on the Terraform Public Module Registry, and meeting the requirements for publishing a module is extremely easy. Select from the following list all valid requirements. (select three)

Question56: Vault policies are deny by default

Question57: Terraform-specific settings and behaviors are declared in which configuration block type?

Question58: After creating a dynamic credential on a database, the DBA accidentally deletes the credentials on the database itself. When attempting to remove the lease, Vault returns an error stating that the credential cannot be found. What command can be run to coerce Vault to remove the secret?

Question59: Given the policy below, what would the user be able to access?
1. path "*" {
2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]
3. }

Question60: What is the Consul Agent?

Question61: What does the command terraform fmt do?