1 / 8

HashiCorp Certified Consul Associate Exam Dumps

By studying HashiCorp Certified Consul Associate Exam Dumps, you can be confident that you have what it takes to pass your exam and achieve your certification goals.

victoriameisel
Télécharger la présentation

HashiCorp Certified Consul Associate Exam Dumps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Download the latest Consul Associate exam dumps to pass your exam easily Exam : Consul Associate Title : HashiCorp Certified: Consul Associate https://www.passcert.com/Consul-Associate.html 1 / 8

  2. Download the latest Consul Associate exam dumps to pass your exam easily 1.Based upon the DNS query output below, select the answers below which are true statements. (select three) A. the retail service is currently unhealthy and no nodes are available B. the retail service is running on the same host that has been queried C. the retail service is running and is available D. there is a single, healthy host running the retail service E. the retail service is running on port 8600 Answer: B,C,D Explanation: The dig command, which is a DNS query tool, was executed on a local Consul server, hence the 127.0.0.1 in the initial command executed. The command was run against port 8600, since that is the default port that Consul listens to for DNS queries. Based on the answer section, you can see that a single response, which indicates that the retail service is running on 127.0.0.1 - the same host as the dig command was run against. In addition, the fact that an answer was returned indicates that the service is up and running and passing any associated health checks since Consul will not return unhealthy hosts to a DNS query. https://learn.hashicorp.com/consul/getting-started/services#dns-interface 2.A Consul snapshot saves a point-in-time snapshot of the state of the Consul servers, and includes what type of data? (select five) A. prepared queries B. sessions C. consul-template templates D. ACLs E. audit log of API requests F. KV entries G. the service catalog 2 / 8

  3. Download the latest Consul Associate exam dumps to pass your exam easily Answer: A,B,D,F,G Explanation: Consul provides the snapshot command which can be run using the CLI or the API. The snapshot command saves a point-in-time snapshot of the state of the Consul servers which includes, but is not limited to: + KV entries + the service catalog + prepared queries + sessions + ACLs https://learn.hashicorp.com/consul/datacenter-deploy/backup 3.The organization uses a service named phone-book for hitting a web service to lookup client phone numbers. However, users complain that the service is currently unavailable. You perform a manual DNS query of the service and the DNS response includes no value. What are some reasons that the service does not return any valid hosts? (select three) A. the service health checks have failed for each registered instance B. the service was removed from Consul service registry C. a prepared query was never configured for the service D. the node health check has failed for each underlying host Answer: A,B,D Explanation: If Consul does not return a value for a DNS lookup, it means that there are no healthy instances of that service available or the service doesn't exist in Consul. Instances of a service can be removed if a service or host health check fails, although that instance is still registered to Consul but will not be returned. If the service is manually deregistered from Consul, the DNS query will fail as well since it's no longer registered with the Consul registry. https://learn.hashicorp.com/tutorials/consul/service-registration-health-checks 4.Consul uses a gossip protocol that is powered by Serf. How is this communication protected between all participating servers and clients? A. shared secret B. TLS C. username and password D. mutual TLS Answer: A Explanation: Consul's gossip protocol is protected by a symmetric key, or a shared secret, that is configured as part of the configuration file or in a separate file that is read when the Consul service starts. For example, you can add the parameter "encrypt" to the configuration file with 32-byte, Base64 encoded shared secret. All nodes in the Consul cluster, including WAN joined datacenters, must use the same encryption key. An example of this key would be pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s= Furthermore, you can generate this 32-byte, Base64 encoded shared secret by using the built-in command consul keygen $ consul keygen 3 / 8

  4. Download the latest Consul Associate exam dumps to pass your exam easily pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s= More information about the gossip encryption can be found here. By the way, the HashiCorp Learn platform mentioned that the key is 16-bytes, but that was changed sometime in 2019 in order for Serf to encrypt data using AES256 5.True or False? After executing the command below, the two registered services (front-end & inventory) will be able to communicate, assuming all other configurations are correct? consul intention create front-end inventory A. True B. False Answer: A Explanation: When creating an intention, the default action is Allow, therefore the configuration above will permit the front-end service and the inventory service for communication. To create a Deny intention, use the -deny flag when running the command (i.e, consul intention create front-end inventory -deny) 6.In most organizations, a service will be run on multiple nodes to provide redundancy and high availability. In the following example, what is the name of the Consul service that this service definition will create? A. web-frontend B. green C. web-server-health D. web-a Answer: A Explanation: The service definition above will create a service named web-frontend, and will register a new node 4 / 8

  5. Download the latest Consul Associate exam dumps to pass your exam easily named web-a that will host the web-frontend service. As long as the health check passes, web-a will register as healthy and traffic destined to the web-frontend service will be directed to this node. https://www.consul.io/docs/agent/checks.html 7.Consul has many default ports that are used for communication. What port does Consul use as the default port for the UI and API interfaces? A. tcp/8600 B. tcp/8200 C. tcp/8500 D. udp/8500 Answer: C Explanation: The default port for Consul API and UI interface is tcp/8500. This can be overridden by using the -http- port flag in the configuration file. https://www.consul.io/docs/agent/options.html#_http_port 8.From the options below, select the features that are available in Consul Enterprise, and not available in the open-source offering. A. Connect (service to service authorization and encryption) B. OIDC auth method (centralized authentication) C. Consul snapshot agent (automated backups) D. Namespaces (datacenter isolation) E. Sentinel (Policy as Code) F. Autopilot (automated upgrades) Answer: B,C,D,E,F Explanation: While Consul offers a TON of functionality in its open-source, there are several features only available in Enterprise. Back in Consul 1.6, HashiCorp open-sourced lots of the Enterprise features to better compete with Istio. However, newer features are being released to Enterprise-only customers, including several new features in Consul 1.7 and Consul 1.8. https://www.consul.io/docs/enterprise Features include: + Automated Backups + Automated Upgrades + Enhanced Read Scalability + Redundancy Zones + Advanced Federation for Complex Network Topologies + Network Segments + Namespaces + Sentinel + OIDC Auth Method 9.True or False? The Consul UI and the API can only be accessed from a Consul server itself. A. True B. False 5 / 8

  6. Download the latest Consul Associate exam dumps to pass your exam easily Answer: B Explanation: This is false. The UI and API are intended to be consumed from remote systems, such as a user's desktop or an application looking to discover a remote service in which it needs to establish connectivity. In addition, most consumers of the Consul service wouldn't normally have access to connect (SSH) to a Consul server anyway. 10.Given the following screenshot, what path would you use to access the value shown? A. app1/config/database B. kv/app1/config C. key/values/app1/config D. app1/config Answer: A Explanation: In the UI, the key is highlighted in bold above its value, therefore the path used to obtain the value shown would be app1/config/database 11.Based on the configuration file below, what datacenter will the Consul agent join once the Consul service has started? 6 / 8

  7. Download the latest Consul Associate exam dumps to pass your exam easily A. consul B. web-dc-1 C. aws D. us-east-1 Answer: D Explanation: The -datacenter parameter or command line flag controls the datacenter in which the agent is running. If not provided, it defaults to "dc1". Consul has first-class support for multiple datacenters, but it relies on proper configuration. Nodes in the same datacenter should be on a single LAN. https://www.consul.io/docs/agent/options.html#_datacenter 12.Complete the sentence using the answers below (select two): In production, you would run a Consul agent in either ______ mode or ______ mode. A. performance B. client C. server D. service E. development Answer: B,C Explanation: In production, you would run each Consul agent in either in server or client mode. In the Consul configuration file, you would use set the parameter server to either true or false. Example configuration file: 7 / 8

  8. Download the latest Consul Associate exam dumps to pass your exam easily 13.From the health checks below, which health check would be defined as a script check? A. { "check": { "id": "web-app", "name": "Web App Status", "notes": "Web app does a curl internally every 10 seconds", "ttl": "30s" }} B. { "check": { "id": "ssh", "name": "SSH TCP on port 22", "tcp": "localhost:22", "interval": "10s", "timeout": "1s" } } C. { "check": { "id": "mem-util", "name": "Memory utilization", "args": ["/usr/local/bin/check_mem.py", "-limit", "256MB"], "interval": "10s", "timeout": "1s" } D. { "check": { "id": "api", "name": "HTTPAPI on port 5000", "http": "https://localhost:5000/health", "tls_skip_verify": false, "method": "POST", "header": {"Content-Type": "application/json"}, "body": "{"method":"health"}", "interval": "10s", "timeout": "1s" } } Answer: C Explanation: The mem-util health check is using a python (.py) script to return a specific metric back, which is then compared to the limitation set in the arguments. This is an excellent way to customize health checks to support metrics that may not be supported out of the box with Consul. api is considered to be an HTTP check ssh is a tcp check web-app is a TTL check https://www.consul.io/docs/agent/checks.html 8 / 8

More Related