Free HashiCorp VA-002-P Practice Exam with Questions & Answers | Set: 2

Check below link for details:- https://learn.hashicorp.com/vault/operations/ops-reference-architecture

The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.

Everything in Vault is path-based including policies. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault.

Policies are deny by default, so an empty policy grants no permission in the system.

All backend system functions stored in the sys/ backend.

The system backend is a default backend in Vault that is mounted at the /sys endpoint. This endpoint cannot be disabled or moved, and is used to configure Vault and interact with many of Vault's internal features.

Vault secrets engines are used to store, generate, or encrypt data.

The KV secrets engine can store data, AWS can generate credentials, and the transit secret engine can encrypt data.

Terraform supports the #, //, and /*..*/ for commenting Terraform configuration files. Please use them when writing Terraform so both you and others who are using your code have a full understanding of what the code is intended to do.

https://www.terraform.io/docs/configuration/syntax.html#comments

A collection type allows multiple values of one other type to be grouped together as a single value. This includes a list, map, and set.

A structural type allows multiple values of several distinct types to be grouped together as a single value. This includes object and tuple.

The TOTP secrets engine generates time-based credentials according to the TOTP standard. The secrets engine can also be used to generate a new key and validate passwords generated by that key.

The TOTP secrets engine can act as both a generator (like Google Authenticator) and a provider (like the Google.com sign-in service).

As a Generator

The TOTP secrets engine can act as a TOTP code generator. In this mode, it can replace traditional TOTP generators like Google Authenticator. It provides an added layer of security since the ability to generate codes is guarded by policies and the entire process is audited.

Reference link:- https://www.vaultproject.io/docs/secrets/totp

All interactions with Vault are done through its pathing structure. If you create a policy with a wildcard, you are giving them access to any path within Vault

Terraform destroy will always prompt for confirmation before executing unless passed the -auto-approve flag.

$ terraform destroy

Do you really want to destroy all resources?

Terraform will destroy all your managed infrastructure, as shown above.

There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: