Consul-Associate Dumps Consul-Associate Braindumps

Consul-Associate Real Questions Consul-Associate Practice Test Consul-Associate Actual Questions


killexams.com


HashiCorp


Consul-Associate


HashiCorp Certified: Consul Associate


https://killexams.com/pass4sure/exam-detail/Consul-Associate


Question: 51


Which token is always assigned the Accessor ID of 00000000-0000-0000-0000-000000000002, regardless of what cluster you are working on?


  1. anonymous token

  2. Consul DNS token

  3. master token

  4. the second token created by the user


Answer: A


Explanation:


The anonymous token is used when a request is made to Consul without specifying a bearer token. The anonymous token's description and policies may be updated but Consul will prevent this token's deletion.


When created, it will be assigned 00000000-0000-0000-0000-000000000002 for its Accessor ID and anonymous for its Secret ID.

https://www.consul.io/docs/acl/acl-system.html#builtin-tokens


Question: 52


Complete the sentence:


The main restriction on Consul's K/V store is an object's size, which can be a maximum of ?


  1. 512KB

  2. 64KB

  3. 1MB

  4. 8KB


Answer: A


Explanation:


The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage. https://www.consul.io/docs/agent/kv.html#using-consul-kv


Question: 53


The LAN gossip pool provided by Serf requires that all cluster members (servers and clients) can communicate over what tcp/udp port, by default?

  1. 8301

  2. 8300

  3. 8500

  4. 8600


Answer: A


Explanation:


LAN Serf: The Serf LAN port (TCP and UDP) requires port 8301. This port is used for all members of the datacenter to communicate.

https://www.consul.io/docs/install/ports


Question: 54


Complete the following sentence with the proper order of answers:


Consul uses two types of certificates for encryption. Consul agent communications are secured by and Consul Connect uses between registered services.


  1. mutual TLS, TLS

  2. SSL, TLS

  3. mutual TLS, SSL

  4. TLS, mutual TLS


Answer: D


Explanation:


Consul agent communications are done using TLS certificates that can be created by the built-in CA or an external CA if you need more control over certificates.


Consul Connect uses mutual TLS for authorization and encryption. https://www.consul.io/docs/connect https://learn.hashicorp.com/consul/security-networking/certificates


Question: 55


Your colleague has deployed a new Consul cluster, and you want to double-check the encryption key used for gossip communication. You open up an SSH session to a Consul node and type the command consul keyring -list but receive the following error.


From the error message below, what is missing from the Consul agent configuration file?


$ consul keyring -list


==> Gathering installed encryption keys...


  1. the encryption parameter with a valid of true or 1

  2. the encrypt parameter and the corresponding value

  3. the gossip parameter and a value of true

  4. configuration for the tls certificate, the private key, and the CA bundle


Answer: B


Explanation:


In the configuration file, the encrypt parameter must be used to enable gossip encryption and set the gossip encryption key. The provided key is automatically persisted to the data directory and loaded automatically whenever the agent is restarted. The fact that the key is persisted in the data directory means that in order to encrypt Consul's gossip protocol, this option only needs to be provided once on each agent's initial startup sequence.


https://www.consul.io/docs/agent/options.html#_encrypt


Question: 56


Which of the following are true about running Consul in development mode? (select three)


  1. development mode allows you to easily experiment with most of Consul's functionality

  2. development mode is not secure

  3. it is acceptable to run development mode in a production environment

  4. development mode is easily scalable

  5. development mode should never be used in a production environment


Answer: A,B,E


Explanation:


Running Consul in development mode is not secure or scalable but does let you quickly experiment with most of Consul's functionality without extra configuration. Development mode does not use TLS to secure communications. Therefore, it is not secure.


Development mode runs the Consul as an in-memory server. Therefore, it is limited to a single node and is not scalable. Because Consul dev mode runs only on a single node, it is not suited for production environments.


More information on using the -dev flag to run Consul development mode can be found here.


Select the benefits that the LAN gossip pool provides to a Consul datacenter (select three)


  1. reliable and fast event broadcasts

  2. failure detection work to be shared by the entire cluster

  3. automatically discover servers, reducing the amount of configuration needed

  4. perform cross datacenter requests


Answer: A,B,C


Explanation:


Consul makes use of two different gossip pools. We refer to each pool as the LAN or WAN pool respectively. Each datacenter Consul operates in has a LAN gossip pool containing all members of the datacenter, both clients and servers. The LAN pool is used for a few purposes. Membership information allows clients to automatically discover servers, reducing the amount of configuration needed. The distributed failure detection allows the work of failure detection to be shared by the entire cluster instead


of concentrated on a few servers. Lastly, the gossip pool allows for reliable and fast event broadcasts. https://www.consul.io/docs/internals/gossip.html#gossip-in-consul


Question: 58


There are two methods for creating and distributing client certificates for Consul. What are the two? (select two)

  1. auto encryption

  2. openSSL generation

  3. Vault integration

  4. operator

  5. manual


Answer: A,D


Explanation:


There are two methods for distributing client certificates, operator or auto encryption.


The auto-encryption method introduced in Consul 1.5.2 alleviates the client certificate generation and distribution step for operators. This method uses the Connect CA to generate client certificates and then Consul will automatically distribute the certificates to all clients and is beneficial for large datacenters with many clients.


The operator method is recommended if you need to use a third-party CA or need more fine-grained control over certificate management.

https://learn.hashicorp.com/consul/security-networking/certificates#client-certificate-distribution


A service supporting a grocery store is using Consul for service discovery. Multiple instances of the inventory service have been registered with a health check to ensure each individual instance is healthy. You've decided that you want to add a second health check to the service, so you update the agent configuration file. However, the new health check has not been registered with Consul.


How can you update the Consul agent without any downtime to include the new health check?


  1. restart to the Consul service

  2. perform a consul reload

  3. log into the Consul UI and add the health check manually

  4. instruct the Consul servers to update all of the Consul client configurations


Answer: B


Explanation:


You can update service definitions without any downtime by changing the service definition file and sending a SIGHUP to the agent or running consul reload. Alternatively, you can use the HTTP API to add, remove, and modify services dynamically.


https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery#update-services


Question: 60


HashiCorp Consul is a networking automation tool that provides what functionality for an organization? (select six)


  1. enables secure communication between services

  2. service configuration

  3. scheduling of services and containers

  4. provides service segmentation

  5. service discovery

  6. key/value storage

  7. service-mesh control plane


Answer: A,B,D,E,F,G


Explanation:


The key features of Consul are:


Service Discovery: Clients of Consul can register a service, such as api or mysql, and other clients can use Consul to discover providers of a given service. Using either DNS or HTTP, applications can easily find the services they depend upon.


Health Checking: Consul clients can provide any number of health checks, either associated with a given service ("is the webserver returning 200 OK"), or with the local node ("is memory utilization below 90%"). This information can be used by an operator to monitor cluster health, and it is used by the service discovery components to route traffic away from unhealthy hosts.

KV Store: Applications can make use of Consul's hierarchical key/value store for any number of purposes, including dynamic configuration, feature flagging, coordination, leader election, and more. The simple HTTP API makes it easy to use.


Secure Service Communication: Consul can generate and distribute TLS certificates for services to establish mutual TLS connections. Intentions can be used to define which services are allowed to communicate. Service segmentation can be easily managed with intentions that can be changed in real-time instead of using complex network topologies and static firewall rules.


Multi Datacenter: Consul supports multiple datacenters out of the box. This means users of Consul do not have to worry about building additional layers of abstraction to grow to multiple regions.


Consul is designed to be friendly to both the DevOps community and application developers, making it perfect for modern, elastic infrastructures.


Information obtained from the Consul website found here https://www.consul.io/intro/index.html.