Exam Code : Consul-Associate
Exam Name : HashiCorp Certified: Consul Associate
Vendor Name :
"HashiCorp"
Consul-Associate Dumps Consul-Associate Braindumps
Consul-Associate Real Questions Consul-Associate Practice Test Consul-Associate Actual Questions
killexams.com
HashiCorp Certified: Consul Associate
https://killexams.com/pass4sure/exam-detail/Consul-Associate
Which token is always assigned the Accessor ID of 00000000-0000-0000-0000-000000000002, regardless of what cluster you are working on?
anonymous token
Consul DNS token
master token
the second token created by the user
Explanation:
The anonymous token is used when a request is made to Consul without specifying a bearer token. The anonymous token's description and policies may be updated but Consul will prevent this token's deletion.
When created, it will be assigned 00000000-0000-0000-0000-000000000002 for its Accessor ID and anonymous for its Secret ID.
https://www.consul.io/docs/acl/acl-system.html#builtin-tokens
Complete the sentence:
The main restriction on Consul's K/V store is an object's size, which can be a maximum of ?
512KB
64KB
1MB
8KB
Explanation:
The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage. https://www.consul.io/docs/agent/kv.html#using-consul-kv
The LAN gossip pool provided by Serf requires that all cluster members (servers and clients) can communicate over what tcp/udp port, by default?
8301
8300
8500
8600
Explanation:
LAN Serf: The Serf LAN port (TCP and UDP) requires port 8301. This port is used for all members of the datacenter to communicate.
https://www.consul.io/docs/install/ports
Complete the following sentence with the proper order of answers:
Consul uses two types of certificates for encryption. Consul agent communications are secured by and Consul Connect uses between registered services.
mutual TLS, TLS
SSL, TLS
mutual TLS, SSL
TLS, mutual TLS
Explanation:
Consul agent communications are done using TLS certificates that can be created by the built-in CA or an external CA if you need more control over certificates.
Consul Connect uses mutual TLS for authorization and encryption. https://www.consul.io/docs/connect https://learn.hashicorp.com/consul/security-networking/certificates
Your colleague has deployed a new Consul cluster, and you want to double-check the encryption key used for gossip communication. You open up an SSH session to a Consul node and type the command consul keyring -list but receive the following error.
From the error message below, what is missing from the Consul agent configuration file?
$ consul keyring -list
==> Gathering installed encryption keys...
the encryption parameter with a valid of true or 1
the encrypt parameter and the corresponding value
the gossip parameter and a value of true
configuration for the tls certificate, the private key, and the CA bundle
Explanation:
In the configuration file, the encrypt parameter must be used to enable gossip encryption and set the gossip encryption key. The provided key is automatically persisted to the data directory and loaded automatically whenever the agent is restarted. The fact that the key is persisted in the data directory means that in order to encrypt Consul's gossip protocol, this option only needs to be provided once on each agent's initial startup sequence.
https://www.consul.io/docs/agent/options.html#_encrypt
Which of the following are true about running Consul in development mode? (select three)
development mode allows you to easily experiment with most of Consul's functionality
development mode is not secure
it is acceptable to run development mode in a production environment
development mode is easily scalable
development mode should never be used in a production environment
Explanation:
Running Consul in development mode is not secure or scalable but does let you quickly experiment with most of Consul's functionality without extra configuration. Development mode does not use TLS to secure communications. Therefore, it is not secure.
Development mode runs the Consul as an in-memory server. Therefore, it is limited to a single node and is not scalable. Because Consul dev mode runs only on a single node, it is not suited for production environments.
More information on using the -dev flag to run Consul development mode can be found here.
Select the benefits that the LAN gossip pool provides to a Consul datacenter (select three)
reliable and fast event broadcasts
failure detection work to be shared by the entire cluster
automatically discover servers, reducing the amount of configuration needed
perform cross datacenter requests
Explanation:
Consul makes use of two different gossip pools. We refer to each pool as the LAN or WAN pool respectively. Each datacenter Consul operates in has a LAN gossip pool containing all members of the datacenter, both clients and servers. The LAN pool is used for a few purposes. Membership information allows clients to automatically discover servers, reducing the amount of configuration needed. The distributed failure detection allows the work of failure detection to be shared by the entire cluster instead
of concentrated on a few servers. Lastly, the gossip pool allows for reliable and fast event broadcasts. https://www.consul.io/docs/internals/gossip.html#gossip-in-consul
There are two methods for creating and distributing client certificates for Consul. What are the two? (select two)
auto encryption
openSSL generation
Vault integration
operator
manual
Explanation:
There are two methods for distributing client certificates, operator or auto encryption.
The auto-encryption method introduced in Consul 1.5.2 alleviates the client certificate generation and distribution step for operators. This method uses the Connect CA to generate client certificates and then Consul will automatically distribute the certificates to all clients and is beneficial for large datacenters with many clients.
The operator method is recommended if you need to use a third-party CA or need more fine-grained control over certificate management.
https://learn.hashicorp.com/consul/security-networking/certificates#client-certificate-distribution
A service supporting a grocery store is using Consul for service discovery. Multiple instances of the inventory service have been registered with a health check to ensure each individual instance is healthy. You've decided that you want to add a second health check to the service, so you update the agent configuration file. However, the new health check has not been registered with Consul.
How can you update the Consul agent without any downtime to include the new health check?
restart to the Consul service
perform a consul reload
log into the Consul UI and add the health check manually
instruct the Consul servers to update all of the Consul client configurations
Explanation:
You can update service definitions without any downtime by changing the service definition file and sending a SIGHUP to the agent or running consul reload. Alternatively, you can use the HTTP API to add, remove, and modify services dynamically.
https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery#update-services
HashiCorp Consul is a networking automation tool that provides what functionality for an organization? (select six)
enables secure communication between services
service configuration
scheduling of services and containers
provides service segmentation
service discovery
key/value storage
service-mesh control plane
Explanation:
The key features of Consul are:
Service Discovery: Clients of Consul can register a service, such as api or mysql, and other clients can use Consul to discover providers of a given service. Using either DNS or HTTP, applications can easily find the services they depend upon.
Health Checking: Consul clients can provide any number of health checks, either associated with a given service ("is the webserver returning 200 OK"), or with the local node ("is memory utilization below 90%"). This information can be used by an operator to monitor cluster health, and it is used by the service discovery components to route traffic away from unhealthy hosts.
KV Store: Applications can make use of Consul's hierarchical key/value store for any number of purposes, including dynamic configuration, feature flagging, coordination, leader election, and more. The simple HTTP API makes it easy to use.
Secure Service Communication: Consul can generate and distribute TLS certificates for services to establish mutual TLS connections. Intentions can be used to define which services are allowed to communicate. Service segmentation can be easily managed with intentions that can be changed in real-time instead of using complex network topologies and static firewall rules.
Multi Datacenter: Consul supports multiple datacenters out of the box. This means users of Consul do not have to worry about building additional layers of abstraction to grow to multiple regions.
Consul is designed to be friendly to both the DevOps community and application developers, making it perfect for modern, elastic infrastructures.
Information obtained from the Consul website found here https://www.consul.io/intro/index.html.