Consul-Associate Dumps Consul-Associate Braindumps Consul-Associate Real Questions Consul-Associate Practice Test Consul-Associate Actual Questions HashiCorp Consul-Associate HashiCorp Certified: Consul Associate https://killexams.com/pass4sure/exam-detail/Consul-Associate Question: 51 Which token is always assigned the Accessor ID of 00000000-0000-0000-0000-000000000002, regardless of what cluster you are working on? A. anonymous token B. Consul DNS token C. master token D. the second token created by the user Answer: A Explanation: The anonymous token is used when a request is made to Consul without specifying a bearer token. The anonymous token's description and policies may be updated but Consul will prevent this token's deletion. When created, it will be assigned 00000000-0000-0000-0000-000000000002 for its Accessor ID and anonymous for its Secret ID. https://www.consul.io/docs/acl/acl-system.html#builtin-tokens Question: 52 Complete the sentence: The main restriction on Consul's K/V store is an object's size, which can be a maximum of _______? A. 512KB B. 64KB C. 1MB D. 8KB Answer: A Explanation: The main restriction on an object is size - the maximum is 512 KB. Due to the maximum object size and main use cases, you should not need extra storage. https://www.consul.io/docs/agent/kv.html#using-consul-kv Question: 53 The LAN gossip pool provided by Serf requires that all cluster members (servers and clients) can communicate over what tcp/udp port, by default? A. 8301 B. 8300 C. 8500 D. 8600 Answer: A Explanation: LAN Serf: The Serf LAN port (TCP and UDP) requires port 8301. This port is used for all members of the datacenter to communicate. https://www.consul.io/docs/install/ports Question: 54 Complete the following sentence with the proper order of answers: Consul uses two types of certificates for encryption. Consul agent communications are secured by _________ and Consul Connect uses __________ between registered services. A. mutual TLS, TLS B. SSL, TLS C. mutual TLS, SSL D. TLS, mutual TLS Answer: D Explanation: Consul agent communications are done using TLS certificates that can be created by the built-in CA or an external CA if you need more control over certificates. Consul Connect uses mutual TLS for authorization and encryption. https://www.consul.io/docs/connect https://learn.hashicorp.com/consul/security-networking/certificates Question: 55 Your colleague has deployed a new Consul cluster, and you want to double-check the encryption key used for gossip communication. You open up an SSH session to a Consul node and type the command consul keyring -list but receive the following error. From the error message below, what is missing from the Consul agent configuration file? $ consul keyring -list ==> Gathering installed encryption keys... A. the encryption parameter with a valid of true or 1 B. the encrypt parameter and the corresponding value C. the gossip parameter and a value of true D. configuration for the tls certificate, the private key, and the CA bundle Answer: B Explanation: In the configuration file, the encrypt parameter must be used to enable gossip encryption and set the gossip encryption key. The provided key is automatically persisted to the data directory and loaded automatically whenever the agent is restarted. The fact that the key is persisted in the data directory means that in order to encrypt Consul's gossip protocol, this option only needs to be provided once on each agent's initial startup sequence. https://www.consul.io/docs/agent/options.html#_encrypt Question: 56 Which of the following are true about running Consul in development mode? (select three) A. development mode allows you to easily experiment with most of Consul's functionality B. development mode is not secure C. it is acceptable to run development mode in a production environment D. development mode is easily scalable E. development mode should never be used in a production environment Answer: A,B,E Explanation: Running Consul in development mode is not secure or scalable but does let you quickly experiment with most of Consul's functionality without extra configuration. Development mode does not use TLS to secure communications. Therefore, it is not secure. Development mode runs the Consul as an in-memory server. Therefore, it is limited to a single node and is not scalable. Because Consul dev mode runs only on a single node, it is not suited for production environments. More information on using the -dev flag to run Consul development mode can be found here. Question: 57 Select the benefits that the LAN gossip pool provides to a Consul datacenter (select three) A. reliable and fast event broadcasts B. failure detection work to be shared by the entire cluster C. automatically discover servers, reducing the amount of configuration needed D. perform cross datacenter requests Answer: A,B,C Explanation: Consul makes use of two different gossip pools. We refer to each pool as the LAN or WAN pool respectively. Each datacenter Consul operates in has a LAN gossip pool containing all members of the datacenter, both clients and servers. The LAN pool is used for a few purposes. Membership information allows clients to automatically discover servers, reducing the amount of configuration needed. The distributed failure detection allows the work of failure detection to be shared by the entire cluster instead of concentrated on a few servers. Lastly, the gossip pool allows for reliable and fast event broadcasts. https://www.consul.io/docs/internals/gossip.html#gossip-in-consul Question: 58 There are two methods for creating and distributing client certificates for Consul. What are the two? (select two) A. auto encryption B. openSSL generation C. Vault integration D. operator E. manual Answer: A,D Explanation: There are two methods for distributing client certificates, operator or auto encryption. The auto-encryption method introduced in Consul 1.5.2 alleviates the client certificate generation and distribution step for operators. This method uses the Connect CA to generate client certificates and then Consul will automatically distribute the certificates to all clients and is beneficial for large datacenters with many clients. The operator method is recommended if you need to use a third-party CA or need more fine-grained control over certificate management. https://learn.hashicorp.com/consul/security-networking/certificates#client-certificate-distribution Question: 59 A service supporting a grocery store is using Consul for service discovery. Multiple instances of the inventory service have been registered with a health check to ensure each individual instance is healthy. You've decided that you want to add a second health check to the service, so you update the agent configuration file. However, the new health check has not been registered with Consul. How can you update the Consul agent without any downtime to include the new health check? A. restart to the Consul service B. perform a consul reload C. log into the Consul UI and add the health check manually D. instruct the Consul servers to update all of the Consul client configurations Answer: B Explanation: You can update service definitions without any downtime by changing the service definition file and sending a SIGHUP to the agent or running consul reload. Alternatively, you can use the HTTP API to add, remove, and modify services dynamically. https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery#update-services Question: 60 HashiCorp Consul is a networking automation tool that provides what functionality for an organization? (select six) A. enables secure communication between services B. service configuration C. scheduling of services and containers D. provides service segmentation E. service discovery F. key/value storage G. service-mesh control plane Answer: A,B,D,E,F,G Explanation: The key features of Consul are: Service Discovery: Clients of Consul can register a service, such as api or mysql, and other clients can use Consul to discover providers of a given service. Using either DNS or HTTP, applications can easily find the services they depend upon. Health Checking: Consul clients can provide any number of health checks, either associated with a given service ("is the webserver returning 200 OK"), or with the local node ("is memory utilization below 90%"). This information can be used by an operator to monitor cluster health, and it is used by the service discovery components to route traffic away from unhealthy hosts. KV Store: Applications can make use of Consul's hierarchical key/value store for any number of purposes, including dynamic configuration, feature flagging, coordination, leader election, and more. The simple HTTP API makes it easy to use. Secure Service Communication: Consul can generate and distribute TLS certificates for services to establish mutual TLS connections. Intentions can be used to define which services are allowed to communicate. Service segmentation can be easily managed with intentions that can be changed in real-time instead of using complex network topologies and static firewall rules. Multi Datacenter: Consul supports multiple datacenters out of the box. This means users of Consul do not have to worry about building additional layers of abstraction to grow to multiple regions. Consul is designed to be friendly to both the DevOps community and application developers, making it perfect for modern, elastic infrastructures. Information obtained from the Consul website found here https://www.consul.io/intro/index.html. 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG