VA-002-P Exam Dumps - HashiCorp Certified: Vault Associate

When data is encrypted using Vault, the resulting ciphertext is prepended by the version of the key used to encrypt it. In this case, the version is v2, which means that the encryption key was rotated at least one time. Any data that was encrypted with the original key would have been prepended with vault:v1

To rotate a key, use the command vault write -f transit/keys//rotate

Reference link:- https://learn.hashicorp.com/vault/encryption-as-a-service/eaas-transit

The userpass auth method uses a local database that cannot interact with any services outside of the Vault instance.

It is generally considered a best practice to not persist root tokens. Instead, a root token should be generated using Vault's operator generate-root command only when absolutely necessary.

For day-to-day operations, the root token should be deleted after configuring other auth methods which will be used by admins and Vault clients.

The root token should never be used on a day-to-day basis and should always be revoked once a permanent auth method has been configured.

~> 1.2.0 will match any non-beta version of the provider between >= 1.2.0 and < 1.3.0. For example, 1.2.X

https://www.terraform.io/docs/configuration/modules.html#gt-1-2-0-1

zipmap constructs a map from a list of keys and a corresponding list of values. A map is denoted by { } whereas a list is donated by [ ].

https://www.terraform.io/docs/configuration/functions/zipmap.html

Within each datacenter, we have a mixture of clients and servers. It is expected that there be between three to five servers. This strikes a balance between availability in the case of failure and performance, as consensus gets progressively slower as more machines are added. However, there is no limit to the number of clients, and they can easily scale into the thousands or tens of thousands.

Server or Leader - It indicates whether the agent is running in server or client mode. Server nodes participate in the consensus quorum, storing cluster state, and handling queries. At any given time, the peer set elects a single node to be the leader. The leader is responsible for ingesting new log entries, replicating to followers, and managing when an entry is considered committed.

Client or Follower - Client nodes make up the majority of the cluster, and they are very lightweight as they interface with the server nodes for most operations and maintain a very little state of their own.

Reference link:- https://www.consul.io/docs/internals/architecture.html

Currently, Terraform has no mechanism to redact or protect secrets that are returned via data sources, so secrets read via this provider will be persisted into the Terraform state, into any plan files, and in some cases in the console output produced while planning and applying. These artifacts must, therefore, all be protected accordingly.