Exam:ConsulAssociate
Title:
HashiCorpCertified:Consul Associate
https://www.passcert.com/Consul-Associate.html
1.BasedupontheDNSqueryoutputbelow,selecttheanswersbelowwhicharetruestatements.(select three)
Atheretailserviceiscurrentlyunhealthyandnonodesareavailable
Btheretailserviceisrunningonthesamehostthathasbeenqueried
Ctheretailserviceisrunningandisavailable
Dthereisasingle,healthyhostrunningtheretailservice
Etheretailserviceisrunningonport8600
Answer:B,C,D
Explanation:
Thedigcommand,whichisaDNSquerytool,wasexecutedonalocalConsulserver,hencethe 127001intheinitialcommandexecutedThecommandwasrunagainstport8600,sincethatisthe defaultportthatConsullistenstoforDNSqueries.
Basedontheanswersection,youcanseethatasingleresponse,whichindicatesthattheretailserviceis runningon127.0.0.1-thesamehostasthedigcommandwasrunagainst.Inaddition,thefactthatan answerwasreturnedindicatesthattheserviceisupandrunningandpassinganyassociatedhealth checkssinceConsulwillnotreturnunhealthyhoststoaDNSquery.
https://learnhashicorpcom/consul/getting-started/services#dns-interface
2AConsulsnapshotsavesapoint-in-timesnapshotofthestateoftheConsulservers,andincludeswhat typeofdata?(selectfive)
Apreparedqueries
Bsessions
Cconsul-templatetemplates
DACLs
EauditlogofAPIrequests
FKVentries
Gtheservicecatalog
Answer:A,B,D,F,G
Explanation:
ConsulprovidesthesnapshotcommandwhichcanberunusingtheCLIortheAPI.
Thesnapshotcommandsavesapoint-in-timesnapshotofthestateoftheConsulserverswhichincludes, butisnotlimitedto:
+KVentries
+theservicecatalog
+preparedqueries
+sessions
+ACLs
https://learnhashicorpcom/consul/datacenter-deploy/backup
3Theorganizationusesaservicenamedphone-bookforhittingawebservicetolookupclientphone numbers.However,userscomplainthattheserviceiscurrentlyunavailable.YouperformamanualDNS queryoftheserviceandtheDNSresponseincludesnovalue
Whataresomereasonsthattheservicedoesnotreturnanyvalidhosts?(selectthree)
Atheservicehealthcheckshavefailedforeachregisteredinstance
B.theservicewasremovedfromConsulserviceregistry
Capreparedquerywasneverconfiguredfortheservice
Dthenodehealthcheckhasfailedforeachunderlyinghost
Answer:A,B,D
Explanation:
IfConsuldoesnotreturnavalueforaDNSlookup,itmeansthattherearenohealthyinstancesofthat serviceavailableortheservicedoesn'texistinConsulInstancesofaservicecanberemovedifaservice orhosthealthcheckfails,althoughthatinstanceisstillregisteredtoConsulbutwillnotbereturnedIfthe serviceismanuallyderegisteredfromConsul,theDNSquerywillfailaswellsinceit'snolongerregistered withtheConsulregistry
https://learnhashicorpcom/tutorials/consul/service-registration-health-checks
4ConsulusesagossipprotocolthatispoweredbySerf
Howisthiscommunicationprotectedbetweenallparticipatingserversandclients?
Asharedsecret
B.TLS
Cusernameandpassword
D.mutualTLS
Answer:A
Explanation:
Consul'sgossipprotocolisprotectedbyasymmetrickey,orasharedsecret,thatisconfiguredaspartof theconfigurationfileorinaseparatefilethatisreadwhentheConsulservicestartsForexample,you canaddtheparameter"encrypt"totheconfigurationfilewith32-byte,Base64encodedsharedsecret
AllnodesintheConsulcluster,includingWANjoineddatacenters,mustusethesameencryptionkeyAn exampleofthiskeywouldbepUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s=Furthermore,you cangeneratethis32-byte,Base64encodedsharedsecretbyusingthebuilt-incommandconsulkeygen $consulkeygen
DownloadthelatestConsulAssociateexamdumpstopassyourexameasily
pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s= Moreinformationaboutthegossipencryptioncanbefoundhere
Bytheway,theHashiCorpLearnplatformmentionedthatthekeyis16-bytes,butthatwaschanged sometimein2019inorderforSerftoencryptdatausingAES256
5TrueorFalse?Afterexecutingthecommandbelow,thetworegisteredservices(front-end&inventory) willbeabletocommunicate,assumingallotherconfigurationsarecorrect?consulintentioncreate front-endinventory
ATrue
BFalse
Answer:A
Explanation:
Whencreatinganintention,thedefaultactionisAllow,thereforetheconfigurationabovewillpermitthe front-endserviceandtheinventoryserviceforcommunication.
TocreateaDenyintention,usethe-denyflagwhenrunningthecommand(ie,consulintentioncreate front-endinventory-deny)
6.Inmostorganizations,aservicewillberunonmultiplenodestoprovideredundancyandhigh availability
Inthefollowingexample,whatisthenameoftheConsulservicethatthisservicedefinitionwillcreate?
Aweb-frontend
Bgreen
Cweb-server-health
Dweb-a
Answer:A
Explanation:
Theservicedefinitionabovewillcreateaservicenamedweb-frontend,andwillregisteranewnode
namedweb-athatwillhosttheweb-frontendservice.Aslongasthehealthcheckpasses,web-awill registerashealthyandtrafficdestinedtotheweb-frontendservicewillbedirectedtothisnode https://www.consul.io/docs/agent/checks.html
7Consulhasmanydefaultportsthatareusedforcommunication
WhatportdoesConsuluseasthedefaultportfortheUIandAPIinterfaces?
Atcp/8600
Btcp/8200
Ctcp/8500
Dudp/8500
Answer:C
Explanation:
ThedefaultportforConsulAPIandUIinterfaceistcp/8500Thiscanbeoverriddenbyusingthe-httpportflagintheconfigurationfile.
https://wwwconsulio/docs/agent/optionshtml#httpport
8Fromtheoptionsbelow,selectthefeaturesthatareavailableinConsulEnterprise,andnotavailablein theopen-sourceoffering.
AConnect(servicetoserviceauthorizationandencryption)
BOIDCauthmethod(centralizedauthentication)
CConsulsnapshotagent(automatedbackups)
DNamespaces(datacenterisolation)
ESentinel(PolicyasCode)
FAutopilot(automatedupgrades)
Answer:B,C,D,E,F
Explanation:
WhileConsuloffersaTONoffunctionalityinitsopen-source,thereareseveralfeaturesonlyavailablein EnterpriseBackinConsul16,HashiCorpopen-sourcedlotsoftheEnterprisefeaturestobettercompete withIstio.However,newerfeaturesarebeingreleasedtoEnterprise-onlycustomers,includingseveral newfeaturesinConsul17andConsul18https://wwwconsulio/docs/enterprise
Featuresinclude:
+AutomatedBackups
+AutomatedUpgrades
+EnhancedReadScalability
+RedundancyZones
+AdvancedFederationforComplexNetworkTopologies
+NetworkSegments
+Namespaces
+Sentinel
+OIDCAuthMethod
9TrueorFalse?TheConsulUIandtheAPIcanonlybeaccessedfromaConsulserveritself
Answer:B
Explanation:
Thisisfalse.TheUIandAPIareintendedtobeconsumedfromremotesystems,suchasauser's desktoporanapplicationlookingtodiscoveraremoteserviceinwhichitneedstoestablishconnectivity Inaddition,mostconsumersoftheConsulservicewouldn'tnormallyhaveaccesstoconnect(SSH)toa Consulserveranyway
10Giventhefollowingscreenshot,whatpathwouldyouusetoaccessthevalueshown?
Aapp1/config/database
Bkv/app1/config
Ckey/values/app1/config
D.app1/config
Answer:A
Explanation:
IntheUI,thekeyishighlightedinboldaboveitsvalue,thereforethepathusedtoobtainthevalueshown wouldbeapp1/config/database
11.Basedontheconfigurationfilebelow,whatdatacenterwilltheConsulagentjoinoncetheConsul servicehasstarted?
Aconsul
Bweb-dc-1
C.aws
Dus-east-1
Answer:D
Explanation:
The-datacenterparameterorcommandlineflagcontrolsthedatacenterinwhichtheagentisrunning.If notprovided,itdefaultsto"dc1"Consulhasfirst-classsupportformultipledatacenters,butitrelieson properconfiguration.NodesinthesamedatacentershouldbeonasingleLAN.
https://wwwconsulio/docs/agent/optionshtml#datacenter
12Completethesentenceusingtheanswersbelow(selecttwo):
Inproduction,youwouldrunaConsulagentineithermodeormode
Aperformance
Bclient
Cserver
Dservice
Edevelopment
Answer:B,C
Explanation:
Inproduction,youwouldruneachConsulagentineitherinserverorclientmodeIntheConsul configurationfile,youwouldusesettheparameterservertoeithertrueorfalse.
Exampleconfigurationfile:
13Fromthehealthchecksbelow,whichhealthcheckwouldbedefinedasascriptcheck?
A{"check":{"id":"web-app","name":"WebAppStatus","notes":"Webappdoesacurlinternallyevery 10seconds","ttl":"30s"}}
B{"check":{"id":"ssh","name":"SSHTCPonport22","tcp":"localhost:22","interval":"10s","timeout": "1s"}}
C{"check":{"id":"mem-util","name":"Memoryutilization","args":["/usr/local/bin/checkmempy", "-limit","256MB"],"interval":"10s","timeout":"1s"}
D{"check":{"id":"api","name":"HTTPAPIonport5000","http":"https://localhost:5000/health", "tlsskipverify":false,"method":"POST","header":{"Content-Type":"application/json"},"body": "{"method":"health"}","interval":"10s","timeout":"1s"}}
Answer:C
Explanation:
Themem-utilhealthcheckisusingapython(py)scripttoreturnaspecificmetricback,whichisthen comparedtothelimitationsetinthearguments.Thisisanexcellentwaytocustomizehealthchecksto supportmetricsthatmaynotbesupportedoutoftheboxwithConsul apiisconsideredtobeanHTTPcheck
sshisatcpcheck
web-appisaTTLcheck
https://wwwconsulio/docs/agent/checkshtml