{"id":81578,"date":"2022-03-23T02:50:03","date_gmt":"2022-03-23T08:20:03","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=81578"},"modified":"2023-09-05T06:18:51","modified_gmt":"2023-09-05T11:48:51","slug":"hashicorp-consul-associate-certification-questions","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/","title":{"rendered":"Free Questions on HashiCorp Consul Associate Certification Exam"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Cloud Engineers make use of the <a href=\"https:\/\/www.whizlabs.com\/hashicorp-certified-consul-associate\/\">HashiCorp Consul Associate certification<\/a> to attest their Networking Automation Skills. You are at a plus point if you have a good understanding of the basic skills and concepts required in the building, security, and maintenance of the open-source HashiCorp Consul.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These free test questions provided here are for your assessment of the <strong>HashiCorp Consul Associate exam<\/strong> and help you with your preparation.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter\" >Domain: Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter-2\" >Domain : Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter-3\" >Domain: Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter-4\" >Domain : Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter-5\" >Domain : Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Deploy_a_single_datacenter-6\" >Domain : Deploy a single datacenter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_services_with_basic_access_control_lists_ACL\" >Domain : Secure services with basic access control lists (ACL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_services_with_basic_access_control_lists_ACL-2\" >Domain : Secure services with basic access control lists (ACL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_services_with_basic_access_control_lists_ACL-3\" >Domain : Secure services with basic access control lists (ACL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_services_with_basic_access_control_lists_ACL-4\" >Domain : Secure services with basic access control lists (ACL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_services_with_basic_access_control_lists_ACL-5\" >Domain : Secure services with basic access control lists (ACL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_agent_communication\" >Domain : Secure agent communication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_agent_communication-2\" >Domain : Secure agent communication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_agent_communication-3\" >Domain : Secure agent communication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Secure_agent_communication-4\" >Domain :\u00a0 Secure agent communication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Register_services_and_use_service_discovery\" >Domain : Register services and use service discovery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Register_services_and_use_service_discovery-2\" >Domain : Register services and use service discovery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Register_services_and_use_service_discovery-3\" >Domain : Register services and use service discovery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Register_services_and_use_service_discovery-4\" >Domain : Register services and use service discovery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Register_services_and_use_service_discovery-5\" >Domain : Register services and use service discovery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV\" >Domain : Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV-2\" >Domain : Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV-3\" >Domain : Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV-4\" >Domain : Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV-5\" >Domain : Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Explain_Consul_Architecture\" >Domain: Explain Consul Architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Explain_Consul_Architecture-2\" >Domain: Explain Consul Architecture\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Explain_Consul_Architecture-3\" >Domain: Explain Consul Architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#Domain_Access_the_Consul_keyvalue_KV-6\" >Domain: Access the Consul key\/value (KV)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.whizlabs.com\/blog\/hashicorp-consul-associate-certification-questions\/#_Domain_Access_the_Consul_keyvalue_KV\" >\u00a0Domain: Access the Consul key\/value (KV)<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter\"><\/span>Domain: Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q1 : Environment variables can be used to configure the Consul client and they can be used when running other consul CLI commands that connect with a running agent.<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Environment variables cannot be used to configure the Consul client. They can be used when running other consul CLI commands that connect with a running agent,\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">e.g. CONSUL_HTTP_ADDR=192.168.0.1:8500 consul members..<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/agent\/options#environment-variables\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/agent\/options#environment-variables<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<figure style=\"width: 738px\" class=\"wp-caption alignnone\"><img decoding=\"async\" title=\"Creating Consul Data Center\" src=\"https:\/\/embedwistia-a.akamaihd.net\/deliveries\/24a861610734af2f62126f443c19fdfe.webp?image_crop_resized=960x540\" alt=\"Creating Consul Data Center\" width=\"738\" height=\"415\" \/><figcaption class=\"wp-caption-text\">Source: learn.hashicorp.com<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter-2\"><\/span>Domain : Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q2 : Consider the given command and select 3 correct options:<\/em><br \/>\n<em>consul agent -data-dir=\/tmp\/consul -dev<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Agent will be started in the local instance<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Agent will refer the configuration files from the directory \/tmp\/consul<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Agent will work in the development server mode<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Agent state data will be stored in the directory \/tmp\/consul<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Agent details will be persisted in the local instance<\/span><\/p>\n<p><b>Correct Answers: A, C and D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The given command will start an agent in dev mode and stores agent state data in the tmp\/consul directory<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. The agent will be started in the local instance using the command consul agent.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The \u2013config-dir flag is used to mention the directory that will have the configuration files to load. But \u2013data-dir is used in the provided command.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. The \u2013dev flag will enable development server mode.\u00a0<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. The \u2013data-dir flag provides a data directory for the agent to store state. This is required for all agents.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. The \u2013dev flag is useful for quickly starting a Consul agent with all persistence options turned off, enabling an in-memory server. This mode is not intended for production use as it does not write any data to disk.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/agent#starting-the-consul-agent\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/agent#starting-the-consul-agent<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter-3\"><\/span>Domain: Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q3 : Which of the following options is used to control the script checks defined in the local configuration files?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>enable_script_checks<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>enable_local_script_checks<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>allow_script_checks<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>allow_local_script_checks<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The option enable_local_script_checks is used to enable script checks defined in local config files. Script checks defined via the HTTP API are not allowed.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. The option enable_script_checks controls whether health checks that execute scripts are enabled on this agent, and defaults to false so operators must opt-in to allowing these.<\/span><br \/>\n<b>Option B is correct<\/b><span style=\"font-weight: 400;\">. The option enable_local_script_checks is used to enable script checks defined in local config files. Script checks defined via the HTTP API will not be allowed.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such option called allow_script_checks for the command consul agent.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such option called allow_local_script_checks for the command consul agent.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/agent\/options#_enable_local_script_checks\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/agent\/options#_enable_local_script_checks\u00a0<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter-4\"><\/span>Domain : Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q4 : You are attempting to connect to a Consul agent and you are getting the below error:<\/em><br \/>\n<em>Error querying agent: malformed HTTP response<\/em><br \/>\n<em>Net\/http: HTTP\/1.x transport connection broken: malformed HTTP response &#8220;\\x15\\x03\\x01\\x00\\x02\\x02&#8221;<\/em><br \/>\n<em>Which of the following option(s) can be used to fix the issue?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>By specifying &#8220;https&#8221; in the -http-addr flag<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>By specifying &#8220;https&#8221; in the CONSUL_HTTP_ADDR environment variable<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>By specifying &#8220;https&#8221; in the CONSUL_HTTP_SSL environment variable<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>By changing the URI scheme to &#8220;https&#8221;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>By specifying &#8220;https&#8221; in the CONSUL_HTTP_AUTH environment variable<\/span><\/p>\n<p><b>Correct Answers: A, B and D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">These errors will occur when we try to connect to a Consul agent with HTTP on a port that has been configured for HTTPS.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These errors could be fixed by following any one of the below mentioned ways:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">By specifying &#8220;https&#8221; in the -http-addr flag or the CONSUL_HTTP_ADDR environment variable in terms of Consul CLI.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">By changing the URI scheme to &#8220;https&#8221; in terms of Consul API.<\/span><\/li>\n<\/ul>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. \u2013http-port is used to specify the address and port of the Consul HTTP agent. The value can be an IP address or DNS address, but it must also include the port. In order to access the port that has been configured for HTTPS, \u201chttps\u201d should be specified.<\/span><br \/>\n<b>Option B is correct<\/b><span style=\"font-weight: 400;\">. This is the HTTP API address to the local Consul agent (not the remote server) specified as a URI with optional scheme. Example: CONSUL_HTTP_ADDR=127.0.0.1:8500 .\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\">In order to access the port that has been configured for HTTPS, \u201chttps\u201d should be specified in the CONSUL_HTTP_ADDR environment variable.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. CONSUL_HTTP_SSL is a boolean value (default is false) that enables the HTTPS URI scheme and SSL connections to the HTTP API. Example: CONSUL_HTTP_SSL=true.<\/span><br \/>\n<span style=\"font-weight: 400;\">We can set only the boolean option for the CONSUL_HTTP_SSL environmental variable.<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. In order to access the port via API that has been configured for HTTPS, the default http URI scheme should be changed to \u201chttps\u201d.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. CONSUL_HTTP_AUTH environment variable is used to specify HTTP basic access credentials as a username:password pair.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/www.consul.io\/docs\/troubleshoot\/common-errors#http-instead-of-https\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/troubleshoot\/common-errors#http-instead-of-https<\/span><\/a>,\u00a0<a href=\"https:\/\/www.consul.io\/commands#consul_http_ssl\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands#consul_http_ssl<\/span><\/a>,\u00a0<a href=\"https:\/\/www.consul.io\/commands#consul_http_auth\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands#consul_http_auth<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter-5\"><\/span>Domain : Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q5 : Which of the following commands is used to allow a Consul agent to automatically join a Consul datacenter using cloud metadata?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>consul join &lt;ip_address of the datacenter&gt; -metadata=\u201dprovider=my-cloud config=val\u201d<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>consul agent -retry-join &#8220;consul.domain.internal&#8221; -retry-join &#8220;&lt;ip_address of the datacenter&gt;&#8221;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>consul agent -retry-join &#8216;provider=my-cloud config=val config2=some other val&#8217;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>consul agent -join &lt;ip_address of the datacenter&gt; -metadata=\u201dprovider=my-cloud config=val\u201d<\/span><\/p>\n<p><b>Correct Answers: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">As of Consul 0.9.1, retry-join accepts a unified interface using the go-discover library for automatically joining a Consul datacenter using cloud metadata.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To use retry-join with a supported cloud provider, specify the configuration on the command line or configuration file as a key=value key=value &#8230; string.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. Consul join command tells a Consul agent to join an existing cluster. But there is no such option called \u2013metadata.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. \u2013retry-join option allows retrying the Consul agent to join with another agent until it is successful. Once it joins successfully to a member in a list of members it will never attempt to join again.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. The command consul agent -retry-join &#8216;provider=my-cloud config=val config2=some other val&#8217; is used for automatically joining a Consul datacenter using cloud metadata.<\/span><br \/>\n<span style=\"font-weight: 400;\">Example:<\/span><br \/>\n<span style=\"font-weight: 400;\">consul agent -retry-join &#8220;provider=aws tag_key=&#8230; tag_value=&#8230;&#8221;\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\">This returns the first private IP address of all servers in the given region which have the given tag_key and tag_value.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such option called \u2013join and \u2013metadata for the command Consul agent.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/install\/cloud-auto-join#cloud-auto-join\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/install\/cloud-auto-join#cloud-auto-join\u00a0<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Deploy_a_single_datacenter-6\"><\/span>Domain : Deploy a single datacenter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q6 : You have been provided with a task to join the Consul agent to an existing cluster with the IP addresses as follows: 52.10.110.11, 52.10.110.12, 52.10.110.13.<\/em><br \/>\n<em>Identify the correct agent configuration options that are suitable for to add\/join additional servers in production environments.<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>consul agent -retry-join=52.10.110.11 -retry-join=52.10.110.12 -retry-join=52.10.100.13<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>bootstrap = false,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 bootstrap_expect = 3,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 server = true,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 retry_join = [&#8220;52.10.110.11&#8221;, &#8220;52.10.110.12&#8221;, &#8220;52.10.100.13&#8221;]<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>{<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;bootstrap&#8221;: false,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;bootstrap_expect&#8221;: 3,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;server&#8221;: true,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;retryjoin&#8221;: [&#8220;52.10.110.11&#8221;, &#8220;52.10.110.12&#8221;, &#8220;52.10.100.13&#8221;]<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>consul agent -join=52.10.110.11 -join=52.10.110.12 -join=52.10.100.13<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>bootstrap = false,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 bootstrap_expect = 3,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 server = true,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 retryjoin = [&#8220;52.10.110.11&#8221;, &#8220;52.10.110.12&#8221;, &#8220;52.10.100.13&#8221;]<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>F.<\/strong>{<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;bootstrap&#8221;: false,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;bootstrap_expect&#8221;: 3,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;server&#8221;: true,<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0&#8220;retry_join&#8221;: [&#8220;52.10.110.11&#8221;, &#8220;52.10.110.12&#8221;, &#8220;52.10.100.13&#8221;]<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0}<\/span><\/p>\n<p><b>Correct Answers: A, B and F<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">For production datacenters, we will likely want to use the agent configuration option to add additional servers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In production environments, we will use the agent configuration option, retry_join. retry_join can be used as a command line flag or in the agent configuration file(in .hcl and .json format).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">retry join will ensure that if any server loses connection with the datacenter for any reason, including the node restarting, it can rejoin when it comes back. In addition to working with static IPs, it can also be useful for other discovery mechanisms, such as auto joining based on cloud metadata and discovery. Both servers and clients can use this method.<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. Via CLI, the command consul agent -retry-join=52.10.110.11 -retry-join=52.10.110.12 -retry-join=52.10.100.13 is used to join the Consul agent to the provided clusters.<\/span><br \/>\n<b>Option B is correct<\/b><span style=\"font-weight: 400;\">. The provided agent configuration stanza (in the .hcl format) is used to join the Consul agent to the provided clusters.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. The provided agent configuration stanza is in the .hcl format but the option retry_join is misspelled as \u201cretryjoin\u201d.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. The consul join command tells a Consul agent to join an existing cluster.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. The provided agent configuration stanza is in the .json format but the retry_join is misspelled as \u201cretryjoin\u201d.<\/span><br \/>\n<b>Option F is correct<\/b><span style=\"font-weight: 400;\">. The provided agent configuration stanza (in the .json format) is used to join the Consul agent to the provided clusters.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/add-remove-servers#add-a-server-with-agent-configuration\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/add-remove-servers#add-a-server-with-agent-configuration<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_services_with_basic_access_control_lists_ACL\"><\/span>Domain : Secure services with basic access control lists (ACL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q7 : Consider the below given HTTP API request:<\/em><br \/>\n<em>curl &#8211;request GET http:\/\/127.0.0.1:8500\/v1\/acl\/&#8212;&#8212;&#8212;-<\/em><br \/>\n<em>Fill in the blank with the correct endpoint to get the below response:<\/em><br \/>\n<em>{<\/em><br \/>\n<em>\u00a0 &#8220;Enabled&#8221;: true,<\/em><br \/>\n<em>\u00a0 &#8220;Running&#8221;: true,<\/em><br \/>\n<em>\u00a0\u00a0&#8220;SourceDatacenter&#8221;: &#8220;dc1&#8221;,<\/em><br \/>\n<em>\u00a0\u00a0&#8220;ReplicationType&#8221;: &#8220;tokens&#8221;,<\/em><br \/>\n<em>\u00a0 &#8220;ReplicatedIndex&#8221;: 1976,<\/em><br \/>\n<em>\u00a0 &#8220;ReplicatedTokenIndex&#8221;: 2018,<\/em><br \/>\n<em>\u00a0 &#8220;LastSuccess&#8221;: &#8220;2018-11-03T06:28:58Z&#8221;,<\/em><br \/>\n<em>\u00a0 &#8220;LastError&#8221;: &#8220;2016-11-03T06:28:28Z&#8221;<\/em><br \/>\n<em>}<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>replicate<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>replication<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>replica<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>auth\/replicate<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">\/acl\/replication endpoint returns the status of the ACL replication processes in the datacenter. This is intended to be used by operators or by automation checking to discover the health of ACL replication.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such endpoint called replicate in Consul ACL HTTP API<\/span><br \/>\n<b>Option B is correct<\/b><span style=\"font-weight: 400;\">. The replication endpoint returns the status of the ACL replication processes in the datacenter.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such endpoint called replica in Consul ACL HTTP API<\/span><b>.<\/b><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such endpoint called auth\/replicate in Consul ACL HTTP API.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/api-docs\/acl#check-acl-replication\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/api-docs\/acl#check-acl-replication<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_services_with_basic_access_control_lists_ACL-2\"><\/span>Domain : Secure services with basic access control lists (ACL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q8 : Which of the following methods are the possible ways to pass the Consul token(Secret ID) with each API request?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Consul-Token : &lt;consul token&gt;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Authorization : Bearer &lt;consul token&gt;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>?token = query parameter<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>X-Consul-Token : &lt;consul token&gt;<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Authorization : Token &lt;consul token&gt;<\/span><\/p>\n<p><b>Correct Answers: B, C and D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The token Secret ID is passed along with each RPC request to the servers. Consul&#8217;s HTTP endpoints can accept tokens via the token query string parameter, the X-Consul-Token request header, or an RFC6750 authorization bearer token.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Previously this was provided via a ?token= query parameter. This functionality exists on many endpoints for backwards compatibility, but its use is highly discouraged, since it can show up in access logs as part of the URL.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such option called Consul-Token : &lt;consul token&gt;.<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\">. When authentication is enabled, a Consul token should be provided to API requests with the Bearer scheme in the authorization header.<\/span><br \/>\n<span style=\"font-weight: 400;\">curl &#8211;header &#8220;Authorization: Bearer &lt;consul token&gt;&#8221; http:\/\/127.0.0.1:8500\/v1\/agent\/members<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. This was provided via a ?token= query parameter. This functionality exists on many endpoints for backwards compatibility, but its use is highly discouraged, since it can show up in access logs as part of the URL.<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. <\/span><span style=\"font-weight: 400;\">When authentication is enabled, a Consul token should be provided to API requests using the X-Consul-Token header.<\/span><br \/>\n<span style=\"font-weight: 400;\">curl &#8211;header &#8220;X-Consul-Token: &lt;consul token&gt;&#8221; http:\/\/127.0.0.1:8500\/v1\/agent\/members<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. The provided Authorization header is not syntactically correct. There is no such keyword called \u201cToken\u201d associated with RFC6750 authorization bearer.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Incorrect method: Authorization : Token &lt;consul token&gt;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Correct method: Authorization : Bearer &lt;consul token&gt;<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Instead of the keyword \u201cToken\u201d, the keyword \u201cBearer\u201d should be used.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/www.consul.io\/api#authentication\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/api#authentication<\/span><\/a>,\u00a0<a href=\"https:\/\/www.consul.io\/docs\/security\/acl\/acl-system#authorization\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/security\/acl\/acl-system#authorization<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_services_with_basic_access_control_lists_ACL-3\"><\/span>Domain : Secure services with basic access control lists (ACL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q9 : How will the Consul accept the token Secret ID via environment variable?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>CONSUL_HTTP_TOKEN_FILE<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>CONSUL_SECRET_TOKEN<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>CONSUL_HTTP_AUTH<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>CONSUL_HTTP_TOKEN<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Via CONSUL_HTTP_TOKEN, we can store the API access token required when access control lists (ACLs) are enabled.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. CONSUL_HTTP_TOKEN_FILE is a path to a file containing the API access token required when access control lists (ACLs) are enabled.<\/span><br \/>\n<span style=\"font-weight: 400;\">Example: CONSUL_HTTP_TOKEN_FILE=\/path\/to\/consul.token<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such environment variable called CONSUL_SECRET_TOKEN.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. CONSUL_HTTP_AUTH specifies HTTP Basic access credentials as a username:password pair<\/span><br \/>\n<span style=\"font-weight: 400;\">Example: CONSUL_HTTP_AUTH=my_username:my_password@123<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. CONSUL_HTTP_TOKEN is the API access token required when access control lists (ACLs) are enabled<\/span><br \/>\n<span style=\"font-weight: 400;\">Example: CONSUL_HTTP_TOKEN=785gerd5-123a-987b-45er-6xyt7ac44st<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/www.consul.io\/commands#consul_http_token\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands#consul_http_token<\/span><\/a>, <a href=\"https:\/\/www.consul.io\/docs\/security\/acl\/acl-system#authorization\" target=\"_blank\" rel=\"noopener\">https:\/\/www.consul.io\/docs\/security\/acl\/acl-system#authorization<\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_services_with_basic_access_control_lists_ACL-4\"><\/span>Domain : Secure services with basic access control lists (ACL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q10 : By default, Consul assigns the global-management policy to the bootstrap token, which has some restricted privileges which cannot be modified.<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Once the ACLs have been enabled, a token is needed to complete any operation in Consul. <\/span><i><span style=\"font-weight: 400;\">consul acl bootstrap<\/span><\/i><span style=\"font-weight: 400;\"> command is used to bootstrap and generate the first master token.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By default, Consul assigns the global-management policy to the bootstrap token, which has unrestricted privileges.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The bootstrap token is a management token with unrestricted privileges which is used in case of emergencies.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/access-control-setup-production#create-the-initial-bootstrap-token\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/access-control-setup-production#create-the-initial-bootstrap-token<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_services_with_basic_access_control_lists_ACL-5\"><\/span>Domain : Secure services with basic access control lists (ACL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q11 : <span style=\"font-weight: 400;\">As a Consul engineer, what will you do in order to save the ACL tokens permanently with an agent?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>By enabling the flag acl_token_replication as true.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>By enabling the flag enable_token_replication as true.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>By enabling the flag enable_token_persistence as true.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>By enabling the flag acl_token_persistence as true.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>By enabling the flag acl_enable_token_replication as true.<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Tokens are not persisted unless acl.enable_token_persistence is true, so tokens will need to be updated again if that option is false and the agent is restarted.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such flag called acl_token_replication in Consul agent configuration.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The flag enable_token_replication will enable ACL token replication and allow for the creation of both local tokens and auth methods in connected secondary datacenters.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. By setting the flag enable_token_persistence as true, the tokens set using the API will be persisted to disk and reloaded when an agent restarts.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such flag called acl_token_persistence in Consul agent configuration.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such flag called acl_enable_token_replication in Consul agent configuration.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/agent\/options#acl_enable_token_persistence\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/agent\/options#acl_enable_token_persistence\u00a0<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_agent_communication\"><\/span>Domain : Secure agent communication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q12 : While configuring the TLS certificates in client and server, you are getting the below errors.\u00a0<\/em><\/h4>\n<ul>\n<li aria-level=\"1\">\n<h4><em>Remote error: tls: bad certificate<\/em><\/h4>\n<\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\">\n<h4><em>X509: certificate signed by unknown authority<\/em><\/h4>\n<\/li>\n<\/ul>\n<h4><em>What are the steps that you will consider to troubleshoot\/solve these errors? <\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Verifying that the Consul clients and servers are using the correct certificates.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Verifying that the certificates are placed in the directory \/etc\/consul\/directories with correct permissions<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Verifying the details of the certificates using the command consul tls cert verify by passing the client\u2019s and server\u2019s IP address or domain name<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Verifying that the certificates have been signed by the same CA.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Verifying that the server certificates include the special name server.dc1.consul in the Subject Alternative Name (SAN) field.<\/span><\/p>\n<p><b>Correct Answers: A, D and E<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Below are the steps that need to be followed to troubleshoot the incorrect certificate or certificate name issues:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Verifying that the Consul clients and servers are using the correct certificates, and that they&#8217;ve been signed by the same CA.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Verifying that the server certificates include the special name server.dc1.consul in the Subject Alternative Name (SAN) field.<\/span><\/li>\n<\/ul>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. Verifying whether the Consul clients and servers are using the correct certificates or not is one of the correct steps.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The provided step is not the correct one.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. The provided step is not the correct one.<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. Verifying that the certificates have been signed by the same CA is one of the correct steps.<\/span><br \/>\n<b>Option E is correct<\/b><span style=\"font-weight: 400;\">. Verifying that the server certificates include the special name server.dc1.consul in the Subject Alternative Name (SAN) field is one of the correct steps.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/troubleshoot\/common-errors#incorrect-certificate-or-certificate-name\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/troubleshoot\/common-errors#incorrect-certificate-or-certificate-name<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_agent_communication-2\"><\/span>Domain : Secure agent communication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q13 : You have been provided with the task of enabling the built-in CA in Consul. Identify the correct default configuration to implement the same.<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>\/opt\/consul.d\/config.hcl<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 # &#8230;<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 connect {<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 enabled = true<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 }<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>\/etc\/consul.d\/config.hcl<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 # &#8230;<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 connect {<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 enabled = true<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>\/opt\/consul.d\/config.hcl<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 # &#8230;<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 certificate_authority {<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 enabled = true<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 }<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>\/etc\/consul.d\/config.hcl<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 # &#8230;<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 certificate_authority {<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0enabled = true<\/span><br \/>\n<span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0}<\/span><\/p>\n<p><b>Correct Answers: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The built-in CA provider has no required configuration. Enabling Connect alone will configure the built-in CA provider, and will automatically generate a root certificate and private key.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. The provided configuration is not a valid one as it is using \/opt directory.<\/span><br \/>\n<b>Option B is correct. <\/b><span style=\"font-weight: 400;\">The provided configuration is the valid configuration for enabling the built-in CA in Consul.<\/span><br \/>\n<b>Option C is incorrect. <\/b><span style=\"font-weight: 400;\">The provided configuration is not a valid one as it is using \/opt directory and wrong option \u201ccertificate_authority\u201d.<\/span><br \/>\n<b>Option D is incorrect. <\/b><span style=\"font-weight: 400;\">The provided configuration is not a valid one as it is using the wrong option \u201ccertificate_authority\u201d.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/connect\/ca\/consul#built-in-ca\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/connect\/ca\/consul#built-in-ca<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_agent_communication-3\"><\/span>Domain : Secure agent communication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q14 : Identify the files that will be generated\/saved as a result of executing the below mentioned command:<\/em><br \/>\n<em>consul tls cert create -server -dc dc1<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>dc1-server-consul-0.pem<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>server-consul-0.pem<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>dc1-server-consul-0-key.pem<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>server-consul-0-key.pem<\/span><\/p>\n<p><b>Correct Answers: A and C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The below mentioned files will be generated as the result of executing the mentioned command:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">dc1-server-consul-0.pem<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">dc1-server-consul-0-key.pem<\/span><\/li>\n<\/ul>\n<p><b>Output:<\/b><\/p>\n<p><b>consul tls cert create -server -dc dc1<\/b><\/p>\n<p><span style=\"font-weight: 400;\">==&gt; WARNING: Server Certificates grants authority to become a<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0server and access all state in the cluster including root keys<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0and all ACL tokens. Do not distribute them to production hosts<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0that are not server nodes. Store them as securely as CA keys.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">==&gt; Using consul-agent-ca.pem and consul-agent-ca-key.pem<\/span><\/p>\n<p><span style=\"font-weight: 400;\">==&gt; Saved dc1-server-consul-0.pem<\/span><\/p>\n<p><span style=\"font-weight: 400;\">==&gt; Saved dc1-server-consul-0-key.pem<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. dc1-server-consul-0.pem will be generated and this is the Consul server node public certificate for the dc1 datacenter.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. This is not the correct file name as the datacenter name is not given as part of the file name.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. dc1-server-consul-0-key.pem will be generated and this is the Consul server node private key for the dc1 datacenter.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. This is not the correct file name as the datacenter name is not given as part of the file name.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/tls-encryption-secure#create-the-server-certificates\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/tls-encryption-secure#create-the-server-certificates<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Secure_agent_communication-4\"><\/span>Domain :\u00a0 Secure agent communication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q15 : Which command needs to be executed to generate a client certificate with the validity of 3 months(considering 30 days in each month)?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>consul tls cert create -client \u2013months=3<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>consul tls cert generate -client \u2013days=90<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>consul tls cert generate -client \u2013months=3<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>consul tls cert create -client \u2013days=90<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The command consul tls cert create -client -days=90 will generate the client certifications with the validity of 90 days a.k.a 3 months.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-days=&lt;int&gt; &#8211; Provide the number of days the certificate is valid from now on. Defaults to 1 year.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such option called \u2013month in Consul tls cert create command.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command called consul tls cert generate even though the provided option \u2013days is correct.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command called consul tls cert generate.<\/span><br \/>\n<b>Option D is correct<\/b><span style=\"font-weight: 400;\">. The command consul tls cert create -client -days=90 will generate the client certifications with the validity of 90 days<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/commands\/tls\/cert#days\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands\/tls\/cert#days<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Register_services_and_use_service_discovery\"><\/span>Domain : Register services and use service discovery<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q16 : Consider the below given payload and identity whether this is valid or not.<\/em><br \/>\n<em><span style=\"font-weight: 400;\">curl http:\/\/127.0.0.1:8500\/v1\/query \\<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 &#8211;request POST \\<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 &#8211;data @- &lt;&lt; EOF<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">{<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 &#8220;Name&#8221;: &#8220;&#8221;,<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 &#8220;Template&#8221;: {<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 &#8220;Type&#8221;: &#8220;name_prefix_match&#8221;<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 },<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 &#8220;Service&#8221;: {<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 &#8220;Service&#8221;: &#8220;{name.full}&#8221;,<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 &#8220;Failover&#8221;: {<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0 &#8220;NearestN&#8221;: 2<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 \u00a0 }<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">\u00a0 }<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">}<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">EOF<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The given payload is an example for a prepared query template but the syntax is not correct.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Instead of {name.full}, ${name.full} should be used to refer to the entire name.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/automate-geo-failover#prepared-query-template\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/automate-geo-failover#prepared-query-template,\u00a0<\/span><\/a><a href=\"https:\/\/www.consul.io\/api\/query#prepared-query-templates\" target=\"_blank\" rel=\"noopener\">https:\/\/www.consul.io\/api\/query#prepared-query-templates<\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Register_services_and_use_service_discovery-2\"><\/span>Domain : Register services and use service discovery<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q17 : Which of the below endpoints is used to run an existing prepared query (for example: 1ab2c3d4-ade3-gg77-5b48-8ec93abf3e05)?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>\/execute<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>\/create<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>\/run<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>\/produce<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>\/build<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The endpoint \/execute<\/span> <span style=\"font-weight: 400;\">is used to execute\/run an existing prepared query. If no query exists by the given ID, an error is returned. <img decoding=\"async\" class=\"aligncenter size-full wp-image-81579\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h17.png\" alt=\"\" width=\"469\" height=\"92\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h17.png 469w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h17-300x59.png 300w\" sizes=\"(max-width: 469px) 100vw, 469px\" \/><\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. Using the endpoint \/execute, we can execute an existing prepared query.<\/span><br \/>\n<span style=\"font-weight: 400;\">Example:<\/span><br \/>\n<span style=\"font-weight: 400;\">curl http:\/\/127.0.0.1:8500\/v1\/query\/1ab2c3d4-ade3-gg77-5b48-8ec93abf3e05\/execute?near=_agent<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The endpoint \/create is used to create a new prepared query and returns its ID if it is created successfully.<\/span><br \/>\n<b>Option C is incorrect. <\/b><span style=\"font-weight: 400;\">There is no endpoint called \/run in Consul.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no endpoint called \/produce in Consul.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. There is no endpoint called \/build in Consul.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/api\/query#execute-prepared-query\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/api\/query#execute-prepared-query<\/span><\/a><\/p>\n<figure id=\"attachment_81694\" aria-describedby=\"caption-attachment-81694\" style=\"width: 776px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul.webp\"><img decoding=\"async\" class=\" wp-image-81694\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul.webp\" alt=\"hashicorp consul\" width=\"776\" height=\"436\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul.webp 960w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul-300x169.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul-768x432.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul-747x420.webp 747w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul-640x360.webp 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/hashicorp-consul-681x383.webp 681w\" sizes=\"(max-width: 776px) 100vw, 776px\" \/><\/a><figcaption id=\"caption-attachment-81694\" class=\"wp-caption-text\">source: learn.hashicorp.com<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Register_services_and_use_service_discovery-3\"><\/span>Domain : Register services and use service discovery<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q18 : Is it possible to register multiple services via the HTTP API?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Multiple services definitions can be provided at once when registering services via the agent configuration by using the plural services key.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Multiple services can\u2019t be registered via the HTTP API.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/www.consul.io\/docs\/discovery\/services#multiple-service-definitions\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/discovery\/services#multiple-service-definitions<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Register_services_and_use_service_discovery-4\"><\/span>Domain : Register services and use service discovery<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q19 : What is the parameter that needs to be passed with the endpoint\u00a0 \/agent\/check\/register to deregister the service after the specified time duration?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>DeregisterCriticalServiceAfter<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>DeregisterCriticalServiceAfterDuration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>DeregisterServiceAfterDuration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>DeregisterServiceAfter<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The parameter DeregisterCriticalServiceAfter specifies that checks associated with a service should deregister after this time. This is specified as a time duration with a suffix like &#8220;10m&#8221;.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a check is in the critical state for more than this configured value, then its associated service (and all of its associated checks) will automatically be deregistered.<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. The parameter DeregisterCriticalServiceAfter is used to mention the time duration to deregister the service.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such parameter named DeregisterCriticalServiceAfterDuration for the endpoint \/agent\/check\/register<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such parameter named DeregisterServiceAfterDuration for the endpoint \/agent\/check\/register<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such parameter named DeregisterServiceAfter for the endpoint \/agent\/check\/register<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/api\/agent\/check#deregistercriticalserviceafter\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/api\/agent\/check#deregistercriticalserviceafter,\u00a0<\/span><\/a><a href=\"https:\/\/www.consul.io\/commands\/services\/register#usage\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands\/services\/register#usage<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Register_services_and_use_service_discovery-5\"><\/span>Domain : Register services and use service discovery<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q20 : Which of the following actions will happen when a service is placed into maintenance mode?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>The service will be marked as unavailable<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>The service will be present in DNS or API queries<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>The service will not be present in DNS or API queries<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>The service will be restored after the default downtime<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>The service will be automatically restored on agent restart.<\/span><\/p>\n<p><b>Correct Answers: A, C and E<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The endpoint <\/span><b>\/agent\/service\/maintenance\/:service_id<\/b><span style=\"font-weight: 400;\"> places a given service into &#8220;maintenance mode&#8221;.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">During maintenance mode, the service will be marked as unavailable and will not be present in DNS or API queries. This API call is idempotent.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintenance mode is persistent and will be automatically restored on agent restart.<\/span><\/li>\n<\/ul>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. During maintenance mode, the service will be marked as unavailable.<\/span><br \/>\n<b>Option B is incorrect. <\/b><span style=\"font-weight: 400;\">During maintenance mode, the service will be present in DNS or API queries. The provided option is wrong.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. During maintenance mode, the service will be present in DNS or API queries.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no default downtime associated with the maintenance mode. The provided option is wrong.<\/span><br \/>\n<b>Option E is correct. <\/b><span style=\"font-weight: 400;\">During maintenance mode, the service will be automatically restored on agent restart.<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/api-docs\/agent\/service#enable-maintenance-mode\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/api-docs\/agent\/service#enable-maintenance-mode<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV\"><\/span>Domain : Access the Consul key\/value (KV)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Question 21 : Fill in the blank with the correct command to achieve the mentioned output.<\/em><br \/>\n<em><span style=\"font-weight: 400;\">consul kv get _________ app\/config\/environment <img decoding=\"async\" class=\"aligncenter wp-image-81580 size-full\" title=\"Consul key value\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h21.png\" alt=\"Consul key value \" width=\"436\" height=\"169\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h21.png 436w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h21-300x116.png 300w\" sizes=\"(max-width: 436px) 100vw, 436px\" \/><\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>-recurse<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>-detailed<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>-detail<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>-keys<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The option -detailed provides additional metadata about the key in addition to the value such as the ModifyIndex and any flags that may have been set on the key. The default value is false.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. The option -recurse will recursively look at all keys prefixed with the given path. The default value is false.<\/span><br \/>\n<b>Option B is correct<\/b><span style=\"font-weight: 400;\">. -detailed command line flag will retrieve some additional metadata about the key-value pair.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line flag called -detail.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. The option -keys list keys which start with the given prefix, but not their values<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/commands\/kv\/get#detailed\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands\/kv\/get#detailed<\/span><\/a>,\u00a0<a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/get-started-key-value-store#query-data\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/get-started-key-value-store#query-data<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV-2\"><\/span>Domain : Access the Consul key\/value (KV)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q22 : Consider the following screenshot and select the valid command to list all the keys. <img decoding=\"async\" class=\"aligncenter wp-image-81581 size-full\" title=\"Consul KV\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22.png\" alt=\"Consul KV\" width=\"1346\" height=\"419\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22.png 1346w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22-300x93.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22-1024x319.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22-768x239.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22-640x199.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/h22-681x212.png 681w\" sizes=\"(max-width: 1346px) 100vw, 1346px\" \/><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>consul kv get \u2013keys app\/\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>consul kv get \u2013keys Key\/Values\/app\/\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>consul kv get \u2013keys app\/config\/<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>consul kv get \u2013onlykeys app\/<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>consul kv get \u2013onlykeys Key\/Values\/app\/<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>F. <\/strong>consul kv get \u2013onlykeys app\/config\/<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The -keys option is used to just list the keys which start with the specified prefix.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is especially useful if you only need the key names themselves.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sample Output:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">consul kv get -keys app\/config\/<\/span><\/p>\n<p><span style=\"font-weight: 400;\">app\/config\/connections<\/span><\/p>\n<p><span style=\"font-weight: 400;\">app\/config\/cpu<\/span><\/p>\n<p><span style=\"font-weight: 400;\">app\/config\/memory<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. The command \u201cconsul kv get \u2013keys app\/\u201d will return only the key called config.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The prefix path in the provided command \u201cconsul kv get \u2013keys Key\/Values\/app\/\u201d is wrong.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. The command \u201cconsul kv get -keys app\/config\/\u201d is used to list down the keys in the given prefix.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command-line option called \u2013onlykeys for the consul kv get command even though the prefix is valid.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line option called \u2013onlykeys for the consul kv get command and the prefix is also wrong.<\/span><br \/>\n<b>Option F is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line option called \u2013onlykeys for the consul kv get command even though the prefix is valid.<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/commands\/kv\/get#listing-keys\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/commands\/kv\/get#listing-keys<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV-3\"><\/span>Domain : Access the Consul key\/value (KV)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q23 : As a consul associate, you have stored a secret configuration value in the KV path app\/config\/secret\/. Also, you want to implement a monitoring mechanism that will invoke the script \/usr\/bin\/key-handler.sh whenever an update is detected.\u00a0<\/em><br \/>\n<em>Identify the correct command to achieve the same.<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>consul watch -type=key -key=app\/config\/secret\/ \/usr\/bin\/key-handler.sh<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>consul watch -type=keyprefix -key= app\/config\/secret\/\u00a0 \/usr\/bin\/key-handler.sh<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>consul watch -type=key -key=app\/config\/secret\/\u00a0 -args=\/usr\/bin\/key-handler.sh<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>consul watch -type=keyprefix -key=foo\/bar\/baz -args=\/usr\/bin\/key-handler.sh<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Consul KV can also be extended with the use of watches.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Watches are a way to monitor data for updates.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When an update is detected, an external handler is invoked. To use watches with the KV store the key watch type should be used.<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. The command \u201cconsul watch -type=key -key=app\/config\/secret\/ \/usr\/bin\/key-handler.sh\u201d is used to watch the key app\/config\/secret\/ in the KV store.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The provided command is used to watch a prefix of keys in the KV store, not the specific key.\u00a0<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. The provided command is wrong as there is no command line flag called -args<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. The provided command is wrong as there is no command line flag called \u2013args and also the type is keyprefix not the key.<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/docs\/dynamic-app-config\/watches#watches\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/dynamic-app-config\/watches#watches<\/span><\/a>,\u00a0<a href=\"https:\/\/www.consul.io\/docs\/dynamic-app-config\/watches#key\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/dynamic-app-config\/watches#key<\/span><\/a>,\u00a0<a href=\"https:\/\/www.consul.io\/docs\/dynamic-app-config\/kv#watches\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/dynamic-app-config\/kv#watches<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV-4\"><\/span>Domain : Access the Consul key\/value (KV)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q24 : A third party application wants the data from Consul\u2019s KV store for its own processing. But due to security limitations, direct access has been restricted. Which of the following tools could be used for this scenario?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>EnvConsul<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Consul Replicate<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Consul Environment<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Consul Migrate<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Consul Access<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Envconsul provides a convenient way to launch a subprocess with environment variables populated from HashiCorp Consul and Vault.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Environment variables are dynamically populated from Consul or Vault, but the application is unaware; applications just read environment variables. This enables extreme flexibility and portability for applications across systems.<\/span><\/p>\n<p><b>Option A is correct<\/b><span style=\"font-weight: 400;\">. Envconsul provides a convenient way to launch a subprocess with environment variables populated from HashiCorp Consul and Vault. The 3<\/span><span style=\"font-weight: 400;\">rd<\/span><span style=\"font-weight: 400;\"> party application can access the values from the environment variables.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. The daemon consul-replicate integrates with Consul to perform cross-data-center K\/V replication.<\/span><br \/>\n<b>Option C is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such tool called \u201cConsul Environment\u201d.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. consul-migrate is a Go package and CLI utility to perform very specific data migration for Consul servers nodes.<\/span><br \/>\n<b>Option E is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such tool called \u201cConsul Access\u201d.<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/www.consul.io\/docs\/download-tools#download-consul-tools\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/download-tools#download-consul-tools<\/span><\/a>,\u00a0<a href=\"https:\/\/github.com\/hashicorp\/envconsul\/blob\/master\/README.md\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/github.com\/hashicorp\/envconsul\/blob\/master\/README.md<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV-5\"><\/span>Domain : Access the Consul key\/value (KV)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q25 : You have been provided with the task of discovering all the services running in the Consul datacenter in a single run. Fill in the blank with the correct command line flag to achieve the requirement.<\/em><br \/>\n<em><span style=\"font-weight: 400;\">consul-template -template=&#8221;all-services.tpl:all-services.txt&#8221; _____________<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>-one<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>-single-run<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>-once<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>-all<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><span style=\"font-weight: 400;\">In Once mode, Consul Template will wait for all dependencies to be rendered. If a template specifies a dependency (a request) that does not exist in Consul, once mode will wait until Consul returns data for that dependency.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line flag called \u2013one.<\/span><br \/>\n<b>Option B is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line flag called \u2013single-run.<\/span><br \/>\n<b>Option C is correct<\/b><span style=\"font-weight: 400;\">. The -once flag will tell the process to run once and then quit.<\/span><br \/>\n<b>Option D is incorrect<\/b><span style=\"font-weight: 400;\">. There is no such command line flag called \u2013all.<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/consul-template#use-case-discover-all-services\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/consul-template#use-case-discover-all-services<\/span><\/a>,\u00a0<a href=\"https:\/\/github.com\/hashicorp\/consul-template\/blob\/master\/docs\/modes.md#once-mode\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/github.com\/hashicorp\/consul-template\/blob\/master\/docs\/modes.md#once-mode<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Explain_Consul_Architecture\"><\/span><b>Domain: Explain Consul Architecture<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><b>Question 26.\u00a0 Which of the following ports are used for DNS-related queries in Consul?<\/b><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A.\u00a0<\/strong> \u00a0<\/span><span style=\"font-weight: 400;\">8502 TCP<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>B.<\/strong>\u00a0 \u00a0<\/span><span style=\"font-weight: 400;\">8600 TCP<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>C.\u00a0<\/strong> <\/span><span style=\"font-weight: 400;\">8301 TCP<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>D.<\/strong> <\/span><span style=\"font-weight: 400;\">8502 UDP<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>E.<\/strong>\u00a0 <\/span><span style=\"font-weight: 400;\">8600 UDP<\/span><\/p>\n<p><b>Correct Answers: B, E<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Consul is using the ports 8600 TCP &amp; 8600 UDP to resolve the DNS queries. Before running Consul, the consul engineer should ensure the respective bind ports are accessible.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is used by the gRPC API. Currently, gRPC is only used to expose the xDS API to Envoy proxies. It is off by default, but port 8502 is a convention used by various tools as the default. Defaults to 8502 in -dev mode.<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\"> as this port is used by the DNS interface to resolve DNS queries.<\/span><\/p>\n<p><b>Option C is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is the Serf LAN port. This is used to handle gossip in the LAN. Required by all agents.<\/span><\/p>\n<p><b>Option D is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is used by the gRPC API. Currently, gRPC is only used to expose the xDS API to Envoy proxies. It is off by default, but port 8502 is a convention used by various tools as the default. Defaults to 8502 in -dev mode.<\/span><\/p>\n<p><b>Option E is correct<\/b><span style=\"font-weight: 400;\"> as this port is used by the DNS interface to resolve DNS queries.<\/span><\/p>\n<p><b>Reference:<\/b><\/p>\n<p><a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/reference-architecture#network-connectivity\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/learn.hashicorp.com\/tutorials\/consul\/reference-architecture#network-connectivity<\/span><\/a><\/p>\n<p><a href=\"https:\/\/www.consul.io\/docs\/install\/ports\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/install\/ports<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Explain_Consul_Architecture-2\"><\/span><b>Domain: Explain Consul Architecture\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><b>Question 27. Which of the following combinations (of port(s) and protocol(s)) needs to be enabled in the network configuration to permit the server agents to communicate between datacenters(multi-cluster environment)?\u00a0<\/b><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A.<\/strong> WAN GOSSIP TCP\/UDP\/8301<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>B.<\/strong> <\/span><span style=\"font-weight: 400;\">LAN GOSSIP TCP\/UDP\/8301<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>C.<\/strong> WAN GOSSIP TCP\/UDP\/8302<\/span><\/p>\n<p><strong>\u00a0D. <\/strong><span style=\"font-weight: 400;\">LAN GOSSIP TCP\/UDP\/8302<\/span><\/p>\n<p><strong>\u00a0E. <\/strong><span style=\"font-weight: 400;\">LAN GOSSIP TCP 8300 <\/span><\/p>\n<p><b>Correct Answers: C<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Consul is using the Serf WAN port 8302 (both TCP and UDP protocols) to gossip over the WAN, to other servers<\/span><\/p>\n<p><span style=\"font-weight: 400;\">All the agents that are in a datacenter participate in a gossip protocol. This means there is a gossip pool that contains all the agents for a given datacenter.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here we are discussing the communication between servers. Thus the server agents operate as part of a WAN gossip pool. This pool is different from the LAN pool as it is optimized for the higher latency of the internet and is expected to contain only other Consul server agents.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The purpose of this pool is to allow datacenters to discover each other in a low-touch manner.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is used to handle gossip in the LAN not in the WAN gossip.<\/span><\/p>\n<p><b>Option B is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is the Serf LAN port. This is used to handle gossip in the LAN which is required by all agents.<\/span><\/p>\n<p><b>Option C is correct<\/b><span style=\"font-weight: 400;\"> as this port is the Serf WAN port. This is used by servers to gossip over the WAN, to other servers. These ports are only used in multi-cluster environments.<\/span><\/p>\n<p><b>Option D is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is used to handle WAN gossip, not in the LAN gossip.<\/span><\/p>\n<p><b>Option E is incorrect<\/b><span style=\"font-weight: 400;\"> as this port is used for Server RPC communication which in turn is used by servers to handle incoming requests from other agents.<\/span><\/p>\n<p><b>Reference:<\/b><\/p>\n<p><a href=\"https:\/\/www.consul.io\/docs\/architecture#10-000-foot-view\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/architecture#10-000-foot-view<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Explain_Consul_Architecture-3\"><\/span><b>Domain: Explain Consul Architecture<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><b>Question 28. By default, the data is not replicated between different Consul datacenters in the organization\u2019s architecture.<\/b><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A.<\/strong> <\/span><span style=\"font-weight: 400;\">True<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>B.<\/strong> <\/span><span style=\"font-weight: 400;\">False<\/span><\/p>\n<p><b>Correct Answers: A<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">In general, data is not replicated between different Consul datacenters.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When a request is made for a resource in another datacenter, the local Consul servers forward an RPC request to the remote Consul servers for that resource and return the results. If the remote datacenter is not available, then those resources will also not be available, but that won&#8217;t otherwise affect the local datacenter.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are some special situations where a limited subset of data can be replicated, such as with the Consul&#8217;s built-in ACL replication capability, or external tools like consul-replicate.<\/span><\/p>\n<p><b>Reference:<\/b><\/p>\n<p><a href=\"https:\/\/www.consul.io\/docs\/architecture#10-000-foot-view\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/architecture#10-000-foot-view<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Access_the_Consul_keyvalue_KV-6\"><\/span><b>Domain: Access the Consul key\/value (KV)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><b>Question 29. The size limit of the Consul&#8217;s key\/value store can be increased with the &#8212;&#8212;&#8212;&#8212;&#8212;&#8211; configuration option<\/b><\/em><\/h4>\n<p><strong>\u00a0 \u00a0A. <\/strong><span style=\"font-weight: 400;\">kv_maximum_value_limit<\/span><\/p>\n<p><strong>\u00a0 \u00a0B. <\/strong><span style=\"font-weight: 400;\">kv_max_value_size<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<strong> \u00a0C. <\/strong><\/span><span style=\"font-weight: 400;\">kv_max_value_limit<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0<strong>D. <\/strong><\/span><span style=\"font-weight: 400;\">kv_maximum_value_size<\/span><\/p>\n<p><b>Correct Answers: B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The limit can be increased by using the kv_max_value_size configuration option. This configures the maximum number of bytes for a kv request body to the \/v1\/kv endpoint. This limit defaults to the raft&#8217;s suggested max size (512KB).<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> as there is no such configuration option as kv_maximum_value_limit.<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\"> as this configuration option is used to increase the limit.<\/span><\/p>\n<p><b>Option C is incorrect<\/b><span style=\"font-weight: 400;\"> as there is no such configuration option as kv_max_value_limit.<\/span><\/p>\n<p><b>Option D is incorrect<\/b><span style=\"font-weight: 400;\"> as there is no such configuration option as kv_maximum_value_size.<\/span><\/p>\n<p><b>Reference:<\/b><\/p>\n<p><a href=\"https:\/\/www.consul.io\/docs\/troubleshoot\/faq#q-what-is-the-per-key-value-size-limitation-for-consul-s-key-value-store\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/troubleshoot\/faq#q-what-is-the-per-key-value-size-limitation-for-consul-s-key-value-store<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"_Domain_Access_the_Consul_keyvalue_KV\"><\/span><span style=\"font-weight: 400;\">\u00a0<\/span><b>Domain: Access the Consul key\/value (KV)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong><em>Question 30. What is the maximum restricted size limit for an object stored in a Consul&#8217;s key\/value store?<\/em><\/strong><\/h4>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0 A. <\/span><span style=\"font-weight: 400;\">1024 KB<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0 B.\u00a0 <\/span><span style=\"font-weight: 400;\">256 KB<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0C. <\/span><span style=\"font-weight: 400;\">512 KB<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0 D.\u00a0 <\/span><span style=\"font-weight: 400;\">128 KB<\/span><\/p>\n<p><b>Correct Answers: C<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The main restriction on an object is size &#8211; the maximum is 512 KB.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> as the correct value is 512 KB, not 1024 KB.<\/span><\/p>\n<p><b>Option B is incorrect<\/b><span style=\"font-weight: 400;\"> as the correct value is 512 KB, not 256 KB.<\/span><\/p>\n<p><b>Option C is correct<\/b><span style=\"font-weight: 400;\">. The maximum restricted size limit for an object stored in a Consul&#8217;s key\/value store is 512 KB.<\/span><\/p>\n<p><b>Option D is incorrect<\/b><span style=\"font-weight: 400;\"> as the correct value is 512 KB, not 128 KB.<\/span><\/p>\n<p><b>Reference:<\/b><\/p>\n<p><a href=\"https:\/\/www.consul.io\/docs\/dynamic-app-config\/kv#using-consul-kv\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.consul.io\/docs\/dynamic-app-config\/kv#using-consul-kv<\/span><\/a><\/p>\n<p><strong>Summary<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Hope these HashiCorp Consul Associate exam questions have provided you with clarity on the mentioned concepts and pushed you to gear up your preparations at another level.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For more such questions and content, just go through the <strong>HashiCorp Certified Consul Associate Practice<\/strong>\u00a0<strong>Tests<\/strong>, and pass the certification exam on the very first attempt.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloud Engineers make use of the HashiCorp Consul Associate certification to attest their Networking Automation Skills. You are at a plus point if you have a good understanding of the basic skills and concepts required in the building, security, and maintenance of the open-source HashiCorp Consul. These free test questions provided here are for your assessment of the HashiCorp Consul Associate exam and help you with your preparation. Domain: Deploy a single datacenter Q1 : Environment variables can be used to configure the Consul client and they can be used when running other consul CLI commands that connect with a [&hellip;]<\/p>\n","protected":false},"author":223,"featured_media":81805,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1862,4842],"tags":[4843],"class_list":["post-81578","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-hashicorp","tag-hashicorp-consul-associate"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam-150x150.jpg",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam-300x158.jpg",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam-250x250.jpg",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/Free-Questions-on-HashiCorp-Consul-Associate-Certification-Exam.jpg",150,79,false]},"uagb_author_info":{"display_name":"Dharmendra Digari","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/dharmendrawhizlabs-com\/"},"uagb_comment_info":5,"uagb_excerpt":"Cloud Engineers make use of the HashiCorp Consul Associate certification to attest their Networking Automation Skills. You are at a plus point if you have a good understanding of the basic skills and concepts required in the building, security, and maintenance of the open-source HashiCorp Consul. These free test questions provided here are for your&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/223"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=81578"}],"version-history":[{"count":14,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81578\/revisions"}],"predecessor-version":[{"id":90865,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81578\/revisions\/90865"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/81805"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=81578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=81578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=81578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}