Wednesday , December 11 2024
Breaking News

Chef Principles Certification Exam Answers – CP101

CP101 Chef Principles Certification Exam Answers

  • Run-list.
  • chef-client configuration.
  • Data bag items.
  • Cookbooks.
  • You get an error message but the chef-client run continues.
  • You get an error message and the chef-client run halts.
  • The default action is assumed.
  • the equivalent of a Chef cookbook.
  • the equivalent of a Chef recipe.
  • an item that can be configured on your system.
  • The Chef server dynamically builds each node prior to a chef-client run.
  • The chef-client pulls node data in JSON format from the Chef server at the start of the run.
  • Nodes are stored on the Chef server as JSON objects that contains just the run-list and node name.
  • Nodes are represented on the Chef server as JSON objects that contain all the node data.
  • Every node must have a unique run-list assigned to it.
  • A run-list defines some of the information necessary for Chef to configure a node into the desired state.
  • A run-list is a list of roles and/or recipes that are run in the order specified.
  • A run-list is stored as a node object element which can be queried via knife.
  • Immediately after the resource name.
  • Immediately after the actions.
  • You can list them anywhere within the resource block.
  • Policyfile.rb
  • metadata.rb
  • Policyfile.lock.json
  • chef push Policyfile.rb
  • chef install Policyfile.rb
  • chef init Policyfile.rb
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • inspec exec https://github.com/security -t docker -i ContainerID
  • inspec profile https://github.com/security -t docker -i ContianerID
  • inspec exec https://github.com/security -t docker://ContainerID
  • Download the profile from Github, then scan the container as usual. Profiles must be stored locally when scanning containers.
  • providers folder
  • resources folder
  • libraries folder
  • top directory of the inspec profile
  • Specify the –controls argument.
  • Specify the –limit argument.
  • grep the output.
  • describe ec2(‘ec2-instance’) do

 it { should be_running }

end

  • describe aws(‘ec2-instance’) do

 it { should be_running }

end

  • describe ec2(‘aws-ec2-instance’) do

 it { should_be running }

end

  • describe ami(‘ec2-instance’) do

 it { should_be running }

end

  • It tests that /etc/sysconfig is a directory, that the directory is executable by the owner, the directory can not have files added or removed, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner of the file, the file can not modified, and the contents of the file cannot be read by a user named Tom.
  • It tests that /etc/sysconfig is a directory, that the directory has a mode of 0544, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner, the file has a mode of 0544, contents of the file cannot be read by a user named Tom.
  • Ruby
  • Inspec DSL and Ruby
  • Inspec DSL and Custom Resource DSL and Ruby
  • Inspec DSL and Chef Recipe DSL and Ruby
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • inspec exec https://github.com/security -t docker -i ContainerID
  • inspec profile https://github.com/security -t docker -i ContianerID
  • inspec exec https://github.com/security -t docker://ContainerID
  • Download the profile from Github, then scan the container as usual. Profiles must be stored locally when scanning containers.
  • providers folder
  • resources folder
  • libraries folder
  • top directory of the inspec profile
  • Specify the –controls argument.
  • Specify the –limit argument.
  • grep the output.
  • describe ec2(‘ec2-instance’) do

 it { should be_running }

end

  • describe aws(‘ec2-instance’) do

 it { should be_running }

end

  • describe ec2(‘aws-ec2-instance’) do

 it { should_be running }

end

  • describe ami(‘ec2-instance’) do

 it { should_be running }

end

  • It tests that /etc/sysconfig is a directory, that the directory is executable by the owner, the directory can not have files added or removed, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner of the file, the file can not modified, and the contents of the file cannot be read by a user named Tom.
  • It tests that /etc/sysconfig is a directory, that the directory has a mode of 0544, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner, the file has a mode of 0544, contents of the file cannot be read by a user named Tom.
  • Ruby
  • Inspec DSL and Ruby
  • Inspec DSL and Custom Resource DSL and Ruby
  • Inspec DSL and Chef Recipe DSL and Ruby
  • inspec exec test.rb -t ssh://user@hostname
  • It is not possible. The target node must have InSpec installed.
  • It is not possible. The target node must have chef-client installed.
  • inspec exec ssh://user@hostname test.rb
  • pkg_deps
  • pkg_build_deps
  • pkg_run_deps
  • pkg_deps_ignored
  • The hab pkg provides command
  • The hab pkg search command
  • Examining the package manifest in Builder
  • Running hab pkg export and opening the artifact with an editor
  • Only includes build tools, like curl
  • Is a set of foundation packages
  • Is managed and versioned by the Habitat maintainers
  • Provides packages that cover every use-case
  • Can be used as dependencies for custom pacakges
  • The metadata.rb file
  • Habitat Builder
  • The Plan file
  • Within the package source repository
  • Plan.sh
  • .hart
  • .tar
  • .rpm
  • .hart
  • .tar.gz
  • .rpm
  • .msi
  • Apache Mesos
  • Cloud Foundry
  • docker
  • A package release channel wasn’t specified in the install command
  • The package hasn’t been promoted to the stable channel
  • You are not logged into the correct Builder origin
  • You need to authenticate your Studio session with Builder
  • Starts and monitors child services
  • Retrieve resource metadata from cloud providers
  • Monitor information from other Supervisors
  • Reconfigure services with lifecycle hooks
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • gem install kitchen-inspec
  • gem install serverspec
  • Install Chef Workstation
  • gem install chefspec
  • Time-consuming.
  • Error-prone.
  • Non-portable.
  • All of these.
  • Chef
  • Ruby
  • InSpec
  • inspec test /PATH/TO/PROFILE
  • inspec compliance /PATH/TO/PROFILE
  • inspec exec /PATH/TO/PROFILE
  • inspec check /PATH/TO/PROFILE
  • On target nodes.
  • On the Chef Automate Compliance server.
  • On Chef Infra Server.
  • inspec exec test.rb -t ssh://user@hostname
  • It is not possible. The target node must have InSpec installed.
  • It is not possible. The target node must have chef-client installed.
  • inspec exec ssh://user@hostname test.rb
  • inspec compliance login.
  • chef compliance login.
  • chef exec compliance login.
  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: false

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  justification: “ACME corporation requires strict compliance standards for SSH”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  overlay: “ACME corporation requires strict compliance standards for SSH”

  • Waivers
  • Justifications
  • Overlays
  • Exceptions
  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: true

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      start_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  justification: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: false

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      start_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  justification: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: true

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      begin_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  reasoning: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: false

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      begin_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  reasoning: “Security waiver granted until expiration date”

  • In bulk, within the Habitat package’s config.yml file
  • In bulk, within the InSpec benchmark code
  • Per-control, within the Habitat package’s config.yml file
  • Per-control, within the InSpec benchmark code
  • The Chef Habitat Workspace
  • The Chef Habitat Studio
  • The Chef Habitat Builder
  • The Automate Compliance Dashboard
  • Chef Premium Compliance Profiles
  • Chef Audit
  • Chef Remediation
  • All of the above
  • Chef Workstation
  • Chef InSpec
  • Chef Habitat
  • Chef Automate
  • CIS
  • InSpector
  • InSpec
  • ServerSpec

About Clear My Certification

Check Also

Information Technology Management Professional CertificatioN

Information Technology Management Professional Certification

Information Technology Management Professional Certification Information Technology Management involves overseeing and directing the use of …

Leave a Reply

Your email address will not be published. Required fields are marked *