Monday , June 17 2024
Breaking News

Chef Principles Certification Exam Answers – CP101

CP101 Chef Principles Certification Exam Answers

  • Run-list.
  • chef-client configuration.
  • Data bag items.
  • Cookbooks.
  • You get an error message but the chef-client run continues.
  • You get an error message and the chef-client run halts.
  • The default action is assumed.
  • the equivalent of a Chef cookbook.
  • the equivalent of a Chef recipe.
  • an item that can be configured on your system.
  • The Chef server dynamically builds each node prior to a chef-client run.
  • The chef-client pulls node data in JSON format from the Chef server at the start of the run.
  • Nodes are stored on the Chef server as JSON objects that contains just the run-list and node name.
  • Nodes are represented on the Chef server as JSON objects that contain all the node data.
  • Every node must have a unique run-list assigned to it.
  • A run-list defines some of the information necessary for Chef to configure a node into the desired state.
  • A run-list is a list of roles and/or recipes that are run in the order specified.
  • A run-list is stored as a node object element which can be queried via knife.
  • Immediately after the resource name.
  • Immediately after the actions.
  • You can list them anywhere within the resource block.
  • Policyfile.rb
  • metadata.rb
  • Policyfile.lock.json
  • chef push Policyfile.rb
  • chef install Policyfile.rb
  • chef init Policyfile.rb
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • inspec exec https://github.com/security -t docker -i ContainerID
  • inspec profile https://github.com/security -t docker -i ContianerID
  • inspec exec https://github.com/security -t docker://ContainerID
  • Download the profile from Github, then scan the container as usual. Profiles must be stored locally when scanning containers.
  • providers folder
  • resources folder
  • libraries folder
  • top directory of the inspec profile
  • Specify the –controls argument.
  • Specify the –limit argument.
  • grep the output.
  • describe ec2(‘ec2-instance’) do

 it { should be_running }

end

  • describe aws(‘ec2-instance’) do

 it { should be_running }

end

  • describe ec2(‘aws-ec2-instance’) do

 it { should_be running }

end

  • describe ami(‘ec2-instance’) do

 it { should_be running }

end

  • It tests that /etc/sysconfig is a directory, that the directory is executable by the owner, the directory can not have files added or removed, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner of the file, the file can not modified, and the contents of the file cannot be read by a user named Tom.
  • It tests that /etc/sysconfig is a directory, that the directory has a mode of 0544, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner, the file has a mode of 0544, contents of the file cannot be read by a user named Tom.
  • Ruby
  • Inspec DSL and Ruby
  • Inspec DSL and Custom Resource DSL and Ruby
  • Inspec DSL and Chef Recipe DSL and Ruby
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • inspec exec https://github.com/security -t docker -i ContainerID
  • inspec profile https://github.com/security -t docker -i ContianerID
  • inspec exec https://github.com/security -t docker://ContainerID
  • Download the profile from Github, then scan the container as usual. Profiles must be stored locally when scanning containers.
  • providers folder
  • resources folder
  • libraries folder
  • top directory of the inspec profile
  • Specify the –controls argument.
  • Specify the –limit argument.
  • grep the output.
  • describe ec2(‘ec2-instance’) do

 it { should be_running }

end

  • describe aws(‘ec2-instance’) do

 it { should be_running }

end

  • describe ec2(‘aws-ec2-instance’) do

 it { should_be running }

end

  • describe ami(‘ec2-instance’) do

 it { should_be running }

end

  • It tests that /etc/sysconfig is a directory, that the directory is executable by the owner, the directory can not have files added or removed, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner of the file, the file can not modified, and the contents of the file cannot be read by a user named Tom.
  • It tests that /etc/sysconfig is a directory, that the directory has a mode of 0544, and the contents of the directory cannot be read by a user named Tom.
  • It tests that the file /etc/sysconfig is executable by the owner, the file has a mode of 0544, contents of the file cannot be read by a user named Tom.
  • Ruby
  • Inspec DSL and Ruby
  • Inspec DSL and Custom Resource DSL and Ruby
  • Inspec DSL and Chef Recipe DSL and Ruby
  • inspec exec test.rb -t ssh://user@hostname
  • It is not possible. The target node must have InSpec installed.
  • It is not possible. The target node must have chef-client installed.
  • inspec exec ssh://user@hostname test.rb
  • pkg_deps
  • pkg_build_deps
  • pkg_run_deps
  • pkg_deps_ignored
  • The hab pkg provides command
  • The hab pkg search command
  • Examining the package manifest in Builder
  • Running hab pkg export and opening the artifact with an editor
  • Only includes build tools, like curl
  • Is a set of foundation packages
  • Is managed and versioned by the Habitat maintainers
  • Provides packages that cover every use-case
  • Can be used as dependencies for custom pacakges
  • The metadata.rb file
  • Habitat Builder
  • The Plan file
  • Within the package source repository
  • Plan.sh
  • .hart
  • .tar
  • .rpm
  • .hart
  • .tar.gz
  • .rpm
  • .msi
  • Apache Mesos
  • Cloud Foundry
  • docker
  • A package release channel wasn’t specified in the install command
  • The package hasn’t been promoted to the stable channel
  • You are not logged into the correct Builder origin
  • You need to authenticate your Studio session with Builder
  • Starts and monitors child services
  • Retrieve resource metadata from cloud providers
  • Monitor information from other Supervisors
  • Reconfigure services with lifecycle hooks
  • inspec test https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec exec https://github.com/PATH/TO/INSPEC/PROFILE
  • inspec check https://github.com/PATH/TO/INSPEC/PROFILE
  • It is not possible. The InSpec profile needs to stored locally on the node.
  • gem install kitchen-inspec
  • gem install serverspec
  • Install Chef Workstation
  • gem install chefspec
  • Time-consuming.
  • Error-prone.
  • Non-portable.
  • All of these.
  • Chef
  • Ruby
  • InSpec
  • inspec test /PATH/TO/PROFILE
  • inspec compliance /PATH/TO/PROFILE
  • inspec exec /PATH/TO/PROFILE
  • inspec check /PATH/TO/PROFILE
  • On target nodes.
  • On the Chef Automate Compliance server.
  • On Chef Infra Server.
  • inspec exec test.rb -t ssh://user@hostname
  • It is not possible. The target node must have InSpec installed.
  • It is not possible. The target node must have chef-client installed.
  • inspec exec ssh://user@hostname test.rb
  • inspec compliance login.
  • chef compliance login.
  • chef exec compliance login.
  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: false

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  justification: “ACME corporation requires strict compliance standards for SSH”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.4_Ensure_SSH_Protocol_is_set_to_2

  scan:

    run: true

  remediate:

    run: true

  overlay: “ACME corporation requires strict compliance standards for SSH”

  • Waivers
  • Justifications
  • Overlays
  • Exceptions
  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: true

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      start_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  justification: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: false

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      start_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  justification: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: true

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      begin_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  reasoning: “Security waiver granted until expiration date”

  • provider: Chef

benchmark: CIS Sample Linux

provider_version: v.1.0.0

controls:

– id: 5.2.14_Ensure_SSH_access_is_limited

  scan:

    run: false

    expiration_date: 2023-07-01

  remediate:

    run: false

    waiver:

      begin_date_utc: “— 2020-12-01 08:25:57.571436000 Z\n”

      expiration_date_utc: “— 2023-07-01 08:25:57.571522000 Z\n”

      identifier: ticket_14500

  reasoning: “Security waiver granted until expiration date”

  • In bulk, within the Habitat package’s config.yml file
  • In bulk, within the InSpec benchmark code
  • Per-control, within the Habitat package’s config.yml file
  • Per-control, within the InSpec benchmark code
  • The Chef Habitat Workspace
  • The Chef Habitat Studio
  • The Chef Habitat Builder
  • The Automate Compliance Dashboard
  • Chef Premium Compliance Profiles
  • Chef Audit
  • Chef Remediation
  • All of the above
  • Chef Workstation
  • Chef InSpec
  • Chef Habitat
  • Chef Automate
  • CIS
  • InSpector
  • InSpec
  • ServerSpec

About Clear My Certification

Check Also

ISRO

ISRO Launched 5 Days Free Course with Certification in May 2024

ISRO Launched 5 Days Free Course with Certification in May 2024 About the Course : …

Leave a Reply

Your email address will not be published. Required fields are marked *