















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Puppet Certified Professional Ultimate Exam prepares IT professionals for certification in automation and configuration management using Puppet. It covers system administration, infrastructure as code, deployment automation, and troubleshooting. The exam includes hands-on scenarios and practical applications, ensuring candidates can implement Puppet solutions effectively in real-world environments.
Typology: Exams
1 / 87
This page cannot be seen from the preview
Don't miss anything!
















































































Question 1. Which component of the Puppet architecture is responsible for compiling node‑specific catalogs from manifests and modules? A) Puppet Agent B) Puppet Server C) PuppetDB D) Puppet Console Answer: B Explanation: The Puppet Server (formerly Puppet Master) parses manifests, applies node classification, and compiles a JSON catalog tailored to each agent. Question 2. In the Puppet run cycle, which step occurs immediately after the agent retrieves its facts? A) Catalog application B) Certificate verification C) Catalog request to the master D) Report submission Answer: C Explanation: After fact collection, the agent sends the facts to the master and requests a catalog based on those facts. Question 3. Which SSL file on the Puppet master stores the private key used to sign agent certificates? A) ca.pem B) private_key.pem C) puppetmaster.pem D) hostcert.pem Answer: B
Explanation: The master’s private key (typically private_key.pem in the CA directory) is used to sign agent certificate signing requests. Question 4. What is the default port used for HTTPS communication between Puppet agents and the master? A) 8140 B) 443 C) 8080 D) 8443 Answer: A Explanation: Puppet uses port 8140 for encrypted HTTPS traffic by default. Question 5. Which PuppetDB query language is used to retrieve data such as facts, catalogs, or resources? A) SQL B) PQL C) RQL D) HQL Answer: B Explanation: PQL (Puppet Query Language) is the native query language for PuppetDB. Question 6. In Puppet’s Resource Abstraction Layer (RAL), what term describes the platform‑specific code that actually enforces a resource? A) Provider B) Type C) Class D) Parameter
Answer: B Explanation: Classes are singletons (instantiated once per node), while defined types can be declared multiple times with different titles. Question 10. Which scope does the variable $::osfamily belong to? A) Local scope B) Node scope C) Global (top‑level) scope D) Module scope Answer: C Explanation: Variables prefixed with :: are in the top‑level (global) scope, making them accessible everywhere. Question 11. Which Puppet function iterates over each element of an array and returns the original array unchanged? A) map B) each C) filter D) reduce Answer: B Explanation: each yields each element to a block for side effects but returns the original collection. Question 12. In Hiera version 5, which key defines the order in which data sources are consulted? A) hierarchy B) version C) defaults D) backends
Answer: A Explanation: The hierarchy array lists the levels (e.g., “nodes/%{trusted.certname}”) that Hiera searches in order. Question 13. Which merge strategy in Hiera will combine two hashes, with later values overriding earlier ones only where keys conflict? A) deep B) unique C) hash D) merge Answer: C Explanation: The hash merge strategy merges two hashes, overriding conflicting keys with later values. Question 14. When using the lookup CLI command, which flag forces Hiera to ignore the compiled catalog and perform a direct data lookup? A) --explain B) --node C) --default D) --no‑cache Answer: A Explanation: --explain shows the lookup path and reasons for each step, bypassing catalog context. Question 15. In the Roles‑and‑Profiles pattern, which layer typically contains reusable building blocks such as “apache::install” or “mysql::config”? A) Role B) Profile C) Node definition
B) Puppetfile C) modules.yaml D) Gemfile Answer: B Explanation: The Puppetfile specifies module sources and version requirements for environments managed by r10k or Code Manager. Question 19. Which Facter fact provides the fully qualified domain name (FQDN) of the node? A) hostname B) fqdn C) domain D) networking.fqdn Answer: B Explanation: The fqdn fact returns the node’s fully qualified domain name. Question 20. When creating a custom Ruby fact, which method must be defined to return the fact’s value? A) value B) get C) set D) to_s Answer: A Explanation: In a custom fact, the value method (or a block passed to Facter.add) returns the computed fact. Question 21. Which $trusted hash key contains the agent’s certificate serial number? A) certname
B) extensions C) subject D) serial Answer: D Explanation: $trusted['serial'] holds the serial number from the agent’s X.509 certificate, which cannot be spoofed. Question 22. In Facter 4, how are structured facts (hashes/arrays) accessed in Puppet manifests? A) $facts['myhash'] B) $myhash C) $facts['myhash']['key'] D) $facts.myhash.key Answer: C Explanation: Structured facts are accessed via hash syntax, e.g., $facts['myhash']['key']. Question 23. Which Puppet Bolt command runs a task named apt_update on all nodes in the inventory file? A) bolt plan run apt_update B) bolt task run apt_update --targets all C) bolt apply apt_update D) bolt exec apt_update Answer: B Explanation: bolt task run executes a task on the specified targets; --targets all selects every node in the inventory. Question 24. In a Puppet plan, which function is used to run a task on multiple targets concurrently?
A) contain_class B) contain_resource C) contain_package D) contain_file Answer: A Explanation: contain_class('classname') asserts that the catalog contains the specified class. Question 28. When troubleshooting a failed catalog compilation, which log file on the master contains detailed error messages? A) /var/log/puppetlabs/puppetserver/puppetserver.log B) /var/log/puppetlabs/puppet/puppet.log C) /var/log/puppetlabs/puppetdb/puppetdb.log D) /var/log/messages Answer: A Explanation: The Puppet Server log records compilation errors, including stack traces. Question 29. Which Puppet agent command option simulates a run without making changes? A) --noop B) --dry‑run C) --test D) --simulate Answer: A Explanation: --noop (no‑operation) tells the agent to evaluate the catalog but not enforce changes. Question 30. In Puppet Enterprise, which role is primarily responsible for storing node classification data?
A) Console B) Orchestrator C) PuppetDB D) Classifier Answer: D Explanation: The Classifier (or “PE Classifier”) holds node groups, roles, and environment assignments. Question 31. Which configuration file defines the JVM heap size for the Puppet Server? A) puppet.conf B) puppetserver.conf C) java_opts.conf D) memory.conf Answer: B Explanation: puppetserver.conf contains the java_args setting where heap size (-Xms, -Xmx) is specified. Question 32. What is the purpose of the puppetlabs‑puppetdb module in a Puppet environment? A) To install PuppetDB as a service B) To provide custom resource types for databases C) To configure the master’s SSL certificates D) To manage firewall rules for Puppet traffic Answer: A Explanation: The puppetlabs-puppetdb module installs and configures the PuppetDB service. Question 33. Which Hiera backend stores data in a PostgreSQL database? A) yaml
B) json_encode C) to_json_string D) jsonify Answer: A Explanation: to_json($hash) serializes the hash into a JSON formatted string. Question 37. What does the notify metaparameter trigger when the notifying resource changes? A) A refresh of the subscribed resource B) Immediate execution of the notifying resource’s provider C) Reordering of resources in the catalog D) Deletion of the subscribed resource Answer: A Explanation: notify creates a subscription relationship where the target receives a refresh event if the notifying resource changes. Question 38. Which Puppet built‑in function returns the current environment name? A) $environment B) environment() C) $::environment D) lookup('environment') Answer: B Explanation: The environment() function evaluates to the name of the environment the catalog is being compiled for. Question 39. In Puppet, what is the effect of declaring ensure => absent for a file resource? A) The file is created if missing
B) The file’s contents are cleared but the file remains C) The file is deleted if it exists D) Puppet raises an error Answer: C Explanation: ensure => absent tells Puppet to remove the target file. Question 40. Which command revokes a signed certificate from the Puppet CA? A) puppet ca revoke B) puppet cert clean C) puppet ca clean D) puppet ssl revoke Answer: C Explanation: puppet ca clean revokes and removes the certificate from the CA. Question 41. Which Puppet setting controls the number of concurrent catalog compilations on the master? A) max_requests_per_child B) threadpool_size C) max_active_instances D) num_processes Answer: B Explanation: threadpool_size defines the size of the thread pool handling simultaneous catalog compilations. Question 42. What does the puppet resource command do? A) Generates a new module skeleton
Question 45. In Puppet Enterprise, which feature allows you to store encrypted data in Hiera using a shared secret? A) eyaml B) hiera‑eyaml C) secure‑lookup D) encrypted‑facts Answer: B Explanation: hiera-eyaml encrypts values using a public‑private key pair, enabling secure data storage. Question 46. Which function can be used inside a Puppet manifest to retrieve a value from an external key‑value store via the Puppet Server’s REST API? A) http_query B) lookup C) puppetdb_query D) rest_api Answer: C Explanation: puppetdb_query sends a PQL query to PuppetDB over its REST API and returns the result. Question 47. Which command line option enables detailed debugging output for a Puppet agent run? A) --verbose B) --debug C) --trace D) --log-level debug Answer: B Explanation: --debug prints low‑level messages, showing internal decision making.
Question 48. What is the purpose of the filebucket feature in Puppet? A) To store backup copies of files that have been replaced or removed B) To archive compiled catalogs C) To cache facts for faster lookup D) To hold module tarballs for distribution Answer: A Explanation: The filebucket stores previous versions of files, allowing restoration via puppet filebucket restore. Question 49. Which Puppet resource type is used to schedule periodic execution of a command? A) cron B) schedule C) task D) timer Answer: A Explanation: The cron type manages entries in the system’s crontab. Question 50. In a Puppet manifest, how would you declare a variable that is only visible inside a defined type? A) $local_var = 'value' at the top of the file B) $_local_var = 'value' C) $::local_var = 'value' D) define mytype { $local_var = 'value' } Answer: D Explanation: Variables defined inside a define block are scoped to that defined type only.
Question 54. When using puppet apply with the --modulepath option, what does the option affect? A) Where Puppet looks for facts B) Where Puppet searches for modules referenced in the manifest C) Where compiled catalogs are stored D) The location of the PuppetDB socket Answer: B Explanation: --modulepath tells puppet apply where to find modules required by the manifest. Question 55. Which Puppet function can be used to convert a string containing JSON into a Puppet hash? A) parsejson B) from_json C) json_parse D) loadjson Answer: B Explanation: from_json($json_string) returns a hash representation of the JSON data. Question 56. In Puppet, what does the alias attribute of a file resource allow? A) Creating a symbolic link to the target file B) Declaring an alternative title for the same resource C) Overriding the file’s owner without changing the path D) Defining a backup location for the file Answer: B Explanation: alias lets you refer to the same underlying resource with a different title, useful for relationships.
Question 57. Which of the following is the correct way to declare a package resource that should be installed only on Debian‑based systems? A) Package['vim'] { ensure => installed, osfamily => 'Debian' } B) if $facts['osfamily'] == 'Debian' { package { 'vim': ensure => present } } C) package { 'vim': ensure => present, provider => 'apt' } D) package { 'vim': ensure => present, onlyif => $facts['osfamily'] == 'Debian' } Answer: B Explanation: Using an if statement based on $facts['osfamily'] limits the resource to Debian nodes. Question 58. Which Puppet Enterprise command is used to purge old certificates from the CA? A) puppet ca clean --all B) puppetserver ca purge C) puppet ca list --revoked D) puppetserver ca clean --all Answer: A Explanation: puppet ca clean --all removes all revoked or expired certificates from the CA. Question 59. What is the default location of the Puppet Server’s PEM‑encoded certificate? A) /etc/puppetlabs/puppet/ssl/certs/puppet.pem B) /etc/puppetlabs/puppetserver/conf.d/ca.pem C) /etc/puppetlabs/puppetserver/ssl/ca/ca_crt.pem D) /etc/puppetlabs/puppetserver/ssl/certs/puppetserver.pem Answer: D Explanation: The server’s own certificate resides at /etc/puppetlabs/puppetserver/ssl/certs/puppetserver.pem.