Study Guide - Consul Associate Certification

15min
Consul

Visit the HashiCorp Networking Automation Certification page for information on the exam and to sign up.

The Consul Associate certification is for Cloud Engineers specializing in security, development, networking, or operations who know the basic concepts, skills, and use cases associated with open source HashiCorp Consul.

Candidates will be best prepared for this exam if they have professional experience using Consul in production, but performing the exam objectives in a personal demo environment may also be sufficient. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

Prerequisites

Containerization
Basic terminal skills
Networking skills including load balancing and distributed systems
Understand the purpose of ACLs
Experience with TLS certificate lifecycle

To learn more about the exam, visit the HashiCorp Product Certifications page.

Study for the exam

Expect to see questions associated with each exam objective. If you already have Consul experience and/or training and want to pick and choose which objectives to review before taking the exam, skip to the review guide.

The sample exam questions help you get familiar with the format of the questions.

This study guide provides list of links to learn the features that are covered in the exam.

Consul fundamentals

Objectives covered: 1a-d, 2b-d, 3a-f, 4a-d, 5a-c, 6a-d, 7a-c, 8a-e, 9a-c

You will be tested on your knowledge of Consul fundamentals which include Consul architecture, Consul core functionality, and secure Consul agent communication. Do the following tasks to ensure that you understand the Consul core concepts.

Read the Introduction to Consul page.
Complete the Consul Getting Started tutorials.
Review the Overview section of the Consul Commands (CLI) documentation to understand the basic structure of CLI.

Study tips

Understand the key features of Consul (service discovery, health-checking, service mesh, etc.)
Identify the components of Consul datacenter, including agents and communication protocols
Explore the available Consul CLI commands

Consul deployment architecture

Objectives covered: 1a-d

Consul is a distributed, highly available system. It is important to understand the architecture of Consul in regards to high availability, performance, and communication. It is also important to understand basic Consul operational tasks. Your awareness of Consul Enterprise differentiators will be tested as well. Do the following tasks to ensure that you have a good understanding of Consul's operation in production.

Read the Architecture section of the documentation.
Follow the Consul Reference Architecture guide.
Review the recommended Consul Deployment Architecture diagrams (e.g. how many nodes in a cluster).
Familiarize yourself with the Consul Enterprise features—especially Read Replica Nodes—by reading the documentation.
Be aware of Consul's main features and what they achieve.

Study tips

Understand that the number of servers affects quorum, network speed, and high availability.
Explain the process of leader election among servers, including the communication protocol that supports the process.
Differentiate between Consul agent roles and the different responsibilities that come with them.
Identify that Consul acts as a DNS server for services registered with it.
Explain how Consul service mesh enables service to service security within the datacenter.

Datacenter deployment

Objectives covered: 2b-d

Deploying a Consul data requires understanding of the Consul process. You will be tested on common options and configurations used to deploy a Consul datacenter. Perform the following tasks to ensure that you have an understanding of how to deploy a Consul datacenter in production.

Read the Deployment guide tutorial
Follow the Consul agent tutorial to learn how to start and manage the Consul process.
Review the agent configuration docs - know how to interpret a basic Consul agent configuration.
See the server agent tutorial to understand how to bind the server to one specific address.
Review the various cluster join methods including CLI Join and configuration options.

Study tips

Know the commands to set up a single development agent. Identify the commands that do not rely on the presence of multiple agents to complete.
Understand that Consul should run as a daemon/service.
Be aware of the different ways to configure Consul (config files, CLI, API) including required parameters for the config.
Understand the benefits and use case of each cluster joining method.

Service discovery and service registration

Objectives covered: 3a-f

Service discovery is one of the core Consul use cases. You will need to know about service registration, interaction, health-checking, and prepared queries. Do the following tasks to ensure that you have a good understanding of the service discovery use case as well as its basic functionality.

Read the Consul services documentation to learn about services.
Complete the Service Discovery tutorial to get hands on experience registering and interacting with services.
Learn how to monitor the health of services with the Health Check tutorial.
Review the prepared query guide to learn how to interpret and use a prepared query.

Study tips

Recognize basic service definition parameters.
Understand how services and health checks can be registered with Consul clients.
Be aware that service definitions in the config directory require a Consul agent reload for new files and updates.
Summarize how Consul compiles a list of registered services in the catalog which can be discovered using the DNS or HTTP interfaces.
Understand how Consul DNS load balances healthy services.
Know the different options for failover offered by prepared queries.

Key value (KV) store

Objectives covered: 4a-d

Consul Key Value (KV) store is a core feature of Consul that allows users to store indexed objects such as configuration parameters and metadata. You will be tested on the capabilities and limitations of the KV store. Do the following tasks to ensure that you have a good understanding of KV store operations.

See the KV store documentation to learn about KV concepts.
Complete the KV store tutorial to understand KV operations.
Read the Consul template and KV guide to get familiar with consul-template.

Study tips

Be mindful of the different ways of interacting with KV; CLI, API, and UI.
Identify the cases the KV does not work with, sensitive data and or a data store to replace SQL or NoSQL.
Know how to do watch a key and execute a shell command.
Understand the use case and basic operations for envconsul.
Understand the use cases and basic operations for consul-template.

Back up and restore

Objectives covered: 5a-c

Consul features native disaster recovery commands for saving, restoring, and inspecting the state of the Consul servers. You will be tested on these operations for open source and Enterprise Consul. Do the following tasks to ensure that you have a good understanding of Consul's backup and restore capabilities.

Read the Consul snapshot docs to learn about Consul's disaster recovery features.
Complete the backup and restore tutorial to gain an understanding of consul snapshot operations.
Be aware of the Consul Enterprise snapshot capabilities in the Consul Enterprise snapshot agent doc.

Study tips

Understand the components of Consul state and data stored inside the agents at a high level.
Be aware of the sensitive data stored in a backup.
Identify that best practices and operations involved with consul snapshot.
Recall that enterprise backups can be automated and scheduled.

Service mesh

Objectives covered: 6a-d

Service mesh is one of the core Consul use cases. You will need to know about service-to-service networking, intentions, and the zero trust security. Do the following tasks to ensure that you have a good understanding of the service mesh use case as well as its basic functionality.

Read about the concept of service mesh in the Consul service mesh docs.
Review the understand service mesh guide to learn the high level concepts of service mesh.
Complete a getting started with service mesh tutorial for either Kubernetes or VMs to get hands on experience configuring and interacting with Consul service mesh.

Study tips

Be able to understand the different components of a Consul service mesh and how they interact with each other.
Understand that each service will need a proxy registration to be part of the mesh and that the operator must start the proxy with the Consul CLI.
Given a configuration sample, be able to identify upstream and local services.
Use the Consul CLI to start a built-in proxy.
Understand the principles of intentions, how to use them to simplify traffic permissions, and ways to manage them.

Secure agent communication

Objectives covered: 7a-c

Secure agent communication in Consul defends against eavesdropping, tampering, and spoofing. You will be tested on your knowledge of Consul's security/threat model, encryption capabilities, and recommended practices. Perform the following tasks to ensure that you have a good understanding of secure agent communication protocols and practices.

Review the elements of the Consul security model.
Read about the types of encryption that Consul uses.
Follow the encryption tutorial to learn about TLS encryption and certificates.

Study tips

Understand the communication channels between Consul nodes (or external ones) and associated risks/countermeasures.
Recognize that the servers should all have unique certificates.
Identify that Consul has a built-in CA and that all certificates need to be signed by the same CA.
Understand that all agents need to be configured to be secure.

Access Control Lists (ACLs) and service security

Objectives covered: 8a-e

Consul's Access Control List (ACL) system is an important security feature which can be used to control access to data and APIs. You will be tested on policies, tokens, and operations involving the CLI and API. Do the following tasks to ensure that you have a good understanding the ACL system and its operations.

Read about the core concepts of Consul's ACL system.
Complete the secure Consul with ACLs tutorial to become familiar with ACL operations.
Perform the access control setup tutorial to learn about bootstrapping the ACL system, policies, and tokens.

Study tips

Know how to set up and configure a basic ACL system including rules, policies, and tokens.
Practice performing Consul operations using tokens with the CLI and API.
Know how to set CONSUL_HTTP_TOKEN as an environment variable so that the CLI has the correct permissions to perform Consul operations.
Identify ACLs must be enabled on all agents for a secure datacenter.
Be able to perform CLI and API requests using a token.
Know how to troubleshoot ACL related errors.
Understand how to create a token with multiple policies.

Gossip encryption

Objectives covered: 9a-c

Gossip encryption is a network traffic security feature of Consul. You will be tested on the configuration, management, and operations of the gossip encryption system. Do the following tasks to ensure that you have a good understanding of gossip encryption.

Read the gossip encryption documentation to get an overview of the gossip encryption concept.
Complete the encryption key rotation tutorial to learn the best practices of gossip key rotation.

Study tips

Understand the communication channels between Consul nodes (or external ones) and associated risks/countermeasures.
Identify the key generation Consul CLI command.
Know how to configure agents with gossip encryption and that all agents in the datacenter must share the same key.
Identify the data that can be accessed with the encryption key.
Understand that keys need to be rotated.

Next steps

Try the sample exam questions to test yourself for preparedness.

Back to Collection