50 service cloud consultant questions Practice Questions: Question Bank 2025

You are designing a Consul datacenter and want to maximize availability of the server quorum. Which deployment approach is recommended?

A service is registered with a Consul agent on a node. The service is running, but it does not appear in the Consul catalog. Which issue most directly explains this?

You want to prevent eavesdropping and tampering of traffic between Consul agents (both gossip and RPC). What is the best-practice configuration approach?

A team wants Consul to stop returning a service instance if its local application port is not reachable. Which health check type is the most appropriate?

Two services (api and payments) are in the same Consul service mesh. The api service should be allowed to call payments, but no other services should. What is the recommended way to enforce this in Consul?

After enabling ACLs, your automation uses the Consul HTTP API to register services but now receives permission denied errors. Which change is required to make the automation work securely?

You have two Consul datacenters connected over WAN federation. A user in dc1 needs to discover a service that runs only in dc2 using DNS. Which approach best fits this requirement?

A Consul cluster experiences intermittent leader elections and increased latency. You suspect the issue is related to server placement and network conditions. Which action is most likely to improve stability?

A service mesh deployment uses Envoy sidecars managed by Consul. Some services cannot establish mTLS connections, and logs show certificate validation failures after a CA rotation. What is the most likely missing step?

You operate multiple Consul clusters and want to enforce a security posture where operators can read catalog data but cannot modify ACL policies or tokens. Which design best meets least-privilege principles?

You want applications to resolve service names like web.service.consul using standard DNS lookups, without calling the HTTP API. What Consul component enables this behavior?

A service definition includes an HTTP health check with a 10s interval. The service is intermittently slow, occasionally taking 12–15 seconds to respond. Which configuration change most directly prevents the check from flapping due to slow responses?

You need to apply a default intention that denies all service-to-service traffic unless explicitly allowed. Where should you configure this behavior?

A new team can register services but cannot read KV entries needed by their application. You want to grant only read access to a specific KV prefix (e.g., "app/team1/") while keeping other data protected. What is the best approach?

You run Consul servers across two datacenters connected by a WAN link. Operators report that cross-datacenter queries are slow and occasionally time out. Which built-in mechanism is specifically designed to reduce WAN query latency for service discovery?

A platform team is deploying Connect sidecars and wants application containers to communicate with upstreams without embedding upstream addresses in configuration files. What Consul feature is intended to deliver upstream configuration dynamically to sidecars?

A service is registered with Consul, but clients frequently receive instances that are failing health checks. You confirm the checks are failing in the UI. Which client behavior most likely explains why unhealthy instances are still being returned?

Your organization requires that agents and servers mutually authenticate each other and encrypt all RPC traffic. Which configuration best meets this requirement in Consul?

A new datacenter is being added, and you want to minimize the risk of split-brain and ensure consistent reads/writes for the catalog. Which architecture decision is most important regarding Consul server quorum?

You have two Consul datacenters federated over the WAN. A service in dc1 must discover a service in dc2 using DNS without changing application code. What is the correct DNS query pattern to target the remote datacenter?

You run a Consul cluster with three servers. An operator wants to know which Consul component is responsible for maintaining the authoritative cluster state and leader election among servers. Which component is it?

A team wants to prevent services from registering themselves in Consul unless they present a valid identity. Which security feature directly enforces this requirement at registration time?

You want a service to be discoverable via Consul DNS. Which record type is typically used to return the IP addresses of healthy service instances?

After enabling ACLs, several applications can still read service information but are failing to register health checks. They are using a token that only has read permissions. What is the best fix?

A service mesh is deployed with Consul, but a new service cannot send traffic to any upstreams. The sidecar proxy is running. Which missing configuration is the most likely cause?

You have two datacenters connected via WAN federation. Services should be discoverable across datacenters, but DNS queries from dc1 for services in dc2 return no results. What is the most likely issue?

An operator wants to perform a Consul server upgrade with minimal risk. Which approach aligns best with Consul operational best practices?

You enabled Consul Connect for service-to-service mTLS. Traffic is still failing even though intentions allow it. The Envoy sidecars show certificate errors. Which prerequisite is most likely missing?

A security team wants to restrict operators so they can read KV values but not list all keys under a prefix. They still need applications to read specific known keys. Which approach best meets this requirement?

A cluster experiences intermittent loss of service instances in discovery results during brief network interruptions, even though the services are still running. The team uses agent health checks. Which Consul mechanism most directly controls how long entries remain visible after a node becomes unreachable?

You register a service with an HTTP health check in Consul. The endpoint returns HTTP 301 (redirect) but the service is actually healthy. Consul marks the check as failing. What is the best fix?

A team wants to query only instances of a service that are running in the "us-west" region without relying on client-side filtering. Which Consul feature best supports this requirement?

You enable Consul service mesh and want Envoy proxies to automatically start alongside your services on each node. Which Consul component provides this automatic proxy lifecycle management?

You want to restrict who can register services in Consul. Which security mechanism is primarily used to authorize service registration requests?

In Consul service mesh, a service can reach its upstream only when the destination is added to its configuration. Where is this upstream relationship typically defined for a Connect-enabled service?

A client agent is configured with multiple services and checks. After a restart, some services disappear from the catalog. What is the most likely reason?

A team wants to enforce that only requests from service "payments" can reach service "ledger" over the mesh, while all other services are denied by default. Which approach best accomplishes this in Consul?

You are troubleshooting why a service is not being returned in DNS queries (e.g., SRV/A records). The service shows as registered, but clients still cannot resolve it. Which condition would most directly cause Consul DNS to omit the service instance?

Your organization uses Consul service mesh across multiple datacenters. You want services in DC1 to call services in DC2 over the mesh while maintaining mTLS identity and authorization controls. Which design is most appropriate?

You are hardening Consul ACL usage. Multiple automation tools currently share a single high-privilege token, and you want to reduce blast radius while keeping operations manageable. Which strategy is the best practice?

You are designing a Consul datacenter for a production environment. Which statement best describes the recommended role of Consul servers versus clients?

A team wants a simple way to verify whether a service instance is healthy in Consul using the local agent. Which command is most appropriate?

You are enabling Consul service mesh and want all service-to-service traffic to be transparently redirected through sidecar proxies without application changes. Which feature provides this behavior?

A Consul agent fails to join the cluster, and logs show: "RPC error: permission denied" after the initial connection. Gossip appears to be working. Which misconfiguration is the most likely cause in an ACL-enabled cluster?

Your organization runs Consul in multiple datacenters and wants services in DC1 to discover services in DC2 using the same Consul cluster identity while keeping server Raft state independent per datacenter. Which architecture pattern is appropriate?

A service mesh deployment requires that only a specific caller service can reach the API service, and all other services should be denied by default. Which Consul configuration approach best meets this goal?

You need to rotate Consul ACL tokens used by applications without restarting the applications. Which approach is most aligned with Consul best practices for token lifecycle management?

A node's service instances remain in the catalog even after the node is terminated unexpectedly. Health checks show critical, but entries persist longer than expected and confuse consumers. Which feature most directly ensures that registrations are removed promptly when an agent disappears?

After enabling mTLS for Consul service mesh, some services can connect while others fail with TLS handshake errors. The failing services are registered correctly and proxies are running. Which issue is the most likely root cause?

You must design Consul ACL policies so that a CI/CD pipeline can register and deregister services and checks for a specific application across multiple nodes, but it must not read or write unrelated KV paths or manage other services. Which is the best least-privilege design?