service cloud consultant questions Advanced Practice Exam: Hard Questions 2025

You operate a 7-server Consul cluster across two availability zones (AZ-A and AZ-B) with 3 servers in AZ-A and 4 in AZ-B. After an AZ-B network disruption, the remaining servers in AZ-A are healthy but most writes (service registrations via agents and KV writes) fail. You want the cluster to remain writable when one AZ is lost, while still tolerating one additional server failure in the remaining AZ. Which architecture change best meets this goal?

You run Consul in a multi-datacenter design (dc1 and dc2) with WAN federation. A team tries to use prepared queries in dc1 to fail over reads to dc2 during an outage. They report that even when the local service is unhealthy, the prepared query still returns only dc1 instances and never queries dc2. Which change is most likely required to make cross-datacenter results available through the prepared query?

A service is registered with an HTTP health check that depends on a downstream database. During a DB incident, the check fails and Consul removes the service from discovery. This causes a cascading outage because upstream services can no longer reach the degraded-but-still-usable service (it could serve cached responses). You need to keep the service discoverable while still signaling partial degradation and avoiding routing all traffic to it when other healthy instances exist. Which approach best fits Consul’s health model and typical best practices?

Your platform uses Consul DNS for discovery. A critical service has frequent scale events, and clients sometimes connect to terminated instances for up to a minute after deregistration. The Consul DNS TTL is already low. Investigation shows intermediate resolvers are caching aggressively and ignoring low TTLs. What Consul-native approach most directly reduces stale endpoints for these clients without requiring changes to the resolvers?

You are migrating from traditional discovery to Consul service mesh. A legacy application cannot be modified and must continue to connect to a database using the database’s original DNS name (e.g., db.service.consul). You want mTLS, intentions, and L7-aware routing for this traffic with minimal code change. What is the most appropriate Consul service mesh feature to use?

A service mesh deployment uses L7 routing with service-resolvers and service-splitter to gradually shift traffic from v1 to v2. During rollout, you observe requests intermittently failing with 503 from Envoy even though both versions are healthy in Consul. The failures correlate with rapid scaling events. Which root cause is most likely in this scenario, and what is the best mitigation?

Your security team mandates that applications may only register services through local agents, and that agents must not have broad privileges. You enable ACLs and discover that agent tokens with insufficient privileges cause intermittent registration failures when services use script checks and periodically update their status. Which token strategy best follows least-privilege while ensuring stable registrations and check updates?

A Consul cluster with ACLs enabled is integrated with an external identity provider. The goal is to allow platform engineers to create and modify intentions and service-defaults, but not to read or write arbitrary KV paths. Which Consul ACL construct should you primarily use to implement this separation cleanly and audibly?

After enabling automated snapshot backups, you restore a snapshot into a new Consul cluster to recover from a disaster. Post-restore, services appear but many agents cannot rejoin, and logs show repeated 'ACL token not found' and 'permission denied' messages during agent startup. What is the most likely oversight in the recovery process?

You run Consul servers on virtual machines with occasional clock drift. During an incident, leadership elections become frequent and the cluster reports spikes in Raft timeouts even though CPU and network look healthy. You suspect timekeeping is contributing to instability. Which operational change is most aligned with Consul/Raft best practices to reduce these symptoms?