- Home
- HashiCorp
- HashiCorp Certified: Terraform Associate
- HashiCorp.TA-002-P.v2021-09-08.q98
- Question 67
Valid TA-002-P Dumps shared by ExamDiscuss.com for Helping Passing TA-002-P Exam! ExamDiscuss.com now offer the newest TA-002-P exam dumps, the ExamDiscuss.com TA-002-P exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com TA-002-P dumps with Test Engine here:
Access TA-002-P Dumps Premium Version
(94 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 67/98
The Security Operations team of ABC Enterprise wants to mandate that all the Terraform configuration that creates an S3 bucket must have encryption feature enabled. What is the best way to achieve it?
Correct Answer: A
Explanation
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
Using Sentinel with Terraform Cloud involves:
* Defining the policies - Policies are defined using the policy language with imports for parsing the Terraform plan, state and configuration.
* Managing policies for organizations - Users with permission to manage policies can add policies to their organization by configuring VCS integration or uploading policy sets through the API. They also define which workspaces the policy sets are checked against during runs. (More about permissions.)
* Enforcing policy checks on runs - Policies are checked when a run is performed, after the terraform plan but before it can be confirmed or the terraform apply is executed.
* Mocking Sentinel Terraform data - Terraform Cloud provides the ability to generate mock data for any run within a workspace. This data can be used with the Sentinel CLI to test policies before deployment.
https://www.terraform.io/docs/cloud/sentinel/index.html
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
Using Sentinel with Terraform Cloud involves:
* Defining the policies - Policies are defined using the policy language with imports for parsing the Terraform plan, state and configuration.
* Managing policies for organizations - Users with permission to manage policies can add policies to their organization by configuring VCS integration or uploading policy sets through the API. They also define which workspaces the policy sets are checked against during runs. (More about permissions.)
* Enforcing policy checks on runs - Policies are checked when a run is performed, after the terraform plan but before it can be confirmed or the terraform apply is executed.
* Mocking Sentinel Terraform data - Terraform Cloud provides the ability to generate mock data for any run within a workspace. This data can be used with the Sentinel CLI to test policies before deployment.
https://www.terraform.io/docs/cloud/sentinel/index.html
- Question List (98q)
- Question 1: If you delete a remote backend from the configuration, will ...
- Question 2: What is the result of the following terraform function call?...
- Question 3: You can migrate the Terraform backend but only if there are ...
- Question 4: After creating a new workspace "PROD" you need to run the co...
- Question 5: What is the provider for this fictitious resource? (Exhibit)...
- Question 6: You have multiple developers working on a terraform project ...
- Question 7: After running into issues with Terraform, you need to enable...
- Question 8: A colleague has informed you that a new version of a Terrafo...
- Question 9: Terraform init can indeed be run only a few times, because, ...
- Question 10: What is the default backend for Terraform?...
- Question 11: Complete the following sentence: For local state, the worksp...
- Question 12: Which of the following terraform subcommands could be used t...
- 2 commentQuestion 13: Anyone can publish and share modules on the Terraform Public...
- Question 14: Multiple configurations for the same provider can be used in...
- Question 15: Given the below resource configuration - resource "aws_insta...
- Question 16: What is one disadvantage of using dynamic blocks in Terrafor...
- Question 17: When TF_LOG_PATH is set, TF_LOG must be set in order for any...
- 1 commentQuestion 18: One remote backend configuration always maps to a single rem...
- Question 19: Your team lead does not trust the junior terraform engineers...
- Question 20: True or False? By default, Terraform destroy will prompt for...
- Question 21: In regards to deploying resources in multi-cloud environment...
- Question 22: terraform validate validates the syntax of Terraform files....
- Question 23: Select the feature below that best completes the sentence: T...
- Question 24: In the example below, the depends_on argument creates what t...
- Question 25: The terraform init command is always safe to run multiple ti...
- Question 26: If a module uses a local variable, you can expose that value...
- Question 27: Which Terraform command will force a marked resource to be d...
- Question 28: Which of these is the best practice to protect sensitive val...
- Question 29: From the answers below, select the advantages of using Infra...
- Question 30: Which of the following is an invalid variable name?...
- Question 31: Ric wants to enable detail logging and he wants highest verb...
- Question 32: Terraform Enterprise (also referred to as pTFE) requires wha...
- Question 33: What command should you run to display all workspaces for th...
- Question 34: Multiple provider instances blocks for AWS can be part of a ...
- Question 35: Your developers are facing a lot of problem while writing co...
- Question 36: Which of the below configuration file formats are supported ...
- Question 37: Which of the below datatype is not supported by Terraform....
- Question 38: You have created a custom variable definition file my_vars.t...
- 1 commentQuestion 39: Which of the following value will be accepted for var1? vari...
- Question 40: During a terraform apply, a resource is successfully created...
- Question 41: What Terraform feature is shown in the example below?...
- Question 42: Terraform providers are always installed from the Internet....
- Question 43: Select the operating systems which are supported for a clust...
- Question 44: Dawn has created the below child module. Without changing th...
- Question 45: The following is a snippet from a Terraform configuration fi...
- Question 46: Talal is a DevOps engineer and he has deployed the productio...
- Question 47: You have created a custom variable definition file testing.t...
- Question 48: Which provisioner invokes a process on the resource created ...
- Question 49: You cannot publish your own modules on the Terraform Registr...
- Question 50: A single terraform resource file that defines an aws_instanc...
- Question 51: terraform init initializes a sample main.tf file in the curr...
- Question 52: When using parent/child modules to deploy infrastructure, ho...
- 1 commentQuestion 53: True or False. The terraform refresh command is used to reco...
- 4 commentQuestion 54: You have used Terraform to create an ephemeral development e...
- 2 commentQuestion 55: Which of the following is not a key principle of infrastruct...
- Question 56: In order to make a Terraform configuration file dynamic and/...
- 1 commentQuestion 57: When Terraform needs to be installed in a location where it ...
- 2 commentQuestion 58: When using a module block to reference a module stored on th...
- Question 59: Your organization has moved to AWS and has manually deployed...
- Question 60: What are some of the problems of how infrastructure was trad...
- Question 61: Named workspaces are not a suitable isolation mechanism for ...
- 2 commentQuestion 62: What is the name assigned by Terraform to reference this res...
- 1 commentQuestion 63: Which option can not be used to keep secrets out of Terrafor...
- 1 commentQuestion 64: When does terraform apply reflect changes in the cloud envir...
- 2 commentQuestion 65: Which argument(s) is (are) required when declaring a Terrafo...
- 1 commentQuestion 66: You have provisioned some aws resources in your test environ...
- 2 commentQuestion 67: The Security Operations team of ABC Enterprise wants to mand...
- 1 commentQuestion 68: terraform refresh will update the state file?...
- 1 commentQuestion 69: John is writing a module and within the module, there are mu...
- 2 commentQuestion 70: Which one is the right way to import a local module names co...
- 1 commentQuestion 71: Only the user that generated a plan may apply it....
- 1 commentQuestion 72: Which statements best describes what the local variable assi...
- 2 commentQuestion 73: What is the command you can use to set an environment variab...
- 1 commentQuestion 74: A user creates three workspaces from the command line - prod...
- 1 commentQuestion 75: Which of the following actions are performed during a terraf...
- Question 76: Select all features which are exclusive to Terraform Enterpr...
- 4 commentQuestion 77: If you manually destroy infrastructure, what is the best pra...
- 1 commentQuestion 78: Refer to the following terraform variable definition variabl...
- 1 commentQuestion 79: State locking does not happen automatically and must be spec...
- 6 commentQuestion 80: Which of the following is not a valid string function in Ter...
- 1 commentQuestion 81: What does terrafom plan do ?
- Question 82: When using constraint expressions to signify a version of a ...
- 1 commentQuestion 83: Using multi-cloud and provider-agnostic tools provides which...
- 1 commentQuestion 84: resource "aws_s3_bucket" "example" { bucket = "my-test-s3-te...
- 1 commentQuestion 85: Which of the below command will upgrade the provider version...
- Question 86: How is the Terraform remote backend different than other sta...
- 1 commentQuestion 87: By default, a defined provisioner is a creation-time provisi...
- 1 commentQuestion 88: You want to use different AMI images for different regions a...
- 4 commentQuestion 89: Once a resource is marked as tainted, the next plan will sho...
- 1 commentQuestion 90: Please identify the offerings which are unique to Terraform ...
- 1 commentQuestion 91: Which of the following state management command allow you to...
- 1 commentQuestion 92: A "backend" in Terraform determines how state is loaded and ...
- 1 commentQuestion 93: Which of the following Terraform commands will automatically...
- 1 commentQuestion 94: Select the answer below that completes the following stateme...
- 1 commentQuestion 95: Forcing the recreation of a resource is useful when you want...
- 1 commentQuestion 96: Select two answers to complete the following sentence: Befor...
- 1 commentQuestion 97: Where in your Terraform configuration do you specify a state...
- 1 commentQuestion 98: What are some of the features of Terraform state? (select th...
Recent Comments (The most recent comments are at the top.)
B should be the correct answer, sentinel itself doesn't have an encryption policy.
https://www.terraform.io/cloud-docs/sentinel
https://www.terraform.io/cloud-docs/sentinel/import
Correct