ExamGecko
Search Search Login
Home Home / HashiCorp / Terraform Associate 003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which type of block fetches or computes information for use elsewhere in a Terraform configuration?
If a module declares a variable with a default, that variable must also be defined within the module.
Which of the following is not a key principle of infrastructure as code?
Which backend does the Terraform CU use by default?
How is terraform import run?
Terraform providers are part of the Terraform core binary.
A developer on your team is going lo leaf down an existing deployment managed by Terraform and deploy a new one. However, there is a server resource named aws instant.ubuntu[l] they would like to keep. What command should they use to tell Terraform to stop managing that specific resource?
If a DevOps team adopts AWS CloudFormation as their standardized method for provisioning public cloud resoruces, which of the following scenarios poses a challenge for this team?
You should run terraform fnt to rewrite all Terraform configurations within the current working directory to conform to Terraform-style conventions.
What is one disadvantage of using dynamic blocks in Terraform?

Question 9 - Terraform Associate 003 discussion

Report
Export

Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Cloud automatically and proactively enforce this security control?

A.
Auditing cloud storage buckets with a vulnerability scanning tool
Answers
A.
Auditing cloud storage buckets with a vulnerability scanning tool
B.
By adding variables to each Terraform Cloud workspace to ensure these settings are always enabled
Answers
B.
By adding variables to each Terraform Cloud workspace to ensure these settings are always enabled
C.
With an S3 module with proper settings for buckets
Answers
C.
With an S3 module with proper settings for buckets
D.
With a Sentinel policy, which runs before every apply
Answers
D.
With a Sentinel policy, which runs before every apply
Suggested answer: D

Explanation:

The best way to automatically and proactively enforce the security control that new AWS S3 buckets must be private and encrypted at rest is with a Sentinel policy, which runs before every apply. Sentinel is a policy as code framework that allows you to define and enforce logic-based policies for your infrastructure. Terraform Cloud supports Sentinel policies for all paid tiers, and can run them before anyterraform planorterraform applyoperation. You can write a Sentinel policy that checks the configuration of the S3 buckets and ensures that they have the proper settings for privacy and encryption, and then assign the policy to your Terraform Cloud organization or workspace. This way, Terraform Cloud will prevent any changes that violate the policy from being applied.Reference= [Sentinel Policy Framework], [Manage Policies in Terraform Cloud], [Write and Test Sentinel Policies for Terraform]

Show Answer
asked 18/09/2024
Georgios Kavvalakis
31 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms