You want to use API tokens and other secrets within your team's Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick the 3 correct responses)
Answer : A, B, C
Sensitive values such as API tokens should be stored in a secure way, either in Terraform Cloud variables marked as sensitive or in HashiCorp Vault. Storing secrets in version control systems or plaintext files is not recommended.
References:
Terraform Cloud Environment Variables
You used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your Terraform configuration. To be safe, you would like to first see all the infrastructure that Terraform will delete.
Which command should you use to show all the resources that will be deleted? (Pick the 2 correct responses)
Answer : A, B
Running terraform destroy will show all resources that will be deleted before prompting for approval. You can also run terraform plan -destroy to simulate the destruction without actually applying it, which is useful for reviewing the planned changes.
References:
Terraform Destroy
Which of these are benefits of using Sentinel with HCP Terraform/Terraform Cloud? (Pick the 3 correct responses)
Answer : A, C, D
Sentinel is a policy-as-code framework that integrates with Terraform Cloud to enforce security, compliance, and governance rules. You can enforce rules such as approved AMIs and ensure security best practices. Policies are written in the Sentinel language, not HCL.
References:
Sentinel Policies
Which of these statements about HCP Terraform/Terraform Cloud workspaces is false?
Answer : D
In Terraform Cloud, you can switch between workspaces using both the web UI and CLI. The statement that you 'must use the CLI' is false. Workspaces can securely store cloud credentials, offer role-based access control, and integrate with VCS to trigger plan and apply operations.
References:
Terraform Cloud Workspaces
Which of these actions are forbidden when the Terraform state file is locked? (Pick the 3 correct responses)
Answer : A, B, C
When the state file is locked, operations that modify or depend on the state (like terraform apply, terraform destroy, and terraform state list) are blocked. terraform fmt only formats the configuration files and does not interact with the state, so it is allowed.
References:
Terraform State Locking
Where in your Terraform configuration do you specify a state backend?
Answer : C
In Terraform, the backend configuration, which includes details about where and how state is stored, is specified within the terraform block of your configuration. This block is the correct place to define the backend type and its configuration parameters, such as the location of the state file for a local backend or the bucket details for a remote backend like S3.
References = This practice is outlined in Terraform's core documentation, which provides examples and guidelines on how to configure various aspects of Terraform's behavior, including state backends .
In a Terraform Cloud workspace linked to a version control repository, speculative plan runs start automatically when you merge or commit changes to version control.
Answer : B
In Terraform Cloud, speculative plan runs are not automatically started when changes are merged or committed to the version control repository linked to a workspace. Instead, speculative plans are typically triggered as part of proposed changes in merge requests or pull requests to give an indication of what would happen if the changes were applied, without making any real changes to the infrastructure. Actual plan and apply operations in Terraform Cloud workspaces are usually triggered by specific events or configurations defined within the Terraform Cloud workspace settings.
References = This behavior is part of how Terraform Cloud integrates with version control systems and is documented in Terraform Cloud's usage guidelines and best practices, especially in the context of VCS-driven workflows.