"Terraform will still record sensitive values in the state, and so anyone who can access the state data will have access to the sensitive values in cleartext."

B. False. A Terraform output that sets the "sensitive" argument to true will still store that value in the state file. The "sensitive" argument is used to prevent the value from being displayed in plain text in the Terraform CLI output, Terraform Cloud UI, and other locations where output values may be displayed. However, the value will still be stored in the Terraform state file, which is used to track the current state of the infrastructure. It is important to be aware that while the "sensitive" argument can help to prevent accidental exposure of sensitive values, it is not a substitute for proper security practices such as role-based access control and data encryption.

https://www.terraform.io/language/values/outputs

Answer is B. Reference: https://www.terraform.io/language/values/outputs

This statement is true. When you set the sensitive argument to true in a Terraform output, the output value will not be shown in plain text in the Terraform state file or in Terraform command output. This is useful for sensitive information such as passwords, keys, or other secrets. While the value of the output is still stored in the state file, it is stored in a hashed format that is not easily readable. Additionally, the value will not be shown in plain text when running the terraform output command or when viewing the state file. Setting the sensitive argument to true in a Terraform output can help prevent sensitive information from being accidentally exposed or leaked.

Y’all wrong. Answer A and ChatGPT has as True as well.

it still store in statefile, but is hidden for security when accessing provider information that requires sensitive information such as credentials

When we mark something as sensitive in the configuration then it's hidden from the CLI for example when an output is set. But it will still be plain text in the state file.