Terraform Associate Exam

Exam Terraform Associate All QuestionsBrowse all questions from this exam

Go to Exam

Question 229

What are some benefits of using Sentinel with Terraform Cloud/Terraform Enterprise? (Choose three.)

Policy-as-code can enforce security best practices

You can restrict specific configurations on resources like "CIDR=0.0.0.0/0" not allowed

You can enforce a list of approved AWS AMIs

Sentinel Policies can be written in HashiCorp Configuration Language (HCL)

You can check out and check in cloud access keys

Correct Answer: A, B, C

Using Sentinel with Terraform Cloud/Terraform Enterprise offers several significant benefits: Policy-as-code allows for the enforcement of security best practices, helping ensure that infrastructure adheres to organizational standards. It allows for restrictions on specific configurations, such as preventing the use of overly permissive CIDR blocks like 0.0.0.0/0. Additionally, Sentinel can enforce the use of a list of approved AWS AMIs, ensuring that only pre-validated images are used in deployments. These capabilities help manage security, compliance, and operational consistency within your infrastructure.

Discussion

tbhtpOptions: ABC

A. Policy-as-code can enforce security best practices B. You can restrict specific configurations on resources like "CIDR=0.0.0.0/0" not allowed C. You can enforce a list of approved AWS AMIs Sentinel is a policy-as-code framework that integrates with Terraform Cloud and Terraform Enterprise, allowing you to enforce policies on your infrastructure as part of the provisioning process. By using Sentinel, you can enforce security best practices, restrict specific configurations such as disallowing overly permissive CIDR blocks, and maintain a list of approved AWS AMIs, among other things. This helps to ensure that your infrastructure is secure, compliant, and adheres to organizational standards.

Oleg_golOptions: ABC

ABC - 🤝

oskarqOptions: ABC

Sentinel can be written in many languages but preferably domain-specific language (DSL) not HCL.

campsOptions: ABC

Answer: A, B, C. Sentinel is a policy-as-code framework that can be used to enforce best practices and security policies on Terraform configurations. Sentinel can be used to restrict specific configurations on resources, enforce a list of approved AWS AMIs, and much more. Sentinel policies can be written in a variety of languages, including HashiCorp Configuration Language (HCL). However, checking out and checking in cloud access keys is not a feature provided by Sentinel.

hahanoOptions: ABC

You can't checkout keys, and you can't create custom HCL