Which statement about Terraform state file security is true?

• A. It is not sensitive and can be shared publicly
• B. It contains sensitive data and should be protected
• C. It only exists in memory
• D. It is readable by default

Answer: (B)

Terraform state holds the mapping between your configuration and real resources, and it often contains sensitive values like credentials, secrets, IP addresses, IDs, and other attributes. Because of that, the state file must be protected; if someone gains access to it, they could extract secrets or tamper with infrastructure. In practice, you store state in a secure backend with encryption at rest, strong access controls, and optional locking to prevent concurrent changes. The other statements aren’t correct because the state file is not inherently non-sensitive or safe to share publicly, and it isn’t just kept in memory; it is persisted to disk or a remote backend and can be read if someone has access to the storage.