Which Terraform feature allows enforcing security controls before changes are applied?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the HashiCorp Terraform Associate Exam with quizzes, flashcards, and multiple-choice questions. Each question includes hints and explanations. Boost your confidence and ace your exam!

Multiple Choice

Which Terraform feature allows enforcing security controls before changes are applied?

Explanation:
Sentinel policies provide pre-apply governance, letting you codify security requirements as policy rules that must pass before Terraform changes are applied. In Terraform Cloud/Enterprise, you can write Sentinel rules to inspect the planned changes and block any plan that violates security controls—such as requiring encryption, banning public exposure, enforcing tags, or restricting certain resources or attributes. This gates the apply step, so non-compliant changes never reach production. Variables with defaults only supply values for configuration and don’t enforce security constraints before changes. Output blocks are used to expose computed values after apply, not to gate changes. State locking prevents concurrent modifications to the state file, focusing on safety and consistency, not policy enforcement. So, the ability to enforce controls before changes are applied comes from Sentinel policy.

Sentinel policies provide pre-apply governance, letting you codify security requirements as policy rules that must pass before Terraform changes are applied. In Terraform Cloud/Enterprise, you can write Sentinel rules to inspect the planned changes and block any plan that violates security controls—such as requiring encryption, banning public exposure, enforcing tags, or restricting certain resources or attributes. This gates the apply step, so non-compliant changes never reach production.

Variables with defaults only supply values for configuration and don’t enforce security constraints before changes. Output blocks are used to expose computed values after apply, not to gate changes. State locking prevents concurrent modifications to the state file, focusing on safety and consistency, not policy enforcement.

So, the ability to enforce controls before changes are applied comes from Sentinel policy.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy