Which of these are benefits of using Sentinel with HCP Terraform/Terraform Cloud? (Pick the 3 correct responses)
Correct Answer: A,C,D
Sentinel is a policy-as-code framework that integrates with Terraform Cloud to enforce security, compliance, and governance rules. You can enforce rules such as approved AMIs and ensure security best practices. Policies are written in the Sentinel language, not HCL. References: Sentinel Policies
Terraform-Associate-004 Exam Question 72
When do you need to explicitly execute Terraform in refresh-only mode?
Correct Answer: C
Purpose of Refresh-Only Mode: Running Terraform inrefresh-only modeupdates Terraform's state file with the current state of resources in your infrastructure without making changes to the resources themselves. Context of Terraform Import: When usingterraform import, you're adding existing resources to the state file, and running Terraform in refresh-only mode before this operation can ensure that any initial configuration syncs precisely with the actual state. For more on refresh-only mode in relation to terraform import, refer to Terraform's import documentation.
Terraform-Associate-004 Exam Question 73
What functionality do providers offer in Terraform?(Pick 3 correct responses)
Correct Answer: A,B,D
A (#Correct)- Providers allow Terraform tointeract with APIsof cloud/on-premises services. B (#Correct)- Some Terraform providers can provisionon-premises infrastructure, such as VMware, OpenStack, etc. C (#Incorrect)- This describesTerraform Workspaces, not providers. D (#Correct)- Terraform providers allow provisioning ofpublic cloud resources(AWS, Azure, GCP, etc.). E (#Incorrect)- Enforcing security and compliance policies isnot a direct provider function, but it can be done using Sentinel or other policy-as-code tools. Official Terraform Documentation Reference: Terraform Providers
Terraform-Associate-004 Exam Question 74
Which are forbidden actions when the terraform state file is locked? Choose three correct answers.
Correct Answer: B,C,F
The terraform state file is locked when a Terraform operation that could write state is in progress. This prevents concurrent state operations that could corrupt the state. The forbidden actions when the state file is locked are those that could write state, such as terraform apply, terraform destroy, terraform refresh, terraform taint, terraform untaint, terraform import, and terraform state *. The terraform validate command is also forbidden, because it requires an initialized working directory with the state file. The allowed actions when the state file is locked are those that only read state, such as terraform plan, terraform show, terraform output, and terraform console. References = [State Locking] and [Command: validate]
Terraform-Associate-004 Exam Question 75
Which of these statements about HCP Terraform/Terraform Cloud workspaces is false?
Correct Answer: D
In Terraform Cloud, you can switch between workspaces using both the web UI and CLI. The statement that you "must use the CLI" is false. Workspaces can securely store cloud credentials, offer role-based access control, and integrate with VCS to trigger plan and apply operations. References: Terraform Cloud Workspaces
