You're building a CI/CD (continuous integration/continuous delivery) pipeline and need to inject sensitive variables into your Terraform run. How can you do this safely?
Correct Answer: D
This is a secure way to inject sensitive variables into your Terraform run, as they will not be stored in any file or source code repository. You can also use environment variables or variable files with encryption to pass sensitive variables to Terraform.
Question 212
When you use a remote backend that needs authentication, HashiCorp recommends that you:
Correct Answer: D
Explanation This is the recommended way to use a remote backend that needs authentication, as it allows you to provide the credentials via environment variables, command-line arguments, or interactive prompts, without storing them in the Terraform configuration files.
Question 213
Which of these statements about HCP Terraform/Terraform Cloud workspaces is false?
Correct Answer: D
Question 214
You have developed a new cloud-based service that uses proprietary APIs and want to use Terraform to create, manage, and delete users from the service. How can Terraform interact with the service?
Correct Answer: B
Detailed Explanation: * Rationale for Correct Answer (B):Terraform interacts with external systems through providers. Since this is a new proprietary service with its own API, Terraform does not support it by default. You would need to develop a custom provider that implements Terraform's provider interface and interacts with the proprietary APIs to manage resources like users. * Analysis of Incorrect Option: * A. Any service hosted on a public cloud provider: Not true. Terraform can only manage services that have providers (official or custom). Just being "hosted on a public cloud" doesn't guarantee Terraform support. * Key Concept:Terraform providers act as the bridge between Terraform and external APIs. For unsupported services, a custom provider must be developed. Reference:Terraform Exam Objective - Manage Terraform Resources and Providers.
Question 215
Which of these statements about Terraform Cloud workspaces is false?
Correct Answer: B
Explanation The statement that you must use the CLI to switch between workspaces is false. Terraform Cloud workspaces are different from Terraform CLI workspaces. Terraform Cloud workspaces are required and represent all of the collections of infrastructure in an organization. They are also a major component of role-based access in Terraform Cloud. You can grant individual users and user groups permissions for one or more workspaces that dictate whether they can manage variables, perform runs, etc. You can create, view, and switch between Terraform Cloud workspaces using the Terraform Cloud UI, the Workspaces API, or the Terraform Enterprise Provider5. Terraform CLI workspaces are optional and allow you to create multiple distinct instances of a single configuration within one working directory. They are useful for creating disposable environments for testing or experimenting without affecting your main or production environment. You can create, view, and switch between Terraform CLI workspaces using the terraform workspace command6. The other statements about Terraform Cloud workspaces are true. They have role-based access controls that allow you to assign permissions to users and teams based on their roles and responsibilities. You can create and manage roles using the Teams API or the Terraform Enterprise Provider7. Plans and applies can be triggered via version control system integrations that allow you to link your Terraform Cloud workspaces to your VCS repositories. You can configure VCS settings, webhooks, and branch tracking to automate your Terraform Cloud workflow8. They can securely store cloud credentials as sensitive variables that are encrypted at rest and only decrypted when needed. You can manage variables using the Terraform Cloud UI, the Variables API, or the Terraform Enterprise Provider9. References = [Workspaces]5, [Terraform CLI Workspaces]6, [Teams and Organizations]7, [VCS Integration]8, [Variables]9