TA-002-P Question #257: Real Exam Question with Answer & Explanation

Question

Your team lead does not trust the junior terraform engineers who now have access to the git repo . So , he wants you to have some sort of a checking layer , whereby , you can ensure that the juniors will not create any non-compliant resources that might lead to a security audit failure in future. What can you do to efficiently enforce this?

Options

• ACreate a design /security document (in PDF) and share to the team , and ask them to
• BSince your team is using Hashicorp Terraform Enterprise Edition , enable Sentinel , and
• CUse Terraform OSS Sentinel Lite version , which will save cost , since there is no charge
• DCreate a git master branch , and implement PR . Every change needs to be reviewed by

Explanation

{"question_number": 6, "question": "Your team lead wants a checking layer to prevent junior engineers from creating non-compliant resources. What can you do efficiently?", "correct_answer": "B. Since your team is using HashiCorp Terraform Enterprise Edition, enable Sentinel.", "explanation": "Sentinel is HashiCorp's policy-as-code framework built into Terraform Enterprise (and Terraform Cloud's paid tiers). It allows you to define and enforce fine-grained policies on infrastructure before a terraform apply is executed. If a plan violates a Sentinel policy, it is automatically blocked. This is the most efficient and automated approach. PDF documents (option A) rely on human compliance and are not enforceable. Option C is incorrect - there is no 'Sentinel Lite' for OSS. Option D (PR review) adds a human gate but does not automate policy enforcement the way Sentinel does.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.