TA-002-P · Question #421
TA-002-P Question #421: Real Exam Question with Answer & Explanation
The correct answer is B: Set a value for the variable in the UI and check the "Sensitive" check box. {"question_number": 2, "question": "Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace?", "correct_answer": "B", "explanation": "In Terraform Cloud, marking a variable as 'Sensitive' via the UI causes the value to be write-only -
Question
Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace?
Options
- AWrite the value to a file and specify the file with the -var-file flag
- BSet a value for the variable in the UI and check the "Sensitive" check box
- CEdit the state file directly just before running terraform apply
- DSet the variable value on the command line with the -var flag
Explanation
{"question_number": 2, "question": "Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace?", "correct_answer": "B", "explanation": "In Terraform Cloud, marking a variable as 'Sensitive' via the UI causes the value to be write-only - it is stored encrypted, never displayed again in the UI, and never exposed in plan or apply output. This is the safest method because: (A) a -var-file with secrets risks the file being committed to version control; (C) directly editing the state file is dangerous, unsupported, and could corrupt state; (D) command-line -var flags can appear in shell history, logs, and process lists. The Sensitive checkbox ensures the value is handled securely throughout the Terraform Cloud lifecycle.", "generated_by": "claude-sonnet", "llm_judge_score": 3}
Topics
Community Discussion
No community discussion yet for this question.