TERRAFORM-ASSOCIATE-004 Question #145: Real Exam Question with Answer & Explanation

Question

What are some benefits of using Sentinel with Terraform Cloud/Terra form Cloud? Choose three correct answers.

Options

• AYou can enforce a list of approved AWS AMIs
• BPolicy-as-code can enforce security best practices
• CYou can check out and check in cloud access keys
• DYou can restrict specific resource configurations, such as disallowing the use of CIDR=0.0.0.0/0.
• ESentinel Policies can be written in HashiCorp Configuration Language (HCL)

Explanation

Sentinel is a policy-as-code framework integrated into Terraform Cloud that enforces rules before infrastructure changes are applied. A is correct: you can write policies that restrict which AMI IDs are approved for use. B is correct: Sentinel lets teams encode and enforce security best practices programmatically. D is correct: you can restrict dangerous configurations like open CIDR ranges (0.0.0.0/0). C is incorrect - checking out/in cloud access keys is a feature of HashiCorp Vault, not Sentinel. E is incorrect - Sentinel policies are written in the Sentinel language, not HCL.

No community discussion yet for this question.