Free TA-002-P Exam Braindumps

- (Exam Topic 4)
What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

1. A. Vault provider
2. B. API access using the AppRole auth method
3. C. integration with a tool like Jenkins
4. D. CLI access from the same machine running Terraform

Correct Answer: A

- (Exam Topic 4)
Terraform variable names are saved in the state file.

1. A. True
2. B. False

Correct Answer: B
Terraform stores information about your infrastructure in a state file. This state file keeps track of resources created by your configuration and maps them to real-world resources. https://learn.hashicorp.com/tutorials/terraform/state-cli

- (Exam Topic 3)
When multiple engineers start deploying infrastructure using the same state file, what is a feature of remote state storage that is critical to ensure the state doesn't become corrupt?

1. A. Object Storage
2. B. State Locking
3. C. WorkSpaces
4. D. Encryption

Correct Answer: B
If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state.
State locking happens automatically on all operations that could write state. You won't see any message that it is happening. If state locking fails, Terraform will not continue. You can disable state locking for most commands with the -lock flag but it is not recommended.
If acquiring the lock is taking longer than expected, Terraform will output a status message. If Terraform doesn't output a message, state locking is still occurring if your backend supports it.
Not all backends support locking. Please view the list of backend types for details on whether a backend supports locking or not.
https://www.terraform.io/docs/state/locking.html

- (Exam Topic 1)
How can you trigger a run in a Terraform Cloud workspace that is connected to a Version Control System (VCS) repository?

1. A. Only Terraform Cloud organization owners can set workspace variables on VCS connected workspaces
2. B. Commit a change to the VCS working directory and branch that the Terraform Cloud workspace is connected to
3. C. Only members of a VCS organization can open a pull request against repositories that are connected to Terraform Cloud workspaces
4. D. Only Terraform Cloud organization owners can approve plans in VCS connected workspaces

Correct Answer: B
"In a workspace linked to a VCS repository, runs start automatically when you merge or commit changes to version control.
A workspace is linked to one branch of a VCS repository and ignores changes to other branches. You can specify which files and directories within your repository trigger runs. "
https://www.terraform.io/cloud-docs/run/ui#automatically-starting-runs

- (Exam Topic 4)
Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Enterprise automatically and proactively enforce this security control?

1. A. With a Sentinel policy, which runs before every apply
2. B. By adding variables to each TFE workspace to ensure these settings are always enabled
3. C. With an S3 module with proper settings for buckets
4. D. Auditing cloud storage buckets with a vulnerability scanning tool

Correct Answer: A
https://docs.hashicorp.com/sentinel/intro/what
https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-dd