ExamTopics Logo
Mail Us[email protected]
Menu
Hashicorp Discussions
exam questions

Exam Terraform Associate All Questions

View all questions & answers for the Terraform Associate exam
Go to Exam

Exam Terraform Associate topic 1 question 308 discussion

Actual exam question from HashiCorp's Terraform Associate
Question #: 308
Topic #: 1
[All Terraform Associate Questions]

Which option can not keep secrets out of Terraform configuration files?

  • A. A shared credential file
  • B. Mark the variable as sensitive
  • C. Environment Variables
  • D. A -var flag
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vindi135 at Nov. 26, 2023, 8:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sultaz
1 month, 1 week ago
Selected Answer: B
Marking a variable as sensitive in Terraform prevents its value from being displayed in the CLI output, but it does not keep the secret out of Terraform configuration files or the state file. Sensitive variables are still stored in plaintext within the Terraform state file, making them accessible unless additional measures are taken to secure the state file.
upvoted 1 times
...
Smith_Adam
5 months ago
Selected Answer: A
Chatgpt Terraform configuration files contain the infrastructure code that can include sensitive data, such as API keys and credentials. There are multiple ways to keep these secrets safe: A. Shared credential file: This option is not a secure way to keep secrets, as the credential files are often stored in plaintext, which exposes sensitive information. B. Mark the variable as sensitive: This is a secure method to ensure that Terraform handles sensitive data properly. When variables are marked as "sensitive," their values will not be displayed in the output. C. Environment Variables: Environment variables are commonly used to store secrets securely. They prevent the secrets from appearing in the code or Terraform configuration files. D. -var flag: This allows variables to be passed directly via the command line. However, this is not a secure method because the values can be seen in command history or process logs. Answer: A. Shared credential file does not prevent secrets from appearing in Terraform configuration files.
upvoted 1 times
...
ksam2112
6 months, 2 weeks ago
Selected Answer: A
A. A shared credential file. A shared credential file typically contains sensitive information and would be part of the configuration files or accessible in some manner, making it less secure for keeping secrets. The other options (marking variables as sensitive, using environment variables, and the -var flag) can help manage sensitive values without exposing them in configuration files.
upvoted 1 times
...
petersoliman
1 year, 4 months ago
Selected Answer: B
B is the right answer
upvoted 4 times
...
Stargazer11
1 year, 4 months ago
Selected Answer: B
Question is about whether the sensitive values will be in terraform config files NOT about the state file. so B
upvoted 4 times
...
vindi135
1 year, 5 months ago
Selected Answer: B
Marking a variable as sensitive doesn't encourage it to be kept out of the terraform files. It will only be omitted in stout or logs when the terraform command is run
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago