Fourth Flashcards Preview

P211A000N02F > Fourth > Flashcards

Flashcards in Fourth Deck (5)
Loading flashcards...
1

You are a DevOps Engineer for a company that has no experience with Terraform and you have to design and multi-environment Terraform State Architecture for “dev”, “stg” and “prod” on a S3 bucket for Terraform Cloud to delegate permissions on your infrastructure.

What of the following approach you could consider to follow:

A. Have a single bucket with a single state for different states like:
mybucket/dev.tfstatemybucket/stg.tfstate
mybucket/prod.tfstate
B. Create different workspaces per environment:
mybucket/dev/application.tfstatemybucket/stg/application.tfstate
mybucket/prod/application.tfstate
C. Use the default workspace for all the stages
D. All the above

B. Create different workspaces per environment:
mybucket/dev/application.tfstatemybucket/stg/application.tfstate
mybucket/prod/application.tfstate

Workspaces is the main tool for Terraform to delegating the access between different environments. The recommendations by Hashicorp have always been to create a workspace per environment.

Option A is incorrect when using workspaces in Terraform Cloud. On Terraform OpenSource an approach could be
mybucket/dev/dev.tfstate
mybucket/stg/stg.tfstate
mybucket/prod/prod.tfstate
but you are missing the permissions control

Option C is incorrect as we don’t have segmentation between the different environments.

Option D is incorrect as A and C don’t suit the best practices

https://www.terraform.io/docs/cloud/guides/recommended-practices/part1.html#the-recommended-terraform-workspace-structure

2

Due to the last audit of your company, security and governance becomes priority number one.
What is the best way to check if your Terraform code is compliant to be applied in a production environment in Terraform Cloud or Terraform Enterprise?

A. Use terratest
B. Use Sentinel Policies
C. Use manual approvals during your PRs
D. All of the above

B. Use Sentinel Policies

Sentinel allows Terraform check policies after the terraform plan but before it can be confirmed or terraform apply is executed. Using this way, we can prevent provisions to production when the code is not compliant with my policy.

Answer A is incorrect as terratest is to automate the test of your Infrastructure

Answer C is incorrect as there is not way to control the governance of your infrastructure and the Terraform code could be applied in production

Answer D as A and C are incorrect, D also is incorrect

https://www.terraform.io/docs/cloud/sentinel/index.html

3

What is the command to switch to the workspace “app-stg”

A. terraform workspace select app-stg
B. terraform workspace app-stg
C. terraform workspace choose app-stg
D. terraform w -s app-stg

A. terraform workspace select app-stg

The only options using the command terraform workspace are:
terraform workspace
Usage: terraform workspace

new, list, show, select and delete Terraform workspaces.

terraform workspace select
Expected a single argument: NAME.

Usage: terraform workspace select NAME [DIR]

Select a different Terraform workspace.

Option B is incorrect as you must to choose a keyword to operate with the workspace.

Option C is incorrect as workspace choose doesn’t exists on Terraform Command Line

Option D is incorrect as this option doesn’t exists on the Terraform Command Line

4

With which version controls you can add modules on your Terraform Cloud private registry?

A. AWS CodeCommit and GitHub
B. AWS CodeCommit, Github, GitLab, BitBucket, GCP Cloud Source Repositories
C. AWS CodeCommit, GCP Cloud Source Repositories, Azure DevOps
D. GitHub, GitLab, BitBucket, Azure DevOps

D. GitHub, GitLab, BitBucket, Azure DevOps

If you log into Terraform Cloud: https://app.terraform.io/
and try to add a module you will see the following providers where you can connect:
- GitHub
- GitLab
- Bitbucket
- Azure DevOps

Option A is incorrect because AWS CodeCommit is not supported

Option B is incorrect because AWS CodeCommit and GCP Cloud Source Repositories are not supported

Option C is incorrect because AWS CodeCommit and GCP Cloud Source Repositories are not supported

https://www.terraform.io/docs/cloud/vcs/index.html#supported-vcs-providers

5

Is it secure to store sensitive data on your Terraform State in Terraform Cloud?

A. Yes, but you have to use additional service such as Hashicorp Vault
B. Yes, but you have to encrypt your data before with another encryption mechanism
C. No, Terraform Cloud doesn’t support mechanism to encrypt the Terraform State
D. Yes, Terraform Cloud encrypts the state at rest and protects it with TLS in transit.

D. Yes, Terraform Cloud encrypts the state at rest and protects it with TLS in transit.

Terraform Cloud guarantees the encryption at rest and in transit with TLS of the terraform state.

Option A is incorrect as Hashicorp Vault is a different tool where you can encrypt your data and retrieve them in your Terraform code, but it doesn’t not encrypt the terraform state.

Option B is incorrect as you don’t have to this you have your data encrypted on Terraform Cloud

Option C is incorrect because Terraform Cloud always encrypts the state at rest.

https://www.terraform.io/docs/language/state/sensitive-data.html