Practice English vocabulary for IaC policy enforcement: Sentinel policies, pre-apply evaluation, hard fails, soft fails, and OPA for cross-cloud policy.
0 / 5 completed
1 / 5
What does 'Sentinel policy prevents non-compliant infrastructure' mean?
Sentinel policies act as guardrails in the Terraform workflow. They check things like 'all EC2 instances must have required tags', 'no public S3 buckets', or 'only approved instance types may be used'. Violations can block or warn about the apply.
2 / 5
What does 'the policy evaluates before apply' mean?
Pre-apply policy evaluation is key to policy-as-code effectiveness. By evaluating the plan (not the running infrastructure), non-compliant changes are caught before any infrastructure is modified — preventing the need to roll back.
3 / 5
What is a 'hard fail' in IaC policy enforcement?
Sentinel and OPA policy results can be 'hard fail' (mandatory block), 'soft fail' (can be overridden with approval), or 'advisory' (warning only). Hard fails represent non-negotiable guardrails where the business risk of violation is too high to allow exceptions.
4 / 5
What is a 'soft fail' in IaC policy enforcement?
Soft fails enable policy enforcement with human judgment. A policy might soft-fail when a proposed resource doesn't follow naming conventions — the team lead can review and approve the exception. The override is logged for auditability.
5 / 5
What is 'OPA for cross-cloud policy'?
OPA is cloud-agnostic and tool-agnostic — the same Rego policies can evaluate Terraform plans, Kubernetes admission requests, and API authorization decisions. This makes it attractive for organizations using multiple clouds or infrastructure tools who want unified governance.