Refer to https://docs.google.com/document/d/1gfwVdVdN54OeWzl_fiCP8ZY-Taz1lsrnTcFI1zNWNhU/edit?usp=sha ring Apex needs to implement Technical requirement 3. Terraform apply operations must be manually triggered, must use the protected port-prod environment, and must not expose environment secrets before approval. Which option completes the workflow?
name: apply-port-infrastructure
on:
(Missing value 1):
permissions:
contents: read
id-token: write
jobs:
apply:
runs-on: ubuntu-latest
environment:
name: (Missing value 2)
steps:
- uses: actions/checkout@v4
- name: Verify approved plan
run: |
test -f .github/approvals/terraform-plan-approved.json
- name: Apply approved infrastructure change
env:
CLOUD_ROLE: ${{ secrets.PORT_PROD_ROLE }}
run: (Missing value 3)Choose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = workflow_dispatch Missing value 2 = port-prod Missing value 3 = terraform apply -auto-approve.
Why this is the answer
The correct option aligns with all technical requirements. workflowdispatch allows manual triggering of the workflow, as required. port-prod correctly specifies the protected production environment. terraform apply -auto-approve executes the Terraform apply operation. The env block with CLOUDROLE: ${{ secrets.PORTPRODROLE }} ensures secrets are not exposed until approval, as the id-token: write permission and the environment protection mechanisms handle this securely. Incorrect options: pullrequest would trigger automatically on PRs, not manually. terraform plan only plans, it doesn't apply. push would trigger automatically on pushes, not manually. staging is the wrong environment. schedule would trigger automatically at a set time, not manually. terraform validate only validates syntax, it doesn't apply.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed