Hashicorp Terraform Associate Exam Guide | ninjasquad
A complete study guide for Hashicorp Terraform Associate Certification Exam.
To be honest, their documentation is more than enough for this exam. They have a very good Exam study guide and exam review guide. I would suggest you go through these links in order and would highly recommend you practice while going through these materials.
terraform import
to import the existing remote infrastructure to terraform state file using below three steps:-
Go through the below list of compiled questions for Hashicorp Terraform Associate certification exam. You can expect similar questions in the real exam. If you are looking for exam dumps then you can rely on below list of questions though the same questions are not guaranteed to appear in the exam.
Infrastructure as Code
Which of the following is a key principle of infrastructure as code?
⬜ Versioned infrastructure
⬜ Golden images
✅ Idempotence
⬜ Self-describing infrastructure
Reference: https://learn.microsoft.com/en-us/devops/deliver/what-is-infrastructure-as-code
Which of the following best describes Terraform?
⬜ A programming language
✅ An infrastructure as code (IaC) tool
⬜ A cloud provider
⬜ A containerization tool
What are the main advantages to use Terraform as the IaC tool?
⬜ Terraform can manage infrastructure on multiple cloud platforms.
⬜ Terraform’s state allows you to track resource changes throughout your deployments.
⬜ You can commit your configurations to version control to safely collaborate on infrastructure.
✅ All of the above
Reference: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/infrastructure-as-code
Does Terraform support multiple cloud providers?
✅ true
⬜ false
What are three Terraform Cloud features? (Choose 3 answers)
✅ Remote state management.
✅ Remote Terraform Execution.
✅ Private Module Registry.
⬜ Terraform Linting.
Reference: https://developer.hashicorp.com/terraform/cloud-docs/overview
What is the core terraform workflow?
⬜ Plan, write, apply.
✅ Write, plan, apply.
⬜ Apply, write, plan.
⬜ Apply, plan, write.
Reference: https://developer.hashicorp.com/terraform/intro/core-workflow
Your boss has asked you to come up with a new cloud automation provider that supports a Private Module registry as part of the offering. Which Cloud Provider and plan do you choose?
✅ Terraform Cloud with a Terraform Enterprise
⬜ Amazon Web Services and the Enterprise Terraform Plus Plan
⬜ The Azure Supercharged Automation Professional Direct plan from Microsoft
⬜ The Google GCP Terraform Deluxe Plan
Reference: https://developer.hashicorp.com/terraform/cloud-docs/registry
Terraform Configuration
Which file is typically used to define resources in a Terraform configuration?
✅ main.tf
⬜ terraform.tfvars
⬜ variables.tf
⬜ outputs.tf
Which of the following is NOT a valid Terraform block type?
⬜ provider
⬜ resource
⬜ output
⬜ module
⬜ data
✅ bucket
What is the workflow for deploying new infrastructure with Terraform?
⬜ terraform plan to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
⬜ Write a Terraform configuration, run terraform show to view proposed changes, and terraform apply to create new infrastructure.
⬜ terraform import to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
✅ Write a Terraform configuration, run terraform init, run terraform plan to view planned infrastructure changes, and terraform apply to create new infrastructure.
Which language does terraform configuration support from the below list?
⬜ XML
✅ JSON
✅ Hashicorp Configuration Language (HCL)
⬜ YAML
Reference: https://developer.hashicorp.com/terraform/language/syntax
What Terraform feature is most applicable for managing small differences between different environments, for example development and production?
✅ Workspaces
⬜ States
⬜ Repositories
⬜ Versions
Reference: https://developer.hashicorp.com/terraform/language/state/workspaces
What’s the correct syntax for referencing a resource within the configuration file?
✅ <RESOURCE TYPE>.<NAME>
⬜ <NAME>.<RESOURCE TYPE>
⬜ <PROVIDER>.<RESOURCE TYPE>
⬜ <LOCAL/REMOTE STATE>.<RESOURCE TYPE>
Reference: https://developer.hashicorp.com/terraform/cli/state/resource-addressing#resource-spec
Terraform State
Which of the following best describes a Terraform state file?
⬜ A file that contains a list of available Terraform providers
✅ A file that stores the current state of infrastructure managed by Terraform
⬜ A file that contains a list of Terraform modules used in a configuration
⬜ A file that stores the output of a Terraform plan
The terraform.tfstate file always matches your currently built infrastructure?
⬜ true
✅ false
Reference: https://developer.hashicorp.com/terraform/language/state
Usernames and passwords referenced in the Terraform code, even as variables, will end up in plain text in the state file?
✅ true
⬜ false
You injected some secrets from variables into your Terraform configuration. What happens after you run the terraform apply command and they are loaded into state?
✅ They are shown in clear-text.
⬜ They are shown as their referenced variables.
⬜ They are shown as encrypted values.
⬜ They are omitted from state.
Terraform state can contain sensitive data, depending on the resources in use and your definition of “sensitive.” The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords.
Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data
What is the name of the default file where Terraform stores the state?
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
✅ terraform.tfstate
Reference: https://developer.hashicorp.com/terraform/language/state
Where is the default location that Terraform stores its state in?
✅ The current working directory in which Terraform is ran.
⬜ At the users root directory.
⬜ In the same location that Terraform is installed. E.g. /usr/bin/terraform
⬜ In ~/.terraform.d/plugins
In the default configuration, Terraform stores the state in a file in the current working directory where Terraform was run.
Reference: https://developer.hashicorp.com/terraform/language/state/purpose#syncing
Where are Terraform Workspace state files stored?
✅ terraform.tfstate.d
⬜ terraform.tfstate
⬜ .tfstate
⬜ ~/.terraform.d/plugins
Reference: https://developer.hashicorp.com/terraform/cli/workspaces#workspace-internals
What is the recommended way to implement Terraform’s state for larger teams?
✅ By configuring a remote backend such that multiple teams can work in tandem and know which resources are being created and destroyed.
⬜ By sticking the state in a cloud instance, and having team members SSH into the instance to work on their configuration files.
⬜ Having your state synced to a github repo for members to compare to.
⬜ By using the daily standup you are a part of sot that you can share changes to the state file.
Remote state is the recommended solution to this problem. With a fully-featured state backend, Terraform can use remote locking as a measure to avoid two or more different users accidentally running Terraform at the same time, and thus ensure that each Terraform run begins with the most recent updated state.
Reference: https://developer.hashicorp.com/terraform/language/state/purpose#syncing
You are part of a large DevOps team using the current version of Terraform, and there can be multiple changes going on to your terraform files across the company. What would you do to ensure that the state file is locked when you run terraform apply?
⬜ Add the -lock=true flag to the command.
✅ Nothing, terraform will manage the locking by itself.
⬜ First run terraform plan to lock in your proposed changes. Then run terraform apply to commit them.
⬜ Add the -state-lock=true to the command.
State locking happens automatically on all operations that could write state. You won’t see any message that it is happening. If state locking fails, Terraform will not continue. You can disable state locking for most commands with the -lock flag but it is not recommended.
Reference: https://developer.hashicorp.com/terraform/language/state/locking
Terraform Commands
What command does Terraform require the first time you run it within a configuration directory?
⬜ terraform plan
⬜ terraform apply
✅ terraform init
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/init
How can you init a directory with a specific source?
✅ terraform init -from-module={MODULE-SOURCE}
⬜ terraform init -source={PATH}
⬜ terraform init {PATH}
⬜ terraform init -plugin-dir={PATH}
Reference: https://developer.hashicorp.com/terraform/cli/commands/init#copy-a-source-module
Which command is used to create an execution plan in Terraform?
✅ terraform plan
⬜ terraform apply
⬜ terraform init
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan
By default, when running ’terraform plan’, what files are scanned?
✅ *All .tf files in the current directory.
⬜ Only files in the .terraform directory
⬜ Only files you specify with the -file-path flag.
⬜ All files on your hard drive.
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan
Which command is used to apply changes to infrastructure in Terraform?
⬜ terraform destroy
✅ terraform apply
⬜ terraform plan
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply
Which command is used to destroy infrastructure in Terraform?
✅ terraform destroy
⬜ terraform apply
⬜ terraform plan
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/destroy
If different teams are working on the same configuration. How do you make files to have consistent formatting?
✅ terraform fmt
⬜ terraform apply
⬜ terraform plan
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt
What Terraform command modifies a HashiCorp Configuration Language (HCL) file to adhere to the recommended spacing rules for HCL files?
✅ terraform fmt
⬜ terraform apply
⬜ terraform plan
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt
Your teammate is worried that if they run the terraform fmt command on their current directory, it will change their configuration files too much. What flag do you tell them to pass into the command such that they can see the differences?
✅ -diff
⬜ -check
⬜ -refresh
⬜ -list=true
Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt#diff
Which command can be used to verify whether a configuration is syntactically valid and internally consistent?
✅ terraform validate
⬜ terraform apply
⬜ terraform plan
⬜ terraform fmt
Reference: https://developer.hashicorp.com/terraform/cli/commands/validate
How would you get the JSON output of the terraform validate command?
✅ terraform validate -json
⬜ terraform validate json
⬜ terraform validate -output=json
⬜ terraform json validate
When you use the -json
option, Terraform will produce validation results in JSON format to allow using the validation result for tool integrations, such as highlighting errors in a text editor.
Reference: https://developer.hashicorp.com/terraform/cli/commands/validate#json-output-format
Does the validate command connect to remote APIs and state when being ran?
✅ No it does not.
⬜ Only if configured to do so on the backend.
⬜ If the -remote=true is set, yes it does.
⬜ If there are providers set, it will attempt to.
Reference: https://developer.hashicorp.com/terraform/cli/commands/validate
Which command provides an interactive command-line console for evaluating and experimenting with expressions?
⬜ terraform show
⬜ terraform eval
✅ terraform console
⬜ terraform exec
Reference: https://developer.hashicorp.com/terraform/cli/commands/console
Which command is used to extract the value of an output variable from the state file?
⬜ terraform exec
⬜ terraform show
✅ terraform output
⬜ terraform state
Reference: https://developer.hashicorp.com/terraform/cli/commands/output
When are output variables ran and sent to stdout?
✅ Only with terraform apply.
⬜ Only on terraform plan or apply.
⬜ With any terraform command.
⬜ Only if you specify the -outputs flag on apply.
Reference: https://developer.hashicorp.com/terraform/language/values/outputs
You have defined the values for your variables in the file terraform.tfvars, and saved it in the same directory as your Terraform configuration. Which of the following commands will use those values when creating an execution plan?
⬜ terraform plan
⬜ terraform plan -var-file=terraform.tfvars
✅ All of the above
⬜ None of the above
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan
Which two steps are required to provision new infrastructure in the Terraform workflow? Choose TWO correct answers.
✅ terraform init
⬜ terraform import
✅ terraform apply
⬜ terraform validate
⬜ terraform destroy
Reference: https://developer.hashicorp.com/terraform/intro/core-workflow
You have an EC2 instance that is acting up in the cloud. It handles a relatively light ephemeral workload, so it can be restarted/destroyed with no repercussions. What full command would you use to target only this instance for recreation?
✅ terraform apply -replace=aws_instance.{INSTANCE_NAME}
⬜ terraform apply -replace aws_instance
⬜ terraform apply -replace {INSTANCE_NAME}
⬜ terraform destroy --target=aws.instance{INSTANCE_NAME}
and terraform apply
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#replace-address
You would like to reuse the same Terraform configuration for your development and production environments with a different state file for each. Which command would you use?
⬜ terraform import
✅ terraform workspace
⬜ terraform state
⬜ terraform init
Reference: https://developer.hashicorp.com/terraform/cli/commands/workspace
One of your colleagues is new to Terraform and wants to add a new workspace named new-hire. What command he should execute from the following?
⬜ terraform workspace –new –new-hire
✅ terraform workspace new new-hire
⬜ terraform workspace init new-hire
⬜ terraform workspace new-hire
As a prestigious Sr. Cloud Engineer, your colleague comes up to you and asks for a new Development workspace. What’s the fastest way to accomplish this?
✅ **terraform workspace new dev
⬜ Head to the Terraform Enterprise console and create a new workspace there.
⬜ Specify in the configuration block the new workspace to be created.
⬜ Have them submit a Jira ticket and tell them you’ll get around to it in the next Sprint.
How does terraform import
run?
⬜ As a part of terraform init
⬜ As a part of terraform plan
⬜ As a part of terraform refresh
✅ By an explicit call
⬜ All of the above
Reference: https://developer.hashicorp.com/terraform/tutorials/state/state-import
What must be provided with the terraform import
command for Terraform to successfully import resources?
✅ Resource Id, module path, and the resource spec.
⬜ The resource name.
⬜ The full resource ARN.
⬜ Only resource Id
Import will find the existing resource from ID and import it into your Terraform state at the given ADDRESS. ID is dependent on the resource type being imported. For example, for AWS instances it is the instance ID (i-abcd1234) but for AWS Route53 zones it is the zone ID (Z12ABC4UGMOZ2N). ADDRESS must be a valid resource address which is made up of two parts: [module path][resource spec]
Reference: https://developer.hashicorp.com/terraform/cli/commands/import
A user wants to list all resources which are deployed using Terraform. How can this be done?
⬜ terraform state show
✅ terraform state list
⬜ terraform show
⬜ terraform show list
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/list
Which terraform state subcommand will give you all of the resources in your state?
✅ list
⬜ show
⬜ refresh
⬜ apply
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/list
A user wants to see the resource block for resource aws_instance
having name foo
in state file. How can this be done?
⬜ terraform show aws_instance.foo
⬜ terraform show aws_instance foo
✅ terraform state show aws_instance.foo
⬜ terraform state show aws_instance foo
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/show
Which of the following command provides the JSON reprentation of the state?
⬜ terraform state -json
⬜ terraform state show -json
✅ terraform show -json
⬜ terraform show state -json
Reference: https://developer.hashicorp.com/terraform/cli/commands/show
Why would you use the terraform taint
command?
⬜ When you want to force Terraform to destroy a resource on the next apply
✅ When you want to force Terraform to destroy and recreate a resource on the next apply
⬜ When you want Terraform to ignore a resource on the next apply
⬜ When you want Terraform to destroy all the infrastructure in your workspace
Reference: https://developer.hashicorp.com/terraform/cli/commands/taint
The command terraform.taint
is deprecated in v0.15.2, which command you should use intead?
✅ terraform apply -replace
⬜ terraform plan -replace
⬜ terraform apply -taint
⬜ terraform plan -taint
Reference: https://developer.hashicorp.com/terraform/cli/commands/taint
What is not processed when running a terraform refresh
?
⬜ State file
✅ Configuration file
⬜ Credentials
⬜ Cloud provider
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
Which of the following Terraform commands will automatically refresh the state unless supplied with additional flags or arguments? Choose TWO correct answers.
✅ terraform plan
⬜ terraform state
✅ terraform apply
⬜ terraform validate
⬜ terraform output
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
The command terraform refresh
is deprecated in v0.15.4, which command is recommended to use instead? Choose TWO correct answers.
✅ terraform apply -refresh-only
✅ terraform plan -refresh-only
⬜ terraform apply -refresh
⬜ terraform plan -refresh
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
Which of the following command will give you an opportunity to review the changes that Terraform has detected during refresh? Choose TWO correct answers.
⬜ terraform apply -refresh-only -auto-approve
✅ terraform apply -refresh-only
⬜ terraform refresh
✅ terraform plan -refresh-only
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
What happens when you apply Terraform configuration? Choose TWO correct answers.
✅ Terraform makes any infrastructure changes defined in your configuration.
⬜ Terraform gets the plugins that the configuration requires.
✅ Terraform updates the state file with any configuration changes it made.
⬜ Terraform corrects formatting errors in your configuration.
⬜ Terraform destroys and recreates all your infrastructure from scratch.
Which flag is used to find more information about a Terraform command? For example, you need additional information about how to use the plan
command. You would type: terraform plan _____
.
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
✅ -h
✅ -help
✅ --help
Answers that would also receive full credit:--h
terraform plan -h
terraform plan --h
terraform plan -help
terraform plan --help
terraform -h plan
terraform -help plan
terraform --help plan
plan -h
plan --h
plan -help
plan --help
-h plan
-help plan
--help plan
Which flag would you add to terraform plan to save the execution plan to a file? You would type: terraform plan _____
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
✅ -out=FILENAME
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#out-filename
You just added a new set of resources to your configuration and would only like to see them when you run your terraform plan
command. What flag do you specify when running the plan command to only see their plans?
✅ -target={resources}
⬜ -refresh=true
⬜ -state={new_state_file}
⬜ -lock=true
You can use the -target
option to focus Terraform’s attention on only a subset of resources. You can use resource address syntax to specify the constraint
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#resource-targeting
You have a simple Terraform configuration containing one virtual machine (VM) in a cloud provider. You run terraform apply
and the VM is created successfully. What will happen if you delete the VM using the cloud provider console, and run terraform apply
again without changing any Terraform code?
⬜ Terraform will remove the VM from state file
⬜ Terraform will report an error
⬜ Terraform will not make any changes
✅ Terraform will recreate the VM
You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for readability.How can you format Terraform HCL (HashiCorp Configuration Language) code according to standard Terraform style convention?
✅ Run the terraform fmt command during the code linting phase of your CI/CD process
⬜ Designate one person in each team to review and format everyone’s code
⬜ Manually apply two spaces indentation and align equal sign “=” characters in every Terraform file (*.tf)
⬜ Write a shell script to transform Terraform files using tools such as AWK, Python, and sed
You have deployed a new webapp with a public IP address on a clod provider. However, you did not create any outputs for your code. What is the best method to quickly find the IP address of the resource you deployed?
✅ Run terraform output ip_address
to view the result
⬜ In a new folder, use the terraform_remote_state data source to load in the state file, then write an output for each resource that you find the state file
⬜ Run terraform state list to find the name of the resource, then terraform state show to find the attributes including public IP address
⬜ Run terraform destroy then terraform apply and look for the IP address in stdout
Reference: https://developer.hashicorp.com/terraform/cli/commands/output
What is the default number of concurrent operations supported by terraform apply command?
⬜ 100
✅ 10
⬜ 5
⬜ 1
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n
Say you wanted to increase the number of operations that terraform is concurrently using to create your resources. Which command would you run, with what specific flag, to accomplish this? (Choose 2 answers)
✅ terraform apply
✅ -parallelism={NUMBER-OF-OPERATIONS}
⬜ terraform init
⬜ -concurrent={NUMBER-OF-OPERATIONS}
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n
Lately you noticed that your Terraform jobs are failing in your CI/CD pipeline. The error that is coming back mentions something about hitting a rate limit. Without altering the time that the builds are ran, what could you pass into the terraform apply command to slow your operations down?
✅ -parallelism={NUMBER_OF_OPERATIONS}
⬜ -concurrent={NUMBER_OF_OPERATIONS}
⬜ -rate-limit={NUMBER_OF_OPERATIONS}
⬜ -refresh=false
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n
Terraform Backend
What does the default “local” Terraform backend store?
⬜ tfplan files
⬜ Terraform binary
⬜ Provider plugins
✅ State file
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/local
What two configuration variables are available to a default local backend? (Choose 2 answers)
✅ path
✅ workspace_dir
⬜ working_dir
⬜ path_dest
path and workspace_dir are two optional configuration supported by local backend
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/local#configuration-variables
What is not true about the Terraform backend?
⬜ A backend is where Terraform stores its state data files.
⬜ By default, Terraform uses a backend called local, which stores state as a local file on disk.
⬜ A terraform configuration can only provide one backend block.
✅ A backend block can refer to named values (like input variables, locals, or data source attributes).
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration
How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?
✅ It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
⬜ It doesn’t show the output of a terraform apply locally
⬜ It is only available to paying customers
⬜ All of the above
How do you supply remaining arguments to a partial backend configuration? (Choose 2 answers)
✅ Specify file terraform init -backend-config=PATH
✅ Specify key/value pairs terraform init -backend-config="KEY=VALUE"
⬜ Environment variable export TF_VAR_key=value
⬜ Set variable terraform init -var="KEY=VALUE"
A backend block cannot refer to Environment or Input variables, you can supply the arguments through -backend-config option in init command
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration
You are a part of a growing Cloud Infrastructure team. Your boss asks you to transition the team off of local backends, and onto remote backends. Within Terraform, what do you do to use the S3 buckets as a remote backend? (Choose 2 answers)
terraform {
backend "s3" {
bucket = "mybucket"
key = "path/to/my/key"
region = "us-east-1"
}
}
✅ Specify the file path to store state file inside the S3 bucket
✅ Make sure Terraform gets AWS IAM permission on target backend bucket and stored state file
⬜ Export your AWS API key to TF_BACKEND_KEY
⬜ Encrypt your AWS buckets with SSE.
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/s3#example-configuration
Which of the following is a type of backend configurable in Terraform?
✅ Local
⬜ Standard
⬜ Simple
⬜ Advanced
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#backend-types
Terraform Provisioners
Which option will you use to run provisioners that are not associated with any resources?
✅ null_resource
⬜ file
⬜ local-exec
⬜ remote-exec
null_resource has been renamed to terraform_data in Terraform v1.4.x and later version
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/null_resource
Which provisioner copies files or directories from the machine running Terraform to the newly created resource?
⬜ null_resource
✅ file
⬜ local-exec
⬜ remote-exec
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/file
Which type of connections supported by file provisioner? Select all valid options.
✅ ssh
⬜ sftp
✅ winrm
⬜ rdc
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/file
Which provisioner invokes a process on the machine running Terraform, not on the resource?
⬜ null_resource
⬜ file
✅ local-exec
⬜ remote-exec
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec
Where does the ’local-exec’ provisioner execute its code provided in its block?
⬜ On the remote resource specified.
✅ On the local machine running terraform.
⬜ On a spot-instance on your cloud provider.
⬜ In a container on your machine provided by the Terraform binary.
The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec
Which provisioner invokes a process on the resource created by Terraform?
⬜ null_resource
⬜ file
⬜ local-exec
✅ remote-exec
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec
What are the two accepted values for provisioners that have the “on_failure” key specified? (Choose 2 answers)
✅ continue
✅ fail
⬜ abort
⬜ retry
By default, provisioners that fail will also cause the Terraform apply itself to fail. The on_failure setting can be used to change this. The allowed values are: continue and fail
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#failure-behavior
What does the following provisioner block specify?
provisioner "local-exec" {
when = destroy
command = "echo 'Destroy-time provisioner'"
}
✅ Before the resource is destroyed, the provisioner will invoke “echo ‘Destroy-time provisioner’”
⬜ If the resource receives a ‘destroy’ command locally, it will echo ‘Destroy-time provisioner’
⬜ After the resource is destroyed, it will invoke “echo ‘Destroy-time provisioner’”
⬜ On the next ’terraform apply’ the resource will be destroyed
Destroy provisioners are run before the resource is destroyed. If they fail, Terraform will error and rerun the provisioners again on the next terraform apply.
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#destroy-time-provisioners
Terraform Providers and Resources
Which of the following best describes a Terraform provider?
⬜ A collection of resources that can be used to define a specific piece of infrastructure
✅ A plugin that allows Terraform to interact with a specific cloud provider or service
⬜ A tool for managing Docker containers
⬜ A set of variables used to configure Terraform resources
Which of the following is not true of Terraform providers?
⬜ Providers can be written by individuals
⬜ Providers can be maintained by a community of users
⬜ Some providers are maintained by HashiCorp
✅ Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform providers
⬜ None of the above
Who is the provider for the below resource?
resource "aws_vpc" "main" {
name = "test"
}
⬜ vpc
⬜ main
✅ aws
⬜ test
Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
A provider configuration block is required in every Terraform configuration.
provider "provider_name" {
...
}
✅ true
⬜ false
Which provider configuration can be used to define multiple aws provider with different regions?
⬜ provider
⬜ source
⬜ region
✅ alias
Reference: https://developer.hashicorp.com/terraform/language/providers/configuration
What is a provider block without an alias meta argument?
✅ The default provider configuration.
⬜ A broken provider configuration.
⬜ A partial provider configuration.
⬜ There must be an alias meta argument.
How do you select the alternate aws provider for us-west-2 region?
# The default provider configuration
provider "aws" {
region = "us-east-1"
}
# Additional provider configuration for west coast region
provider "aws" {
alias = "west"
region = "us-west-2"
}
⬜ resource "aws_instance" "foo" { provider = aws }
✅ resource "aws_instance" "foo" { provider = aws.west }
⬜ resource "aws_instance" "foo" { provider = aws.us-west-2 }
⬜ resource "aws_instance" "foo" { provider = west }
Reference: https://developer.hashicorp.com/terraform/language/providers/configuration
What is the name assigned by Terraform to reference this resource?
resource "google_computer_instance" "main" {
name = "test"
}
⬜ computer_instance
✅ main
⬜ google
⬜ test
Examine the following Terraform configuration, which uses the data source for an AWS AMI. What value should you enter for the ami argument in the AWS instance resource?
data "aws_ami" "ubuntu" {
...
}
resource "aws_instance" "web" {
ami = ______________________
instance_type = "t3.micro"
}
⬜ aws_ami.ubuntu
⬜ data.aws_ami.ubuntu
✅ data.aws_ami.ubuntu.id
⬜ aws_ami.ubuntu.id
Data source attributes can be used in other resources using expression data.<TYPE>.<NAME>.<ATTRIBUTE>
Reference: https://developer.hashicorp.com/terraform/language/data-sources#description
What is the syntax to correctly reference a data source?
✅ data.<DATA TYPE>.<NAME>
⬜ data.<NAME>
⬜ data.<NAME>.<DATA TYPE>
⬜ <DATA TYPE>.<NAME>.data
data.<DATA TYPE>.<NAME>
is an object representing a data resource of the given data source type and name.
Reference: https://developer.hashicorp.com/terraform/language/expressions/references#data-sources
Terraform uses a lock file to ensure predictable runs when using ambiguous provider version constraints. How do you update the lock file?
✅ terraform providers lock
⬜ terraform lock
⬜ terraform apply lock
⬜ terraform lock provider -provider={PROVIDER_NAME}
Reference: https://developer.hashicorp.com/terraform/cli/commands/providers/lock
Terraform Input and Environment Variables
Consider the following configuration snippet: How would you define the cidr_block
for us-east-1
in the aws_vpc resource using a variable?
variable "vpc_cidrs" {
type = map
default = {
us-east-1 = "10.0.0.0/16"
us-east-2 = "10.1.0.0/16"
us-west-1 = "10.2.0.0/16"
us-west-2 = "10.3.0.0/16"
}
}
resource "aws_vpc" "shared" {
cidr_block = _____________
}
✅ var.vpc_cidrs["us-east-1"]
⬜ var.vpc_cidrs.0
⬜ vpc_cidrs["us-east-1"]
⬜ var.vpc_cidrs[0]
How can you set the value to a variable “region” declared in the configuration file?
⬜ Using command line terraform apply -var="region=us-east-1"
⬜ Using variable file terraform apply -var-file="variables.tfvars"
where the file contains: region=us-east-1
⬜ Using environment variable export TF_VAR_region=us-east-1
✅ All of the above
Reference: https://developer.hashicorp.com/terraform/language/values/variables
Which one of the following takes higher precedence in loading variable in Terraform?
✅ Command line flag terraform apply -var="region=us-east-1"
⬜ Configuration file – set in your terraform.tfvars file
⬜ Environment variable export TF_VAR_region=us-east-1
⬜ Default Config – default value in variables.tf
Reference: https://developer.hashicorp.com/terraform/language/values/variables
Which of the following is an invalid argument for defining input variable in Terraform?
⬜ default
⬜ type
⬜ description
⬜ validation
⬜ sensitive
⬜ nullable
✅ depends_on
depends_on is an optional argument for declaring output value, not for declaring input variable
Reference: https://developer.hashicorp.com/terraform/language/values/variables
How would you configure your input variable to fallback to a pre-declared value in your variable block?
✅ By specifying the default meta-argument.
⬜ By specifying the fallback meta-argument.
⬜ Terraform has a list of fallbacks that it will always implement if nothing is specified. E.g. aws_instance will fall back to a t2.micro if the size is not specifed.
⬜ Terraform will ask you to set a fallback when you run the terraform apply command.
Reference: https://developer.hashicorp.com/terraform/language/values/variables#default-values
You defined a variable and would like to reference it in your terraform configuration file. What is the syntax required to do so?
✅ var.<VARIABLE_NAME>
⬜ <VARIABLE_NAME>.var
⬜ var.<VARIABLE_NAME>.<RESOURCE_NAME>
⬜ <RESOURCE_NAME>.var.<VARIABLE_NAME>
Reference: https://developer.hashicorp.com/terraform/language/values/variables#using-input-variable-values
A Terraform local value can reference other Terraform local values?
✅ true
⬜ false
Reference: https://developer.hashicorp.com/terraform/language/values/locals
You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf files). You need to enable detailed logging to find this out. Which of the following would achieve this?
✅ Set the environment variable TF_LOG=TRACE
⬜ Set the environment variable TF_INPUT=1
⬜ Set the environment variable TF_VAR_LOG=TRACE
⬜ Set the environment variable TF_LOG_PATH=./terraform.log
Reference: https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_log
You are required to setup Terraform logs. Your boss asks you to make sure they always end up in one location such that they can be collected, and that they be set to the informational level. How would you accomplish this? (Choose 2 answers)
✅ Export the environment variable of TF_LOG to be INFO
✅ Export the TF_LOG_PATH environment variable to the requested path location.
⬜ Only invoke the terraform apply command in the location your boss wants the logs, because terraform automatically saves a .log file in the working directory.
⬜ Export the TF_PATH_LOG environment variable to the requested path location.
Reference: https://developer.hashicorp.com/terraform/cli/config/environment-variables
You have a Terraform variable that is declared as follows:
variable "num" {
default = 3
}
You have also defined the following environment variables in your BASH shell:-
export TF_VAR_num=10
You also have a terraform.tfvars file with the following contents:-
num = 7
When you run the following apply command, what is the value assigned to the num variable?
terraform apply -var num=4
✅ 4
⬜ 7
⬜ 3
⬜ 10
What are Data Sources in terraform?
✅ Data to be fetched or computed for use elsewhere in terraform configuration.
⬜ Similar to resources, they specify data to be created in the corresponding provider.
⬜ A binary set of operators that tell resources how to behave with certain meta-arguments.
⬜ Data sources are a way for terraform to keep track of all resources created in the provider’s infrastructure.
Reference: https://developer.hashicorp.com/terraform/language/data-sources
Terraform Module
Which of the following best describes a Terraform module?
✅ A collection of resources that make up a specific piece of infrastructure
⬜ A plugin that allows Terraform to interact with a specific cloud provider or service
⬜ A set of variables used to configure Terraform resources
⬜ A tool for managing Docker containers
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax
In Terraform, what is a module?
✅ A grouping of multiple resources that are used together.
⬜ A singular, non-abstractive, resource.
⬜ Essentially a comment, it doesn’t do anything except to describe a set of resources.
⬜ Similar to programming functions, modules are used to write code in Golang for direct interaction with Terraform.
Reference: https://developer.hashicorp.com/terraform/language/modules
In Terraform, What are modules used for?
⬜ Organize configuration
⬜ Encapsulate configuration
⬜ Re-use configuration
✅ All of the above
Reference: https://developer.hashicorp.com/terraform/tutorials/modules/module#what-are-modules-for
Which one of the following is the required argument for calling a module?
⬜ version
✅ source
⬜ providers
⬜ depends_on
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#calling-a-child-module
What are three meta-arguments, along with source and version, that a module can use? (Choose 3 answers)
✅ for_each
✅ count
⬜ max
✅ depends_on
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#meta-arguments
Which one of the following is a valid source type to download the source code of a module?
⬜ Terraform Registry
⬜ Github
⬜ Bitbucket
⬜ HTTP URLs
⬜ S3 buckets
✅ All of the above
Reference: https://developer.hashicorp.com/terraform/language/modules/sources
Which one of the following file extension recognized by terraform while fetching archived module over HTTP?
⬜ zip
⬜ tar.bz2 and tbz2
⬜ tar.gz and tgz
⬜ tar.xz and txz
✅ All of the above
Reference: https://developer.hashicorp.com/terraform/language/modules/sources#fetching-archives-over-http
How do you download a module configured in your Terraform code?
module "consul" {
source = "hashicorp/consul/aws"
version = "0.1.0"
}
⬜ terraform get module consul
⬜ terraform install modules consul
✅ terraform init
⬜ terraform module init
Reference: https://developer.hashicorp.com/terraform/language/modules/sources
How do you correctly reference a private registry module source?
✅ <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>
⬜ <NAMESPACE>/<NAME>/<PROVIDER>
⬜ <HOSTNAME>/<NAMESPACE>/<PROVIDER>
⬜ <NAMESPACE>/<NAME>/<PROVIDER>/<HOSTNAME>
When specifying a source for a private registry, the correct Syntax is <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>
. It is different than the public registry because it includes the <HOSTNAME>
field.
Reference: https://developer.hashicorp.com/terraform/registry/modules/use#private-registry-module-sources
How do you reference module source from public terraform registry?
✅ <NAMESPACE>/<NAME>/<PROVIDER>
⬜ <NAMESPACE>/<PROVIDER>/<NAME>
⬜ <NAMESPACE>/<PROVIDER>
⬜ <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>
Let’s look at the example of referencing module from public terraform registry:-
module "consul" {
source = "hashicorp/consul/aws" #<NAMESPACE>/<NAME>/<PROVIDER>
version = "0.1.0"
}
Reference: https://developer.hashicorp.com/terraform/language/modules/sources#terraform-registry
When specifying a module, what is the best practice for the implementation of the meta-argument version?
✅ The best practice is to explicitly set the version argument as a version constraint string from the Terraform registry.
⬜ The best practice is to use no version and accept the latest version.
⬜ The best practice is to download the module, place it in your working directory, then source that module, and specify the version that was downloaded.
⬜ The best practice is to always ensure you append beta to the end of the version. This allows you and your team to always be working on the latest and greatest features for that module.
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#version
How do you access module attributes?
✅ Through the child module, by declaring an output value to selectively export certain values to be accessed by the calling module.
⬜ Through the parent module, by declaring an output value to selectively export certain values to be accessed by the calling module.
⬜ By specifying the outputs block.
⬜ When apply is ran, you must pass in -resource-output={ATTRIBUTE.NAME}.
The resources defined in a module are encapsulated, so the calling module cannot access their attributes directly. However, the child module can declare output values to selectively export certain values to be accessed by the calling module.
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#accessing-module-output-values
Who can publish and share modules on the Terraform Registry?
✅ Anyone
⬜ Only specific providers
⬜ Those who have passed the Hashicorp Terraform Associate exam
⬜ Only those who have contributed to Open Source Terraform
Anyone can publish and share modules on the Terraform Registry.
Reference: https://developer.hashicorp.com/terraform/registry/modules/publish
Security
You want to ensure that your S3 buckets are securely encrypted. What is the best way to achieve this?
⬜ Create a Git hook that checks if the encryption parameter is enabled.
⬜ Use AWS KMS to store a security key.
⬜ Create a lambda function triggered on a “create bucket CloudTrail” event.
✅ Create a security policy using Sentinel policies.
Reference: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel
Which of the following below helps users to deploy policy as a code?
⬜ Resources
⬜ Functions
✅ Sentinel
⬜ Workspaces
HashiCorp Sentinel is a(n) _____ framework.
⬜ platform as a service
⬜ function as a service
⬜ infrastructure as code
✅ policy as code
Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state files. How can you protect sensitive data stored in Terraform state files?
⬜ Delete the state file every time you run Terraform
✅ Store the state in an encrypted backend
⬜ Edit your state file to scrub out the sensitive data
⬜ Always store your secrets in a secrets.tfvars file.
Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data
Terraform Version Constraint
Which version constraint should use to set both a lower and upper bound on versions for each provider. Also known as pessimistic constraint operator?
⬜ >=
✅ ~>
⬜ !=
⬜ <>
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
What does the specified contraint version = “~> 1.0.4” means in required_providers block?
terraform {
required_providers {
mycloud = {
source = "mycorp/mycloud"
version = "~> 1.0.4"
}
}
}
⬜ >= 1.0.4 and <= 1.1.0
✅ >= 1.0.4 and < 1.1.0
⬜ > 1.0.4 and < 2.0.0
⬜ >= 1.0.5 and < 1.1.0
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
What does this symbol version = “~> 1.0.0” mean when defining versions?
⬜ > 1.0 and < 2.0
✅ >= 1.0 and < 2.0
⬜ >= 1.0 and <= 2.0
⬜ > 1.0.0 and < 2.0.0
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
What is the provider version of Google Cloud being used in Terraform? Select all valid options.
provider "google" {
version = "~> 1.9.0"
}
✅ 1.9.1
⬜ 1.10.0
⬜ 1.8.0
✅ 1.9.9
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
How do you force users to use a particular version of required providers in your terraform code?
✅ terraform { required_providers { aws = { source = “hashicorp/aws” version =”3.74.1″ } } }
⬜ terraform { aws = { source = “hashicorp/aws” version = “~>3.74.1” } }
⬜ aws = { source = “hashicorp/aws” version = “3.74.1” }
⬜ terraform { required_providers { aws = { source = “hashicorp/aws” version =”~>3.74.1″ } } }
Terraform Types and Functions
Which of the following is not a valid Terraform Primitive type?
⬜ string
⬜ number
✅ double
⬜ bool
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#primitive-types
What are two complex types in terraform? (Choose 2 answers)
✅ A Collection Type
✅ A Structural Type
⬜ A String Type
⬜ A float64 type
Collection and Structural types are the two types that are considered complex types in terraform
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#complex-types
What are complex types in terraform?
✅ A type that groups multiple values into a single value.
⬜ A variation of a string type.
⬜ A variance of a data source.
⬜ A type that derives its value from RegEx logic.
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#complex-types
If an input variable has no type value set, what type does it accept?
✅ Any type.
⬜ None, it has to have a type value set.
⬜ Terraform infers the type when it is referenced.
⬜ Type string. As strings can be interpreted in a number of ways by Terraform.
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. If no type constraint is set then a value of any type is accepted.
Reference: https://developer.hashicorp.com/terraform/language/values/variables#type-constraints
Which of the following is not a valid Terraform Collection type?
⬜ list()
⬜ map()
✅ tree()
⬜ set()
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#collection-types
Which of the followings are valid Terraform Structural types? Choose TWO correct answers.
⬜ optional()
✅ object()
⬜ pair()
✅ tuple()
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#structural-types
Which of the following is not a valid string function in Terraform?
⬜ split()
⬜ join()
✅ slice()
⬜ chomp()
Reference: https://developer.hashicorp.com/terraform/language/functions
What are some built-in functions that terraform provides? (Choose 3 answers.)
✅ max()
✅ regex()
✅ alltrue()
⬜ delete()
Reference: https://developer.hashicorp.com/terraform/language/functions
Source: Internet