HashiCorp Certified: Terraform Associate (003) Flashcards
The terraform.tfstate file always matches your currently built infrastructure.
A. True
B. False
B
One remote backend configuration always maps to a single remote workspace.
A. True
B. False
A
How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?
A. It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
B. It doesn’t show the output of a terraform apply locally
C. It is only available to paying customers
D. All of the above
A
What is the workflow for deploying new infrastructure with Terraform?
A. terraform plan to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
B. Write a Terraform configuration, run terraform show to view proposed changes, and terraform apply to create new infrastructure.
C. terraform import to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
D. Write a Terraform configuration, run terraform init, run terraform plan to view planned infrastructure changes, and terraform apply to create new infrastructure.
D
A provider configuration block is required in every Terraform configuration.
Example:
A. True
B. False
A
You run a local-exec provisioner in a null resource called null_resource.run_script and realize that you need to rerun the script.
Which of the following commands would you use first?
A. terraform taint null_resource.run_script
B. terraform apply -target=null_resource.run_script
C. terraform validate null_resource.run_script
D. terraform plan -target=null_resource.run_script
A
Which provisioner invokes a process on the resource created by Terraform?
A. remote-exec
B. null-exec
C. local-exec
D. file
A
Which of the following is not true of Terraform providers?
A. Providers can be written by individuals
B. Providers can be maintained by a community of users
C. Some providers are maintained by HashiCorp
D. Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform providers
E. None of the above
D
What command does Terraform require the first time you run it within a configuration directory?
A. terraform import
B. terraform init
C. terraform plan
D. terraform workspace
B
You have deployed a new webapp with a public IP address on a cloud provider. However, you did not create any outputs for your code.
What is the best method to quickly find the IP address of the resource you deployed?
A. Run terraform output ip_address to view the result
B. In a new folder, use the terraform_remote_state data source to load in the state file, then write an output for each resource that you find the state file
C. Run terraform state list to find the name of the resource, then terraform state show to find the attributes including public IP address
D. Run terraform destroy then terraform apply and look for the IP address in stdout
A
Which of the following is not a key principle of infrastructure as code?
A. Versioned infrastructure
B. Golden images
C. Idempotence
D. Self-describing infrastructure
A, B, D
Terraform variables and outputs that set the “description” argument will store that description in the state file.
A. True
B. False
A
If you manually destroy infrastructure, what is the best practice reflecting this change in Terraform?
A. Run terraform refresh
B. It will happen automatically
C. Manually update the state fire
D. Run terraform import
B
What is not processed when running a terraform refresh?
A. State file
B. Configuration file
C. Credentials
D. Cloud provider
C, D
What information does the public Terraform Module Registry automatically expose about published modules?
A. Required input variables
B. Optional inputs variables and default values
C. Outputs
D. All of the above
E. None of the above
E
If a module uses a local values, you can expose that value with a terraform output.
A. True
B. False
A
You should store secret data in the same version control repository as your Terraform configuration.
A. True
B. False
B
Which of the following is not a valid string function in Terraform?
A. split
B. join
C. slice
D. chomp
D
You have provisioned some virtual machines (VMs) on Google Cloud Platform (GCP) using the gcloud command line tool. However, you are standardizing with
Terraform and want to manage these VMs using Terraform instead.
What are the two things you must do to achieve this? (Choose two.)
A. Provision new VMs using Terraform with the same VM names
B. Use the terraform import command for the existing VMs
C. Write Terraform configuration for the existing VMs
D. Run the terraform import-gcp command
B, D
You have recently started a new job at a retailer as an engineer. As part of this new role, you have been tasked with evaluating multiple outages that occurred during peak shopping time during the holiday season. Your investigation found that the team is manually deploying new compute instances and configuring each compute instance manually. This has led to inconsistent configuration between each compute instance.
How would you solve this using infrastructure as code?
A. Implement a ticketing workflow that makes engineers submit a ticket before manually provisioning and configuring a resource
B. Implement a checklist that engineers can follow when configuring compute instances
C. Replace the compute instance type with a larger version to reduce the number of required deployments
D. Implement a provisioning pipeline that deploys infrastructure configurations committed to your version control system following code reviews
A
terraform init initializes a sample main.tf file in the current directory.
A. True
B. False
A
Which two steps are required to provision new infrastructure in the Terraform workflow? (Choose two.)
A. Destroy
B. Apply
C. Import
D. Init
E. Validate
B, D
Why would you use the terraform taint command?
A. When you want to force Terraform to destroy a resource on the next apply
B. When you want to force Terraform to destroy and recreate a resource on the next apply
C. When you want Terraform to ignore a resource on the next apply
D. When you want Terraform to destroy all the infrastructure in your workspace
B
Terraform requires the Go runtime as a prerequisite for installation.
A. True
B. False
B
When should you use the force-unlock command?
A. You see a status message that you cannot acquire the lock
B. You have a high priority change
C. Automatic unlocking failed
D. You apply failed due to a state lock
C
Terraform can import modules from a number of sources `” which of the following is not a valid source?
A. FTP server
B. GitHub repository
C. Local path
D. Terraform Module Registry
A
Which of the following is available only in Terraform Enterprise or Cloud workspaces and not in Terraform CLI?
A. Secure variable storage
B. Support for multiple cloud providers
C. Dry runs with terraform plan
D. Using the workspace as a data source
A
terraform validate validates the syntax of Terraform files.
A. True
B. False
A
You have used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your
Terraform configuration. To be safe, you would like to first see all the infrastructure that will be deleted by Terraform.
Which command should you use to show all of the resources that will be deleted? (Choose two.)
A. Run terraform plan -destroy.
B. This is not possible. You can only show resources that will be created.
C. Run terraform state rm *.
D. Run terraform destroy and it will first output all the resources that will be deleted before prompting for approval.
C, D
Which of the following is the correct way to pass the value in the variable num_servers into a module with the input servers?
A. servers = num_servers
B. servers = variable.num_servers
C. servers = var(num_servers)
D. servers = var.num_servers
A
A Terraform provisioner must be nested inside a resource configuration block.
A. True
B. False
A
Terraform can run on Windows or Linux, but it requires a Server version of the Windows operating system.
A. True
B. False
B
What does the default “local” Terraform backend store?
A. tfplan files
B. Terraform binary
C. Provider plugins
D. State file
D
You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for readability.
How can you format Terraform HCL (HashiCorp Configuration Language) code according to standard Terraform style convention?
A. Run the terraform fmt command during the code linting phase of your CI/CD process
B. Designate one person in each team to review and format everyone’s code
C. Manually apply two spaces indentation and align equal sign “=” characters in every Terraform file (*.tf)
D. Write a shell script to transform Terraform files using tools such as AWK, Python, and sed
C
What value does the Terraform Cloud/Terraform Enterprise private module registry provide over the public Terraform Module Registry?
A. The ability to share modules with public Terraform users and members of Terraform Enterprise Organizations
B. The ability to tag modules by version or release
C. The ability to restrict modules to members of Terraform Cloud or Enterprise organizations
D. The ability to share modules publicly with any user of Terraform
D
Which task does terraform init not perform?
A. Sources all providers present in the configuration and ensures they are downloaded and available locally
B. Connects to the backend
C. Sources any modules and copies the configuration locally
D. Validates all required variables are present
D
You have declared a variable called var.list which is a list of objects that all have an attribute id.
Which options will produce a list of the IDs? (Choose two.)
A. { for o in var.list : o => o.id }
B. var.list[].id
C. [ var.list[].id ]
D. [ for o in var.list : o.id ]
A, B
Which argument(s) is (are) required when declaring a Terraform variable?
A. type
B. default
C. description
D. All of the above
E. None of the above
B
When using a module block to reference a module stored on the public Terraform Module Registry such as:
How do you specify version 1.0.0?
A. Modules stored on the public Terraform Module Registry do not support versioning
B. Append ?ref=v1.0.0 argument to the source path
C. Add version = “1.0.0” attribute to module block
D. Nothing ג€” modules stored on the public Terraform Module Registry always default to version 1.0.0
C
What features does the hosted service Terraform Cloud provide? (Choose two.)
A. Automated infrastructure deployment visualization
B. Automatic backups
C. Remote state storage
D. A web-based user interface (UI)
B, C
Where does the Terraform local backend store its state?
A. In the /tmp directory
B. In the terraform file
C. In the terraform.tfstate file
D. In the user’s terraform.state file
C
Which option can not be used to keep secrets out of Terraform configuration files?
A. A Terraform provider
B. Environment variables
C. A -var flag
D. secure string
C
What is one disadvantage of using dynamic blocks in Terraform?
A. They cannot be used to loop through a list of values
B. Dynamic blocks can construct repeatable nested blocks
C. They make configuration harder to read and understand
D. Terraform will run more slowly
A
Only the user that generated a plan may apply it.
A. True
B. False
B
Examine the following Terraform configuration, which uses the data source for an AWS AMI.
What value should you enter for the ami argument in the AWS instance resource?
A. aws_ami.ubuntu
B. data.aws_ami.ubuntu
C. data.aws_ami.ubuntu.id
D. aws_ami.ubuntu.id
C
You need to specify a dependency manually.
What resource meta-parameter can you use to make sure Terraform respects the dependency?
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
FILL BLANK - depends_on
You have never used Terraform before and would like to test it out using a shared team account for a cloud provider. The shared team account already contains
15 virtual machines (VM). You develop a Terraform configuration containing one VM, perform terraform apply, and see that your VM was created successfully.
What should you do to delete the newly-created VM with Terraform?
A. The Terraform state file contains all 16 VMs in the team account. Execute terraform destroy and select the newly-created VM.
B. The Terraform state file only contains the one new VM. Execute terraform destroy.
C. Delete the Terraform state file and execute Terraform apply.
D. Delete the VM using the cloud provider console and terraform apply to apply the changes to the Terraform state file.
B
What is the name assigned by Terraform to reference this resource?
A. dev
B. azurerm_resource_group
C. azurerm
D. test
A
Setting the TF_LOG environment variable to DEBUG causes debug messages to be logged into syslog.
A. True
B. False
A
How can a ticket-based system slow down infrastructure provisioning and limit the ability to scale? (Choose two.)
A. A full audit trail of the request and fulfillment process is generated
B. A request must be submitted for infrastructure changes
C. As additional resources are required, more tickets are submitted
D. A catalog of approved resources can be accessed from drop down lists in a request form
B, C
You can reference a resource created with for_each using a Splat (*) expression.
A. True
B. False
B
Explanation:
Splat Expressions with Maps The splat expression patterns shown above apply only to lists, sets, and tuples. To get a similar result with a map or object value you must use for expressions. Resources that use the for_each argument will appear in expressions as a map of objects, so you can’t use splat expressions with those resources. For more information, see Referring to Resource Instances. https://www.terraform.io/language/meta-arguments/for_each#referring-to-instances
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example git::https://example.com/vpc.git)?
A. Append ref=v1. 0. 0 argument to the source path
B. Add version = “1.0.0” parameter to module block
C. Nothing “ modules stored on GitHub always default to version 1.0.0
D. Modules stored on GitHub do not support versioning
A
What does terraform destroy do?
A. Destroy all infrastructure in the Terraform state file
B. Destroy all Terraform code files in the current directory while leaving the state file intact
C. Destroy all infrastructure in the configured Terraform provider
D. Destroy the Terraform state file while leaving infrastructure intact
A
Explanation:
The terraform destroy command terminates resources managed by your Terraform project. This command is the inverse of terraform apply in that it terminates all the resources specified in your Terraform state. It does not destroy resources running elsewhere that are not managed by the current Terraform project.
You’re writing a Terraform configuration that needs to read input from a local file called id_rsa.pub. Which built-in Terraform function can you use to import the file’s contents as a string?
A. fileset(“id_rsa.pub”)
B. filebase64(“id_rsa.pub”)
C. templatefile(“id_rsa.pub”)
D. file(“id_rsa.pub”)
D
You need to migrate a workspace to use a remote backend. After updating your configuration, what command do you run to perform the migration?
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
A. terraform init
B. terraform onit
A
Once you have authenticated to Terraform Cloud, you’re ready to migrate your local state file to Terraform Cloud. To begin the migration, reinitialize. This causes Terraform to recognize your cloud block configuration.
When should Terraform configuration files be written when running terraform import on existing infrastructure?
A. Infrastructure can be imported without corresponding Terraform code
B. Terraform will generate the corresponding configuration files for you
C. You should write Terraform configuration files after the next terraform import is executed
D. Terraform configuration should be written before terraform import is executed
D
Explanation:
The current implementation of Terraform import can only import resources into the state. It does not generate configuration. A future version of Terraform will also generate configuration. Because of this, prior to running terraform import it is necessary to write manually a resource configuration block for the resource, to which the imported object will be mapped.
A Terraform backend determines how Terraform loads state and stores updates when you execute.
A. apply
B. taint
C. destroy
D. All of the above
E. None of the above
D
What does Terraform use .terraform.lock.hcl file for?
A. Tracking provider dependencies
B. There is no such file
C. Preventing Terraform runs from occurring
D. Storing references to workspaces which are locked
A
Explanation:
“hcl , and this name is intended to signify that it is a lock file for various items that Terraform caches in the . terraform subdirectory of your working directory. Terraform automatically creates or updates the dependency lock file each time you run the terraform init command.”
A junior admin accidentally deleted some of your cloud instances. What does Terraform do when you run terraform apply?
A. Build a completely brand new set of infrastructure
B. Tear down the entire workspace infrastructure and rebuild it
C. Rebuild only the instances that were deleted
D. Stop and generate an error message about the missing instances
C
Which are forbidden actions when the Terraform state file is locked? (Choose three.)
A. terraform destroy
B. terraform fmt
C. terraform state list
D. terraform apply
E. terraform plan
F. terraform validate
A, D, E
How would you reference the Volume IDs associated with the ebs_block_device blocks in this configuration?
A. aws_instance.example.ebs_block_device.[].volume_id
B. aws_instance.example.ebs_block_device.volume_id
C. aws_instance.example.ebs_block_device[sda2,sda3].volume_id
D. aws_instance.example.ebs_block_device..volume_id
A
In the below configuration, how would you reference the module output vpc_id?
Type your answer in the field provided. The text field is not case sensitive and all variations of the correct answer are accepted.
A. module.vpc.vpc_id
B. module.vpc.cpc_id
A
Which are examples of infrastructure as code? (Choose two.)
A. Cloned virtual machine images
B. Change management database records
C. Versioned configuration files
D. Docker files
C, D
You cannot install third party plugins using terraform init.
A. True
B. False
B
Explanation:
For providers that are published in either the public Terraform Registry or in a third-party provider registry, terraform init will automatically find, download, and install the necessary provider plugins.
Which command lets you experiment with Terraform’s built-in functions?
A. terraform env
B. terraform console
C. terraform test
D. terraform validate
B
Terraform console provides an interactive command-line console for evaluating and experimenting with expressions. You can use it to test interpolations before using them in configurations and to interact with any values currently saved in state.
Which configuration consistency errors does terraform validate report?
A. A mix of spaces and tabs in configuration files
B. Differences between local and remote state
C. Terraform module isn’t the latest version
D. Declaring a resource identifier more than once
D
Explanation:
validate will look for syntax errors “Declaring a resource identifier more than once” is a syntax error
Which of the following Terraform commands is used to initialize a Terraform working directory?
a) terraform validate
b) terraform plan
c) terraform init
d) terraform apply
C
What is Terraform?
a) A configuration management tool
b) A cloud orchestration tool
c) A programming language
d) An infrastructure as code tool
D