Terraform Flashcards

Question 1

Q

You have configured a variable and didn’t set any value and when you do ‘terraform plan’ does it ask for input value?

True
False

Answer

A

True

Whenever there is a variable set and no value configured upon terraform plan it will give you an option to enter the value

Question 2

Q

On terraform plan command execution log, you see tilde (~) sign. What does this sign represent? Whether the resource it is pointing to will get deleted on terraform apply?

True
False

Answer

A

False

Tilde symbol means resources will be updated in place.

Question 3

Q

is state-unlock the command to unlock the locked state file

True
False

Answer

A

False

Force-unlock is the command to remove lock from a state file

Question 4

Q

Hashicorp suggests using local-exec to run scripts on local machines with null_resources.

True
False

Question 5

Q

Not all of the “backend types” support locking? Please choose from below which support locking?

artifactory
consul
DynamoDB
azurerm

Answer

A

consul
DynamoDB
azurerm

Question 6

Q

You have configured 10 instances from a single configuration by using which configuration you can keep switching back ?

workspaces
local values
backend
remote_exec

Answer

A

workspaces

Question 7

Q

Which of the following is not a native Infrastructure as code tool?

Cloudformation
Azure Resource Manager
Terraform
Puppet

Question 8

Q

Terraform allows you to define multiple providers resources in a single terraform configuration file?

Answer

A

True

https://www.terraform.io/intro/use-cases.html%23multi-cloud-deployment

Question 9

Q

What happens if a provisioner fails to execute?

when = destroy

Answer

A

1) . Terraform will error
2) . Rerun the provisioners again on the next terraform apply

Due to this behavior, care should be taken for destroy provisioners to be safe to run multiple times.

Question 10

Q

A newbie is allocated to a terraform project, he/she has been given the task of configuring applications on servers using terraform. All the servers are created using terraform. While doing configuration he/she succeeds in all servers, but one server is messed due to application configuration. So he wants to destroy this server and launch a new one.

A terraform destroy -target=resource_name.variable_name
B terraform plan -target=resource_name.variable_name then terraform apply
C terraform taint resource_name.variable_name then terraform apply
D terraform state rm resource_name.variable_name then terraform apply

Answer

A

C. terraform taint resource_name.variable_name then terraform apply

Question 11

Q

What happens when a “terraform taint” is applied to a resource?

A terraform will destroy the resource
B. terraform will modify the state file with resource status marked as tainted
C. terraform will destroy and recreate a new resource with the same configuration
D. terraform destroys and recreates all resources in the state file

Answer

A

B. terraform will modify the state file with resource status “marked as tainted”.

Terraform represents this by marking the object as “tainted” in the Terraform state, in which case Terraform will propose to replace it in the next plan you create.

Question 12

Q

Bob works for a company Fusion Corp. The internal IT team has downloaded and kept the plugins in common path so that all team members use the same version of plugins. How can

configure terraform to use these pre-downloaded plugins, instead of downloading new plugins.

A terraform init plugin-dir-PATH

B.terraform init ~plugin-path=PATH

C. terraform init -get-plugins=PATH

D.terraform init plugin-file=PATH

Answer

A

terraform init plugin-dir-PATH

Explanation:

Answer: A
+ Option A is CORRECT plugin-dir option Skips plugin installation and loads plugins only from the specified directory.

+ Option Bi s INCORRECT because plugin-path option is not present in nit command

+ Option C is INCORRECT because get-plugins accepts value a Boolean value. Skips plugin installation, Terraform will use plugins installed in the user plugins directory. and any
plugins already installed for the current working directory. Ifthe installed plugins aren’t sufficient for the configuration, init fal

+ Option Dis INCORRECT plugin-fil is not a valid option for init command,

~plugin-dir=PATH Skips plugin installation and loads plugins only from the specified directory. This ignores the user plugins directory and any plugins already installed in the current

Question 13

Q

Which of the following is true about third-party plugins? (Select two)

A. Third-party plugins also get downloaded automatically from Terraform version 0.12
B. Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on the OS
C. Third-party plugins should be installed only into the user plugins directory, no other directories are supported for third party plugins
D. Third-party plugins that are approved by HashiCorp are supported
E. Plugins can be written only in Go Language

Answer

A

B. Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on the OS
D. Plugins can be written only in Go Language

Question 14

Q

How to save a destroy plan to a file before destroying it?

terraform plan -destroy
terraform plan
terraform plan -out=PATH
terraform plan -destroy -out=PATH

Answer

A

terraform plan -destroy -out=PATH

Question 15

Q

How can we skip the interactive approval for terraform apply command? (Select two)

A. terraform apply –auto-approve
B. terraform apply-yes
C. terraform plan -out=”test.tfplan” and terraform apply test.tfplan
D. terraform apply -auto-approve=true

Answer

A

A. terraform apply –auto-approve

C. terraform plan -out=”test.tfplan” and terraform apply test.tfplan

Question 16

Q

Which of the following is true about local backend? (select two)?

A. local backend stores state on the local file system
B. locks that state using system APIs
C. performs operations locally and remotely
D. Data at rest is encrypted by terraform
E. locks that state using terraform prebuilt APIs

Answer

A

A. local backend stores state on the local file system

B. locks that state using system APIs

Question 17

Q

When multiple team members are working on the same state file, the state file gets locked. How would you remove the lock?

terraform force-unlock LOCK_ID
terraform force-unlock STATE_FILE
terraform unlock LOCK_ID
terraform force-unlock=true

Answer

A

terraform force-unlock LOCK_ID

Usage: terraform force-unlock [options] LOCK_ID [DIR]

https://www.terraform.io/docs/cli/commands/force-unlock.html

Question 18

Q

Which of the following backends supports “state storage” with default locking? (Select two)

s3
azurerm
gcs
http
artifactory

Answer

A

azurerm

- gcs

Question 19

Q

Bob wants to see all the terraform output values stored in terraform.tfstate file. Which of the below commands will do the task? (Select Three)

A. terraform output
B. terraform show
C. terraform output -state=terraform.state
D. terraform state list
E. terraform show terraform.tfstate

Answer

A

A. terraform output
B. terraform show
C. terraform output -state=terraform.tfstate

https://www.terraform.io/docs/cli/commands/output.html

Question 20

Q

What are the benefits of using consul? (Select Two)

A. Consul is a tool not for orchestration
B. Consul is used for service discovery and configuration
C. Consul helps to expose resources to be used to interact with consul cluster
D. Consul is not a provider for consul remote state backend

Answer

A

B. Consul is used for service discovery and configuration
C. Consul helps to expose resources to be used to interact with consul cluster

https://registry.terraform.io/providers/hashicorp/consul/latest/docs

Question 21

Q

Please identify which of the below features best apply

resource “aws_ec2_instance

{
name ‘test-terraforn”
application = “S{aws_ec2_instance. test-terraforn }”

dynamic “setting”
{

for_each = var.test
content

{

}
}

A. Resource
B. Providers
C. Local-exec
D.Dynamic-block

Answer

A

Explanation:

Answer:D Dynamic Block

https://wwterraformio|does/configuration/expressionshtmt

‘dynamic blocks are to be defined and can define multiple nested blocks inside the dynamic block

Question 22

Q

What are the benefits of policy as code feature sentinel?

A. Sandboxing
B. Encryption
C. Automation
D. Codification

Answer

A

A. Sandboxing
C. Automation
D. Codification

Question 23

Q

You been asked to manually taint a resource using cli which commands from below you use?

A. terraform taint -resource-name
B. terraform taint resource.id
C. terraform taint = resource.id
D. terraform taint resource.id -name

Answer

A

B. terraform taint resource.id

https://www.terraform.io/docs/commands/taint.html

Question 24

Q

You are using a vault provider, and during what phase does it get the data?

terraform refresh
terraform apply
terraform plan
terraform init

Answer

A

terraform init

Question 25

Q

What is the use of local-exec in terraform? Choose all that apply

A. to invoke commands locally on the remote host
B. usually to run commands on the machine where terraform is running
C. use to invoke scripts locally
D. locally create variables and run in terraform

Answer

A

B. usually to run commands on the machine where terraform is running
C. use to invoke scripts locally

Question 26

Q

You are making some changes to terraform configuration and do you need to apply to terraform init every time?
What are the cases where terraform init needs to be called?
Choose 3

A. on any new environment that configures a backend
B. on removing backend configuration completely
C. on any change of backend configuration
D. Every time you add some configs run init so that it makes sure everything is up to date

Answer

A

A. on any new environment that configures a backend
B. on removing backend configuration completely
C. on any change of backend configuration

Question 27

Q

Please choose the operation systems which support terraform enterprise. Choose all that are applicable?

A. Fedora
B. Ubuntu 16.04.3
C. Centos - 7.7
D. Windows 7
E. All of the above

Answer

A

B. Ubuntu 16.0.4.3

C. Centos - 7.7

Question 28

Q

What are the benefits of a private registry? Please choose 3 from below:

A. Terraform cloud private registry is a paid feature
B. Using a private registry all the modules can be shared across within or across organizations. 
C. It supports module versioning, filterable list of available modules, and configuration designer to build new workspaces
D. It is very similar to public terraform registry

Answer

A

B. Using a private registry all the modules can be shared across within or across organizations. 
C. It supports module versioning, filterable list of available modules, and configuration designer to build new workspaces
D. It is very similar to the public terraform registry

Question 29

Q

What features are exclusive to Terraform Enterprise from below. (select three)

A. Saml/sso
B. Audit logging
C. Remote state
D. ServiceNow integration
E. Private module registry

Answer

A

A. Saml/sso
B. Audit Logging
D. ServiceNow integration

Question 30

Q

What does the .terraform.lock.hcl file responsible for?

Answer

A

This is the dependency lock file that tracks only provider dependencies.

The lock file is always named .terraform.lock.hcl, and this name is intended to signify that it is a lock file for various items that Terraform caches in the .terraform subdirectory of your working directory.

Terraform automatically creates or updates the dependency lock file each time you run the terraform init command.

Terraform 0.14 added support for a lock file which gets created or updated every time you run terraform init. The file is typically generated into your working directory (i.e., the folder in which you ran terraform init) and is called .terraform.lock.hcl. “It captures the versions of all the Terraform providers you’re using”. Normally, you want to check this file into version control so that when your team members run Terraform, they get the exact same provider versions.

When terraform init is working on installing all of the providers needed for a configuration, “Terraform considers both the version constraints in the configuration and the version selections recorded in the lock file.”

If a particular provider has no existing recorded selection, Terraform will select the newest available version that matches the given version constraint, and then update the lock file to include that selection.

If a particular provider already has a selection recorded in the lock file, Terraform will always re-select that version for installation, even if a newer version has become available. You can override that behavior by adding the -upgrade option when you run terraform init, in which case Terraform will disregard the existing selections and once again select the newest available version matching the version constraint.

Because the dependency lock file is primarily maintained automatically by Terraform itself, rather than being updated manually by you or your team, your version control system may show you that the file has changed.

Question 31

Q

Terraform refresh is automatically run in which of the following commands?

terraform state
terraform output
terraform validate
terraform plan
terraform apply

Answer

A

terraform plan

- terraform apply

Question 32

Q

What are the Operating Systems supported by Terraform Enterprise?

Ubuntu
Oracle Linux
Red Hat Enterprise Linux
CentOS
Amazon Linux
Debian

Answer

A

Ubuntu
Oracle Linux
Red Hat Enterprise Linux
CentOS
Amazon Linux
Debian

Question 33

Q

Which of the following features are exclusive to Terraform Enterprise product. (Choose Three)

SAML/SSO
Cost Estimation
Firewall Rules
Clustering
Sentinel
Audit Logs

Answer

A

SAML/SSO
Clustering
Audit Logs

Question 34

Q

Before a new provider is used, the following action needs to be performed?
Choose 2

A). It must be available in the module registry
B). It must be approved by HashiCorp Team
C). It must be initialzed
D). It must be declared within the Terraform configuration

Answer

A

C). It must be initialzed

D). It must be declared within the Terraform configuration

Question 35

Q

Terraform Enterprise does not support local backend type?

Answer

A

False

Terraform Enterprise does support a local backend type.

Question 36

Q

Terraform downloads community providers automatically when using terraform init?

True
False
???

Answer

A

False ????

terraform init cannot automatically download Community providers. Anyone can develop and distribute their own Terraform providers.

(See Writing Custom Providers for more about provider development.) These third-party providers must be manually installed, since terraform init cannot automatically download them

Question 37

Q

Which among these are the supported VCS Provider for Terraform?

GitHub.com
Bitbucket Cloud
Azure DevOps Server
Azure DevOps Services
ECR Git Server

Answer

A

GitHub.com
Bitbucket Cloud
Azure DevOps Server
Azure DevOps Services

Question 38

Q

Which one among these are supported syntax for comments in terraform?

#
/* and */
//

Answer

A

#
/* and */
//

Question 39

Q

Which among the following files must be ignored when committing to Git?

resources. tf
variables. tf
terraform. tfvars
terraform. tfstate

Answer

A

terraform. tfvars

terraform. tfstate

Question 40

Q

What are the supported VCS providers in Terraform Cloud?

S3
GitHub
Azure DevOps Server
GitHub Enterprise
Bitbucket

Answer

A

GitHub
Azure DevOps Server
GitHub Enterprise
Bitbucket

Question 41

Q

Which approach can be used to manually write the state file in terraform?

terraform state pull
terraform push
terraform state push
N/A

Answer

A

terraform state push

You can also manually write state with terraform state push. This is extremely dangerous and should be avoided if possible. This will overwrite the remote state. This can be used to do manual fixups if necessary

Question 42

Q

Which command can be used to perform an inspection on the current terraform state file?

terraform read
terraform inspect
terraform show
terraform state=

Answer

A

terraform show

Question 43

Q

In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?

Input Parameters
Modules
Regex
Output Value

Answer

A

Input Parameters “Variables”

Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module’s own source code, and allowing modules to be shared between different configurations.

Question 44

Q

Medium Corp has collaborated with multiple small corps to exchange information over a private network. Slowly it is becoming difficult for security engineers to manage the firewall rules since the number of rules is increasing and has already reached 150. What is the ideal way through which this type of configuration can be managed more easily?

Terraform Variables
Terraform Functions
Terraform Expressions
Dynamic Blocks
Terraform Providers
Terraform Backends

Answer

A

Dynamic Blocks

Question 45

Q

lookup function retrieves the value of a single element from which data type?

String
Tuple
Boolean
Map

Answer

A

Map

Explanation
lookup retrieves the value of a single element from a map, given its key.

Example Syntax:

lookup(map, key, default)

Question 46

Q

What tasks are achieved while running a terraform plan?

Create an execution plan by evaluating the difference between the configuration file and the state file
Performs a refresh, unless explicitly disabled, and then apply the changes that are necessary to achieve the desired state specified in the configuration files
Create an execution plan by evaluating the difference between the configuration files and actual infrastructure
Checks whether the execution plan for a set of changes matches your expectations by making changes to real resources or to the state

Answer

A

terraform plan

- Create an execution plan by evaluating the difference between the “configuration file and the state file”

Question 47

Q

What of these functions is NOT part of string functions in terraform?

join
split
slice
chomp

Question 48

Q

Which service among these provides the direct capability of locking the state file for the remote backend?

S3
Consul
Local
All of the above

Question 49

Q

Will the below action be blocked when the Terraform state file is locked?
“terraform validate”

True
False

Question 50

Q

When sentinel runs in terraform enterprise?

Before Apply
After Apply
Before Init
Before Refresh

Answer

A

Before Apply

Question 51

Q

How do you create DOT file?

terraform dot
terraform dot init
terraform graph
terrafrom graphviz

Answer

A

terraform graph

Question 52

Q

A module can access all the variables of the parent module?

True
False

Question 53

Q

Sentinel is ___ ?

Reactive Service
Prescriptive Service
Proactive Service
None of the above

Answer

A

Proactive Service

Question 54

Q

What is the local name of the resource in Terraform from the following snippet?

resource “azurerm_resource_group” “example” {
name = “test”
location = “West Europe”resource

Question 55

Q

The person who generated the plan is the only person that can apply it?

Question 56

Q

Is it mandatory to provide a module version while pulling code from Terraform Registry?

Question 57

Q

A variable will need the following value that needs to be assigned to it. Terraform Administrator needs to set a default value for the data type. What is the value that he can set?

az=[“us-west-1a”,”us-west-1b”]

Map
String
File
list

Question 58

Q

Which configuration consistency errors does terraform validate report?

Differences between local and remote state
A mix of spaces and tabs in configuration files
Terraform module isn’t the latest version
Declaring resources identifier more than once

Answer

A

Declaring resources identifier more than once

Question 59

Q

Will the below action be blocked when the Terraform state file is locked?

Question 60

Q

Terraform state file store which type of dependency information?

Only implicit dependencies are stored in the state
Both implicit and explicit dependencies are stored in the state
Only explicit dependencies are stored in the state
No dependency information is stored in the state

Answer

A

Both implicit and explicit dependencies are stored in the state file

Question 61

Q

Following is the terraform configuration file:

resource "aws_instance" "myec2" { 
  instance_type = "t2.small"
  ami           = "ami-12345"
  count          = 4 
}
Among these, what does the terraform resource address aws_instance.myec2 point to?

It refers to all 4 web instances, together, for further individual segregation, indexing is required, with a 0 based index
The above will result in a syntax error, as it is not syntactically correct. Resources defined using count can only be referenced using indexes
It refers to the first web EC2 instance out of the 4, as by default, if no index is provided, the first / 0th index is used
It refers to the last web EC2 instance, as by default if no index is provided, the last / N-1 index is used

Answer

A

It refers to all 4 web instances, together, for further individual segregation, indexing is required, with a 0 based index

Question 62

Q

Developers in Medium Corp are facing a few issues while writing complex expressions that involve interpolation. They have to run the terraform plan every time and check whether there are errors, and also verify the terraform apply to print value as a temporary output for the purpose of debugging

What can be achieved to avoid this?

Add a breakpoint in your code, using the watch keyword, and output the value to console for temporary debugging
Use the terraform console command with full access to the underlying terraform state to run your interpolations, and debug at real-time
Use the terraform zipmap function, it will be able to easily do the interpolations without complex code.
Use the terraform console command, but you can only use it with a local state, and it does not work with remote state

Answer

A

Use the terraform console command with full access to the underlying terraform state to run your interpolations, and debug at real-time

Question 63

Q

What does terraform destroy do?

Answer

A

Destroy all the infrastructure in the Terraform state file

The terraform destroy command destroys all of the resources being managed by the current working directory and workspace, using state data to determine which real-world objects correspond to managed resources.

Question 64

Q

James has decided to not use the terraform.tfvars file, instead, he wants to store all data into custom.tfvars file? How can he deal with this use-case while running terraform plan?

terraform plan -var-file=”custom.tfvars”
terraform plan -var-state-file=”custom.tfvars”
terraform plan -state-file=”custom.tfvars”
None of the above

Answer

A

terraform plan -var-file=”custom.tfvars”

Answer 54

A

False

By default, when you create a new workspace you are automatically switched to it

Answer 55

A

terraform apply -var-file=”custom.tfvars”

Answer 56

A

terraform apply -target=null_resource.run_script

Answer 57

A

terraform plan
terraform apply
terraform destroy

The terraform refresh command reads the current settings from all managed remote objects and updates the Terraform state to match.

This won’t modify your real remote objects, but it will modify the Terraform state.

Terraform automatically performs the same refreshing actions as a part of creating a plan in both the terraform plan and terraform apply commands.

Answer 58

A

Red Hat
CentOS
Amazon Linux
Ubuntu

Answer 59

A

S3
azurerm
consul

Answer 60

A

False (You would need the recursive flag as well)

Explanation
By default, fmt scans the current directory for configuration files. If the dir argument is provided then it will scan that given directory instead

-recursive - Also process files in subdirectories. By default, only the given directory (or current directory) is processed.

Answer 61

A

terraform init -upgrade

Brainscape's Knowledge GenomeTM

Terraform Flashcards

Brainscape's Knowledge Genome^TM