Terraform Flashcards by Jonathan Marshall

You have configured a variable and didn’t set any value and when you do ‘terraform plan’ does it ask for input value?

True
False

True

Whenever there is a variable set and no value configured upon terraform plan it will give you an option to enter the value

How well did you know this?

Not at all

Perfectly

On terraform plan command execution log, you see tilde (~) sign. What does this sign represent? Whether the resource it is pointing to will get deleted on terraform apply?

True
False

False

Tilde symbol means resources will be updated in place.

How well did you know this?

Not at all

Perfectly

is state-unlock the command to unlock the locked state file

True
False

False

Force-unlock is the command to remove lock from a state file

How well did you know this?

Not at all

Perfectly

Hashicorp suggests using local-exec to run scripts on local machines with null_resources.

True
False

True

How well did you know this?

Not at all

Perfectly

Not all of the “backend types” support locking? Please choose from below which support locking?

artifactory
consul
DynamoDB
azurerm

consul
DynamoDB
azurerm

How well did you know this?

Not at all

Perfectly

You have configured 10 instances from a single configuration by using which configuration you can keep switching back ?

workspaces
local values
backend
remote_exec

workspaces

How well did you know this?

Not at all

Perfectly

Which of the following is not a native Infrastructure as code tool?

Cloudformation
Azure Resource Manager
Terraform
Puppet

Puppet

How well did you know this?

Not at all

Perfectly

Terraform allows you to define multiple providers resources in a single terraform configuration file?

True

https://www.terraform.io/intro/use-cases.html%23multi-cloud-deployment

How well did you know this?

Not at all

Perfectly

What happens if a provisioner fails to execute?

when = destroy

1) . Terraform will error
2) . Rerun the provisioners again on the next terraform apply

Due to this behavior, care should be taken for destroy provisioners to be safe to run multiple times.

How well did you know this?

Not at all

Perfectly

A newbie is allocated to a terraform project, he/she has been given the task of configuring applications on servers using terraform. All the servers are created using terraform. While doing configuration he/she succeeds in all servers, but one server is messed due to application configuration. So he wants to destroy this server and launch a new one.

A terraform destroy -target=resource_name.variable_name
B terraform plan -target=resource_name.variable_name then terraform apply
C terraform taint resource_name.variable_name then terraform apply
D terraform state rm resource_name.variable_name then terraform apply

C. terraform taint resource_name.variable_name then terraform apply

How well did you know this?

Not at all

Perfectly

What happens when a “terraform taint” is applied to a resource?

A terraform will destroy the resource
B. terraform will modify the state file with resource status marked as tainted
C. terraform will destroy and recreate a new resource with the same configuration
D. terraform destroys and recreates all resources in the state file

B. terraform will modify the state file with resource status “marked as tainted”.

Terraform represents this by marking the object as “tainted” in the Terraform state, in which case Terraform will propose to replace it in the next plan you create.

How well did you know this?

Not at all

Perfectly

Bob works for a company Fusion Corp. The internal IT team has downloaded and kept the plugins in common path so that all team members use the same version of plugins. How can

configure terraform to use these pre-downloaded plugins, instead of downloading new plugins.

A terraform init plugin-dir-PATH

B.terraform init ~plugin-path=PATH

C. terraform init -get-plugins=PATH

D.terraform init plugin-file=PATH

terraform init plugin-dir-PATH

Explanation:

Answer: A
+ Option A is CORRECT plugin-dir option Skips plugin installation and loads plugins only from the specified directory.

+ Option Bi s INCORRECT because plugin-path option is not present in nit command

+ Option C is INCORRECT because get-plugins accepts value a Boolean value. Skips plugin installation, Terraform will use plugins installed in the user plugins directory. and any
plugins already installed for the current working directory. Ifthe installed plugins aren’t sufficient for the configuration, init fal

+ Option Dis INCORRECT plugin-fil is not a valid option for init command,

~plugin-dir=PATH Skips plugin installation and loads plugins only from the specified directory. This ignores the user plugins directory and any plugins already installed in the current

How well did you know this?

Not at all

Perfectly

Which of the following is true about third-party plugins? (Select two)

A. Third-party plugins also get downloaded automatically from Terraform version 0.12
B. Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on the OS
C. Third-party plugins should be installed only into the user plugins directory, no other directories are supported for third party plugins
D. Third-party plugins that are approved by HashiCorp are supported
E. Plugins can be written only in Go Language

B. Third-party plugins (both providers and provisioners) can be manually installed into the user plugins directory based on the OS
D. Plugins can be written only in Go Language

How well did you know this?

Not at all

Perfectly

How to save a destroy plan to a file before destroying it?

terraform plan -destroy
terraform plan
terraform plan -out=PATH
terraform plan -destroy -out=PATH

terraform plan -destroy -out=PATH

How well did you know this?

Not at all

Perfectly

How can we skip the interactive approval for terraform apply command? (Select two)

A. terraform apply –auto-approve
B. terraform apply-yes
C. terraform plan -out=”test.tfplan” and terraform apply test.tfplan
D. terraform apply -auto-approve=true

A. terraform apply –auto-approve

C. terraform plan -out=”test.tfplan” and terraform apply test.tfplan

How well did you know this?

Not at all

Perfectly

Which of the following is true about local backend? (select two)?

A. local backend stores state on the local file system
B. locks that state using system APIs
C. performs operations locally and remotely
D. Data at rest is encrypted by terraform
E. locks that state using terraform prebuilt APIs

A. local backend stores state on the local file system

B. locks that state using system APIs

How well did you know this?

Not at all

Perfectly

When multiple team members are working on the same state file, the state file gets locked. How would you remove the lock?

terraform force-unlock LOCK_ID
terraform force-unlock STATE_FILE
terraform unlock LOCK_ID
terraform force-unlock=true

terraform force-unlock LOCK_ID

Usage: terraform force-unlock [options] LOCK_ID [DIR]

https://www.terraform.io/docs/cli/commands/force-unlock.html

How well did you know this?

Not at all

Perfectly

Which of the following backends supports “state storage” with default locking? (Select two)

s3
azurerm
gcs
http
artifactory

azurerm

- gcs

How well did you know this?

Not at all

Perfectly

Bob wants to see all the terraform output values stored in terraform.tfstate file. Which of the below commands will do the task? (Select Three)

A. terraform output
B. terraform show
C. terraform output -state=terraform.state
D. terraform state list
E. terraform show terraform.tfstate

A. terraform output
B. terraform show
C. terraform output -state=terraform.tfstate

https://www.terraform.io/docs/cli/commands/output.html

How well did you know this?

Not at all

Perfectly

What are the benefits of using consul? (Select Two)

A. Consul is a tool not for orchestration
B. Consul is used for service discovery and configuration
C. Consul helps to expose resources to be used to interact with consul cluster
D. Consul is not a provider for consul remote state backend

B. Consul is used for service discovery and configuration
C. Consul helps to expose resources to be used to interact with consul cluster

https://registry.terraform.io/providers/hashicorp/consul/latest/docs

How well did you know this?

Not at all

Perfectly

Please identify which of the below features best apply

resource “aws_ec2_instance

{
name ‘test-terraforn”
application = “S{aws_ec2_instance. test-terraforn }”

dynamic “setting”
{

for_each = var.test
content

{

}
}

A. Resource
B. Providers
C. Local-exec
D.Dynamic-block

Explanation:

Answer:D Dynamic Block

https://wwterraformio|does/configuration/expressionshtmt

‘dynamic blocks are to be defined and can define multiple nested blocks inside the dynamic block

How well did you know this?

Not at all

Perfectly

What are the benefits of policy as code feature sentinel?

A. Sandboxing
B. Encryption
C. Automation
D. Codification

A. Sandboxing
C. Automation
D. Codification

How well did you know this?

Not at all

Perfectly

You been asked to manually taint a resource using cli which commands from below you use?

A. terraform taint -resource-name
B. terraform taint resource.id
C. terraform taint = resource.id
D. terraform taint resource.id -name

B. terraform taint resource.id

https://www.terraform.io/docs/commands/taint.html

How well did you know this?

Not at all

Perfectly

You are using a vault provider, and during what phase does it get the data?

terraform refresh
terraform apply
terraform plan
terraform init

terraform init

How well did you know this?

Not at all

Perfectly

What is the use of local-exec in terraform? Choose all that apply - A. to invoke commands locally on the remote host - B. usually to run commands on the machine where terraform is running - C. use to invoke scripts locally - D. locally create variables and run in terraform

B. usually to run commands on the machine where terraform is running C. use to invoke scripts locally

You are making some changes to terraform configuration and do you need to apply to terraform init every time? What are the cases where terraform init needs to be called? Choose 3 A. on any new environment that configures a backend B. on removing backend configuration completely C. on any change of backend configuration D. Every time you add some configs run init so that it makes sure everything is up to date

A. on any new environment that configures a backend B. on removing backend configuration completely C. on any change of backend configuration

Please choose the operation systems which support terraform enterprise. Choose all that are applicable? ``` A. Fedora B. Ubuntu 16.04.3 C. Centos - 7.7 D. Windows 7 E. All of the above ```

B. Ubuntu 16.0.4.3 | C. Centos - 7.7

What are the benefits of a private registry? Please choose 3 from below: ``` A. Terraform cloud private registry is a paid feature B. Using a private registry all the modules can be shared across within or across organizations. C. It supports module versioning, filterable list of available modules, and configuration designer to build new workspaces D. It is very similar to public terraform registry ```

``` B. Using a private registry all the modules can be shared across within or across organizations. C. It supports module versioning, filterable list of available modules, and configuration designer to build new workspaces D. It is very similar to the public terraform registry ```

What features are exclusive to Terraform Enterprise from below. (select three) ``` A. Saml/sso B. Audit logging C. Remote state D. ServiceNow integration E. Private module registry ```

A. Saml/sso B. Audit Logging D. ServiceNow integration

What does the .terraform.lock.hcl file responsible for?

This is the dependency lock file that tracks only provider dependencies. The lock file is always named .terraform.lock.hcl, and this name is intended to signify that it is a lock file for various items that Terraform caches in the .terraform subdirectory of your working directory. Terraform automatically creates or updates the dependency lock file each time you run the terraform init command. Terraform 0.14 added support for a lock file which gets created or updated every time you run terraform init. The file is typically generated into your working directory (i.e., the folder in which you ran terraform init) and is called .terraform.lock.hcl. "It captures the versions of all the Terraform providers you’re using". Normally, you want to check this file into version control so that when your team members run Terraform, they get the exact same provider versions. When terraform init is working on installing all of the providers needed for a configuration, "Terraform considers both the version constraints in the configuration and the version selections recorded in the lock file." If a particular provider has no existing recorded selection, Terraform will select the newest available version that matches the given version constraint, and then update the lock file to include that selection. If a particular provider already has a selection recorded in the lock file, Terraform will always re-select that version for installation, even if a newer version has become available. You can override that behavior by adding the -upgrade option when you run terraform init, in which case Terraform will disregard the existing selections and once again select the newest available version matching the version constraint. Because the dependency lock file is primarily maintained automatically by Terraform itself, rather than being updated manually by you or your team, your version control system may show you that the file has changed.

Terraform refresh is automatically run in which of the following commands? - terraform state - terraform output - terraform validate - terraform plan - terraform apply

- terraform plan | - terraform apply

What are the Operating Systems supported by Terraform Enterprise? ``` Ubuntu Oracle Linux Red Hat Enterprise Linux CentOS Amazon Linux Debian ```

``` Ubuntu Oracle Linux Red Hat Enterprise Linux CentOS Amazon Linux Debian ```

Which of the following features are exclusive to Terraform Enterprise product. (Choose Three) ``` SAML/SSO Cost Estimation Firewall Rules Clustering Sentinel Audit Logs ```

SAML/SSO Clustering Audit Logs

Before a new provider is used, the following action needs to be performed? Choose 2 A). It must be available in the module registry B). It must be approved by HashiCorp Team C). It must be initialzed D). It must be declared within the Terraform configuration

C). It must be initialzed | D). It must be declared within the Terraform configuration

Terraform Enterprise does not support local backend type?

False Terraform Enterprise does support a local backend type.

Terraform downloads community providers automatically when using terraform init? True False ???

False ???? terraform init cannot automatically download Community providers. Anyone can develop and distribute their own Terraform providers. (See Writing Custom Providers for more about provider development.) These third-party providers must be manually installed, since terraform init cannot automatically download them

Which among these are the supported VCS Provider for Terraform? - GitHub.com - Bitbucket Cloud - Azure DevOps Server - Azure DevOps Services - ECR Git Server

- GitHub.com - Bitbucket Cloud - Azure DevOps Server - Azure DevOps Services

Which one among these are supported syntax for comments in terraform? ``` # /* and */ // ```

``` # /* and */ // ```

Which among the following files must be ignored when committing to Git? resources. tf variables. tf terraform. tfvars terraform. tfstate

terraform. tfvars | terraform. tfstate

What are the supported VCS providers in Terraform Cloud? ``` S3 GitHub Azure DevOps Server GitHub Enterprise Bitbucket ```

GitHub Azure DevOps Server GitHub Enterprise Bitbucket

Which approach can be used to manually write the state file in terraform? - terraform state pull - terraform push - terraform state push - N/A

terraform state push You can also manually write state with terraform state push. This is extremely dangerous and should be avoided if possible. This will overwrite the remote state. This can be used to do manual fixups if necessary

Which command can be used to perform an inspection on the current terraform state file? - terraform read - terraform inspect - terraform show - terraform state=

- terraform show

In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what? - Input Parameters - Modules - Regex - Output Value

Input Parameters "Variables" Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module's own source code, and allowing modules to be shared between different configurations.

Medium Corp has collaborated with multiple small corps to exchange information over a private network. Slowly it is becoming difficult for security engineers to manage the firewall rules since the number of rules is increasing and has already reached 150. What is the ideal way through which this type of configuration can be managed more easily? - Terraform Variables - Terraform Functions - Terraform Expressions - Dynamic Blocks - Terraform Providers - Terraform Backends

Dynamic Blocks

lookup function retrieves the value of a single element from which data type? - String - Tuple - Boolean - Map

- Map Explanation lookup retrieves the value of a single element from a map, given its key. Example Syntax: lookup(map, key, default)

What tasks are achieved while running a terraform plan? - Create an execution plan by evaluating the difference between the configuration file and the state file - Performs a refresh, unless explicitly disabled, and then apply the changes that are necessary to achieve the desired state specified in the configuration files - Create an execution plan by evaluating the difference between the configuration files and actual infrastructure - Checks whether the execution plan for a set of changes matches your expectations by making changes to real resources or to the state

terraform plan | - Create an execution plan by evaluating the difference between the "configuration file and the state file"

What of these functions is NOT part of string functions in terraform? - join - split - slice - chomp

slice

Which service among these provides the direct capability of locking the state file for the remote backend? - S3 - Consul - Local - All of the above

Consul

Will the below action be blocked when the Terraform state file is locked? "terraform validate" True False

False

When sentinel runs in terraform enterprise? - Before Apply - After Apply - Before Init - Before Refresh

- Before Apply

How do you create DOT file? - terraform dot - terraform dot init - terraform graph - terrafrom graphviz

terraform graph

A module can access all the variables of the parent module? True False

False

Sentinel is ___ ? - Reactive Service - Prescriptive Service - Proactive Service - None of the above

- Proactive Service

What is the local name of the resource in Terraform from the following snippet? resource "azurerm_resource_group" "example" { name = "test" location = "West Europe"resource

example

The person who generated the plan is the only person that can apply it?

False

Is it mandatory to provide a module version while pulling code from Terraform Registry?

False

A variable will need the following value that needs to be assigned to it. Terraform Administrator needs to set a default value for the data type. What is the value that he can set? az=["us-west-1a","us-west-1b"] - Map - String - File - list

List

Which configuration consistency errors does terraform validate report? - Differences between local and remote state - A mix of spaces and tabs in configuration files - Terraform module isn't the latest version - Declaring resources identifier more than once

Declaring resources identifier more than once

Will the below action be blocked when the Terraform state file is locked?

False

Terraform state file store which type of dependency information? - Only implicit dependencies are stored in the state - Both implicit and explicit dependencies are stored in the state - Only explicit dependencies are stored in the state - No dependency information is stored in the state

- Both implicit and explicit dependencies are stored in the state file

Following is the terraform configuration file: ``` resource "aws_instance" "myec2" { instance_type = "t2.small" ami = "ami-12345" count = 4 } Among these, what does the terraform resource address aws_instance.myec2 point to? ``` - It refers to all 4 web instances, together, for further individual segregation, indexing is required, with a 0 based index - The above will result in a syntax error, as it is not syntactically correct. Resources defined using count can only be referenced using indexes - It refers to the first web EC2 instance out of the 4, as by default, if no index is provided, the first / 0th index is used - It refers to the last web EC2 instance, as by default if no index is provided, the last / N-1 index is used

- It refers to all 4 web instances, together, for further individual segregation, indexing is required, with a 0 based index

Developers in Medium Corp are facing a few issues while writing complex expressions that involve interpolation. They have to run the terraform plan every time and check whether there are errors, and also verify the terraform apply to print value as a temporary output for the purpose of debugging What can be achieved to avoid this? - Add a breakpoint in your code, using the watch keyword, and output the value to console for temporary debugging - Use the terraform console command with full access to the underlying terraform state to run your interpolations, and debug at real-time - Use the terraform zipmap function, it will be able to easily do the interpolations without complex code. - Use the terraform console command, but you can only use it with a local state, and it does not work with remote state

- Use the terraform console command with full access to the underlying terraform state to run your interpolations, and debug at real-time

What does terraform destroy do?

Destroy all the infrastructure in the Terraform state file The terraform destroy command destroys all of the resources being managed by the current working directory and workspace, using state data to determine which real-world objects correspond to managed resources.

James has decided to not use the terraform.tfvars file, instead, he wants to store all data into custom.tfvars file? How can he deal with this use-case while running terraform plan? - terraform plan -var-file="custom.tfvars" - terraform plan -var-state-file="custom.tfvars" - terraform plan -state-file="custom.tfvars" - None of the above

- terraform plan -var-file="custom.tfvars"

Provisioner block is within the resource configuration block in Terraform?

True

A variable named instance_type has been undefined within the child module variable instance_type {} Will the root module be able to set that variable?

True

Matthew has created a new workspace named "DEV". Do Matthew needs to manually switch to the DEV workspace in order to start using it?

False By default, when you create a new workspace you are automatically switched to it

Alice has created a custom file named custom.tfvars. While running terraform apply, the values from custom.tfvars file are not populated associated with the variables. What is the right way to run terraform apply? - terraform apply -var-state-file="custom.tfvars" - terraform apply var-file="custom.tfvars" - terraform plan -var-file="custom.tfvars" - terraform apply -var-file="custom.tfvars"

- terraform apply -var-file="custom.tfvars"

Terraform has the ability to perform sync for all resources in the state file by default for every plan and apply. This is the reason why for the larger infrastructures it can slow down terraform plan and terraform apply commands? - False - True

True

Is provider configuration block is mandatory in every configuration?

False

You run a local-exec provisioner in a null resource called null_resource.run_script and realize that you need to rerun the script. Which of the following commands would you use first? - terraform apply -target=null_resource.run_script - terraform plan -target=null_resource.run_script - terraform taint null_resource.run_script - terraform valiidate null_resource.run_script

- terraform apply -target=null_resource.run_script

What commands run terraform refresh implicitly?

terraform plan terraform apply terraform destroy The terraform refresh command reads the current settings from all managed remote objects and updates the Terraform state to match. This won't modify your real remote objects, but it will modify the Terraform state. Terraform automatically performs the same refreshing actions as a part of creating a plan in both the terraform plan and terraform apply commands.

terraform refresh will update the state file?

True

Which of the following are not a supported backend type? - Terraform Enterprise - Consul - S3 - Github - Artifactory

GitHub

Select the operating systems which are supported for a clustered Terraform Enterprise: (select four) - Unix - Red Hat - CentOS - Amazon Linux - Ubuntu

- Red Hat - CentOS - Amazon Linux - Ubuntu

Among the following, which backends support state locking? - S3 - artifactory - azurerm - consul - Active Directory

- S3 - azurerm - consul

terraform fmt will scan all the sub-directories of the current working directory were the command was run - True - False

False (You would need the recursive flag as well) Explanation By default, fmt scans the current directory for configuration files. If the dir argument is provided then it will scan that given directory instead -recursive - Also process files in subdirectories. By default, only the given directory (or current directory) is processed.

What is flag can be used to upgrade modules and plugins a part of their respective installation steps? - terraform -upgrade init - terraform init upgrade = "true" - terraform init -upgrade

- terraform init -upgrade