Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Terraform > Terraform Associate > Flashcards

Terraform Associate Flashcards

1
Q

You are adding a new variable to your configuration. Which of the following is NOT a valid variable type in Terraform?
a) map
b) bool
c) number
d) string
e) float

A

e) float

In Terraform, the variable type float is not a valid type. Terraform supports variable types such as string, map, bool, and number, but not float.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or false? Using the latest versions of Terraform, terraform init cannot automatically download community providers.

A

False

The statement “False” is correct because using the latest versions of Terraform, the command terraform init can automatically download community providers. This functionality simplifies the process of integrating community providers into Terraform configurations, enhancing the overall user experience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

From the code below, identify the implicit dependency:

resource “aws_eip” “public_ip” {
vpc = true
instance = aws_instance.web_server.id
}

resource “aws_instance” “web_server” {
ami = “ami-3847291”
instance_type = “t2.micro”
depends_on = [aws_s3_bucket.company_data]
}

A

The EC2 instance labelled web_server

The implicit dependency in the code is the EC2 instance labeled “web_server” because the aws_eip resource depends on the aws_instance.web_server.id for its instance attribute.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Terraform is distributed as a single binary and available for many different platforms. Select all Operating Systems that Terraform is available for. (Select five.)

a) AIX
b) Solaris
c) Linux
d) Windows
e) macOS
f) FreeBSD

A

a) AIX

There is no Terraform binary for AIX. Terraform is available for macOS, FreeBSD, OpenBSD, Linux, Solaris, and Windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sara has her entire application automated using Terraform, but she needs to start automating more infrastructure components, such as creating a new subnet, DNS record, and load balancer. Sara wants to create these new resources using moduls so she esily reuse the code. However, Sara is having problems getting the subnet_id` from the subnet module to pass to the load balancer module.

modules/subnet.tf:
resource “aws_subnet” “bryan” {
vpc_id = aws_vpc.krausen.id
cidr_block = “10.0.1.0/24”
tags = {
Name = “Krausen Subnet”
}
}

What could fix the problem?
a) add an output block to the subnet module and retrieve the value using module.subnet.subnet_id for the load balancer module
b) move the subnet and load balancer resource into the main configuration file so they can easily be referenced
c) publish the module to a Terraform registry first
d) references to resources that are created within a module cannot be used within other modules

A

add an output block to the subnet module and retrieve the value using module.subnet.subnet_id for the load balancer module

Adding an output block to the subnet module allows the subnet_id to be exposed as an output variable. This output variable can then be retrieved using module.subnet.subnet_id in the load balancer module, enabling Sara to pass the subnet_id between modules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list (select three):

a) Existence of any provider plugins found locally in the working directory.
b) Use of any resource block or data block in the configuration, belonging to a particular provider
c) Explicit use of a provider block in configuration, optionally including a version constraint.
d) Existence of any resource instance belonging to a particular provider in the current state.

A

b), c), d)

d: The existence of any resource instance belonging to a particular provider in the current state signifies a dependency on that provider, as Terraform needs access to the provider to manage the state of those resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false? The terraform plan -refresh-only command is used to create a plan whose goal is only to update the Terraform state to match any changes made to remote objects outside of Terraform.

A

True

The statement is true because the terraform plan -refresh-only command is specifically designed to only refresh the Terraform state to match any changes made to remote objects outside of Terraform. It does not apply those changes to the state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following statements represents the most accurate statement about the Terraform language?

a) Terraform is a mutable, declarative, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

b) Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.

c) Terraform is an immutable, imperative, Infrastructure as Code configuration management language based on Hashicorp Configuration Language, or optionally JSON.

d) Terraform is a mutable, imperative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally YAML.

A

b) Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or optionally JSON.

Terraform is indeed an immutable and declarative Infrastructure as Code provisioning language. It allows users to define the desired state of their infrastructure and Terraform will make the necessary changes to reach that state. The language is based on HashiCorp Configuration Language (HCL) or JSON for configuration files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A user runs terraform init on their RHEL-based server, and per the output, two provider plugins are downloaded. Where are these plugins downloaded and stored on the server?

a) /etc/terraform/plugins
b) The .terraform.d directory in the current working directory
c) The .terraform/providers directory in the current working directory
d) The .terraform.plugins directory in the current working directory

A

c) The .terraform/providers directory in the current working directory

The provider plugins are downloaded and stored in the .terraform/providers directory within the current working directory. This directory is specifically used by Terraform to manage provider plugins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have been given requirements to create a security group for a new application. Since your organisation standardises on Terraform, you want to add this new security group with the fewest number of lines of code. What feature could you use to iterate over a list of required tcp ports to add to the new security group?

a) splat expression
b) dynamic backend
c) terraform import
d) dynamic block

A

d) dynamic block

A dynamic block acts much like a for expression, but produces nested blocks instead of a complex typed value. It iterates over a given complex value and generates a nested block for each element of that complex value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some of the features of Terraform state? (Select three.)

a) inspection of cloud resources
b) mapping configuration to real-world resources
c) determining the correct order to destroy resources
d) increased performance

A

b), c), d)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other relevant data are not inadvertently shared with others. What alternatives are available to provide the remaining values to Terraform to initialise and communicate with the remote backend? (Select three.)

a) directly querying HashiCorp Vault for the secrets
b) use the -backend-config=PATH flag to specify a separate config file
c) interactively on the command line
d) command-line key/value pairs

A

b), c), d)

You do not need to specify every required argument in the backend configuration. Omitting certain arguments may be desirable to avoid storing secrets, such as access keys, within the main configuration. When some or all of the arguments are omitted, we call this a partial configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In Terraform Cloud, a workspace can be mapped to how many VCS repos?

a) 2
b) 5
c) 3
d) 1

A

d) 1

A workspace can only be configured to a single VCS repo, however, multiple workspaces can use the same repo, if needed. A good explanation of how to configure your code repositories can be found here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the terraform block, which configuration would be used to identify the specific version of a provider required?

a) required-provider
b) required_providers
c) required-version
d) required_versions

A

b) required_providers

To identify a specific version of a provider in Terraform, you can use the required_providers configuration block. This block allows you to specify the provider’s name and the version range you want to use by using Terraform’s version constraints syntax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You want to start managing resources that were not originally provisioned through infrastructure as code. Before you can import the resources’ current state, what must you do before running the terraform import command?

a) modify the Terraform state file to add the new resources so Terraform will have a record of the resources to be managed
b) shut down or stop using the resources being imported so no changes are inadvertently missed
c) run terraform apply -refresh-only to ensure that the state file has the latest information for existing resources.
d) update the Terraform configuration file to include the new resources that match the resources you want to import

A

d) update the Terraform configuration file to include the new resources that match the resources you want to import

The current implementation of Terraform import can only import resources into the state. It does not generate a configuration. Because of this, and before running terraform import, it is necessary to manually write a resource configuration block for the resource to which the imported object will be mapped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or false? Workspaces provide similar functionality in the open-source and Terraform Cloud versions of Terraform.

A

False

Workspaces, managed with the terraform workspace command, isn’t the same thing as Terraform Cloud’s workspaces. Terraform Cloud workspaces act more like completely separate working directories.
CLI workspaces (OSS) are just alternate state files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following connection types are supported by the remote-exec provisioner? (Select two.)

a) smb
b) winrm
c) rdp
d) ssh

A

b) winrm, d) ssh

The remote-exec provisioner in Terraform is used to execute commands on a resource after it has been created over an SSH or WinRM connection. The supported connection types for remote-exec depend on the type of resource being provisioned and the underlying operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the core Terraform workflow steps to use infrastructure as code?

a) Write, plan, apply
b) Plan, apply, destroy
c) Plan, apply, pray
d) Code, validate, apply

A

a) Write, plan, apply

The core Terraform workflow has three steps:
- Write - Author infrastructure as code.
- Plan - Preview changes before applying.
- Apply - Provision reproducible infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Published modules via the Terraform Registry provide which of the following benefits? (Select four.)

a) support versioning
b) show examples and READMEs
c) allow browsing version histories
d) support from any code repo
e) automatically generated documentation

A

a), b), c), e)

Public modules are managed via Git and GitHub. Publishing a module takes only a few minutes. Once a module is published, you can release a new version of a module by simply pushing a properly formed Git tag. The module must be on GitHub and must be a public repo. This is only a requirement for the public registry. If you’re using a private registry, you may ignore this requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When using variables in Terraform Cloud, what level of scope can the variable be applied to? (Select three.)

a) All current and future workspaces in a project using a variable set
b) A specific Terraform run in a single workspace
c) All workspaces across multiple Terraform Cloud organisations
d) Multiple workspaces using a variable set

A

a), b), d)

Terraform Cloud allows you to store important values in one place, which you can use across multiple projects. You can easily update the values, and the changes will apply to all projects that use them. Additionally, you can modify the values for specific projects without affecting others that use the same values. TFC allows you to use variables within a workspace, or use variable sets that can be used across multiple (or all) TFC workspaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Margaret is calling a child module to deploy infrastructure for her organisation. Just as a good architect does (and suggested by HashiCrop), she specifies the module version she wants to use even though there are newer versions available. During a terraform init, Terraform downloads v0.0.5 just as expected.

What would happen if Margaret removed the version parameter in the module block and ran a terraform init again?

a) Terraform would download the latest version of the module
b) Terraform would skip the module
c) Terraform would use the existing module already downloaded
d) Terraform would return an error, as the version parameter is required

A

c) Terraform would use the existing module already downloaded

When using modules installed from a registry, HashiCorp recommends explicitly constraining the acceptable version numbers to avoid unexpected or unwanted changes. The version argument accepts a version constraint string. Terraform will use the newest installed version of the module that meets the constraint; if no acceptable versions are installed, it will download the newest version that meets the constraint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Fill in the correct answers below:
Infrastructure as Code (IaC) makes infrastructure changes ______, ______, _______, and _______. (Select four.)

a) highly available
b) repeatable
c) consistent
d) predictable
e) idempotent

A

b), c), d), e)

IaC makes changes idempotent, consistent, repeatable, and predictable. Without IaC, scaling up infrastructure to meet increased demand may require an operator to remotely connect to each machine and then manually provision and configure many servers by executing a series of commands/scripts. They might open multiple sessions and move between screens, which often results in skipped steps or slight variations between how work is completed, necessitating rollbacks. Perhaps a command was run incorrectly on one instance and reverted before being re-run correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Given the following snippet of code, what does servers = 4 reference?

module “servers” {
source = “./modules/aws-servers”
servers = 4
}

a) servers is not a valid configuration for a module
b) the number of times the module will be executed
c) the output variable of the module
d) the value of an input variable

A

d) the value of an input variable

When calling a child module, values can be passed to the module to be used within the module itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Infrastructure as Code (IaC) provides many benefits to help organisations deploy application infrastructure much faster than clicking around in the console. What are the additional benefits of IaC? (Select three.)

a) code can easily be shared and reused
b) can always be used to deploy the latest features and services
c) eliminates parallelism
d) creates a blueprint of your data center
e) allows infrastructure to be versioned

A

a), d), e)

Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
Infrastructure as Code almost always uses parallelism to deploy resources faster. And depending on the solution being used, it doesn’t always have access to the latest features and services available on cloud platforms or other solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You have a Terraform configuration file with no defined resources. However, there is a related state file for resources that were created on AWS. What happens when you run a terraform apply?

a) Terraform will scan the AWS infrastructure and create a new configuration file based on the state file.
b) Terraform will produce an error since there are no resources defined
c) Terraform will not perform any operations.
d) Terraform will destroy all of the resources

A

d) Terraform will destroy all of the resources

In this case, since there is a state file with resources, Terraform will match the desired state of no resources since the configuration file doesn’t include any resources. Therefore, all resources defined in the state file will be destroyed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

There are multiple ways to provide sensitive values when using Terraform. However, sensitive information provided in your configuration can be written to the state file, which is not desirable. Which method below will not result in sensitive information being written to the state file?

a) None of the above
b) Using a tfvars file
c) Retrieving the credentials from a data source, such as HashiCrop Vault
d) Using a declared variable

A

a) None of the above

When using sensitive values in your Terraform configuration, all of the configurations mentioned above will result in the sensitive value being written to the state file. Terraform stores the state as plain text, including variable values, even if you have flagged them as sensitive. Terraform needs to store these values in your state so that it can tell if you have changed them since the last time you applied your configuration.

27
Q

What happens when you apply a Terraform configuration using terraform apply? (Select two.)

a) Terraform makes infrastructure changes defined in your configuration.
b) Terraform formats your configuration to the standard canonical format and style
c) Terraform recreates all the infrastructure defined in the configuration file
d) Terraform downloads any required plugins
e) Terraform updates the state file with configuration changes made during the execution

A

a), e)

The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.

28
Q

You are working with a cloud provider to deploy resources using Terraform. You’ve added the following data block to your configuration. When the data block is used, what data will be returned?

data “aws_ami” “amzlinux2” {
most_recent = true
owners = [“amazon”]
filter {}
}

resource “aws_instance” “vault” {
ami = data.aws_ami.amzlinux2.id
instance_type = “t3.micro”
key_name = “vault-key”
vpc_security_group_ids = var.sg
subnet_id = var.subnet
associate_public_ip_address = “true”
user_data = file(“vault.sh”)
tags = {}
}

a) all possible data of a specific Amazon Machine Image(AMI) from AWS
b) a custom AMI for Amazon Linux 2
c) the IP address of an EC2 instance running in AWS
d) the latest AMI you have previously used for an Amazon Linux 2 image

A

a) all possible data of a specific Amazon Machine Image(AMI) from AWS

When you add a data block to your configuration, Terraform will retrieve all of the available data for that particular resource. It is then up to you to reference a specific attribute that can be exported from that data source. For example, if you include a data block for the aws_ami resource, Terraform will get a ton of attributes about that AMI that you can use elsewhere in your code - check out this link to see the list of attributes specific to the aws_ami, for example.

29
Q

Terraform Cloud provides organisations with many features not available to those running Terraform open-source (OSS) to deploy infrastructure. Select the ADDITIONAL features that organisations can take advantage of by moving to Terraform Cloud. (Select three.)

a) VCS connection
b) Terraform registry
c) private registry
d) remote runs
e) providers

A

a), c), d)

Terraform Cloud offers many features, even in the free version, that organizations can quickly take advantage of. This is the best table that compares the features available in Terraform OSS vs. Terraform Cloud and Terraform Enterprise.

30
Q

You are using modules to deploy various resources in your environment. You want to provide a “friendly name” for the DNS of a new web server so you can simply click the CLI output and access the new website. Which of the following code snippets would satisfy these requirements?

a) Add the following code to the web module:

output “website” {
description = “Outputs the URL of the provisioned website”
value = module.web.public_dns
}

b) Add the following code to the web module:

output “website” {
description = “Outputs the URL of the provisioned website”
value = “https://${aws_instance.web.public_dns}:8080/index.html”
}

c) Add the following code to the parent module:

output “website” {
description = “Outputs the URL of the provisioned website”
value = aws_instance.web.public_dns
}

d) Add the following code to the parent module:

output “website” {
description = “Outputs the URL of the provisioned website”
value = “https://${module.web.public_dns}:8080/index.html”
}

A

d) Add the following code to the parent module:

output “website” {
description = “Outputs the URL of the provisioned website”
value = “https://${module.web.public_dns}:8080/index.html”
}

When working with outputs, you need to determine where the value will be coming from and work your way backward from there. For example, if the resource was created inside of a module, then the module will require an output block to export that value. That said, output blocks that are created in a module aren’t displayed on the Terraform CLI. Therefore, you need to create an output block in the parent/calling module to output the value while referencing the output in the module. Because of this, the correct answer requires you to create an output in the parent module and reference the output value from the module.

31
Q

Your co-worker has decided to migrate Terraform state to remote backend. They configure Terraform with the backend configuration, including the type, location, and credentials. However, you want to secure this configuration better. Rather than storing them in plain text, where should you store the credentials for the remote backend? (Select two.)

a) credentials file
b) use a variable
c) environment variables
d) on the remote system

A

a) credentials file, c) environment variables

Some backends allow providing access credentials directly as part of the configuration for use in unusual situations, for pragmatic reasons. However, in normal use, HashiCorp does not recommend including access credentials as part of the backend configuration. Instead, leave those arguments completely unset and provide credentials via the credentials files or environment variables that are conventional for the target system, as described in the documentation for each backend.

32
Q

True or false? Official Terraform providers and modules are owned and maintained by HashiCorp.

A

True

This is true. If a module or provider is marked as official, it is owned and maintained by HashiCorp themselves.

There are other modules/providers available in the registry that are maintained by third-party partners, or even individuals. This also means that not all of the modules published to the Terraform registry are validated or verified by HashiCorp. Many folks will use the public registry as a starting place to create their own custom modules needed to meet requirements.

33
Q

You need to use multiple resources from different providers in Terraform to accomplish a task. Which of the following can be used to configure the settings for each of the providers?

a)
terraform {
providers {
consul {
address = “https://consul.krausen.com:8500”
namespace = “developer”
token = “45a3bd52-07c7-47a4-52fd-0745e0cfe967”
}
vault {
address = “https://vault.krausen.com:8200”
namespace = “developer”
}
}
}

b) provider “consul” {
address = “https://consul.krausen.com:8500”
namespace = “developer”
token = “45a3bd52-07c7-47a4-52fd-0745e0cfe967”
}

provider “vault” {
address = “https://vault.krausen.com:8200”
namespace = “developer”
}

c) required_providers {
consul {
address = “https://consul.krausen.com:8500”
namespace = “developer”
token = “45a3bd52-07c7-47a4-52fd-0745e0cfe967”
}
vault {
address = “https://vault.krausen.com:8200”
namespace = “developer”
}
}

d) data “consul” {
address = “https://consul.krausen.com:8500”
namespace = “developer”
token = “45a3bd52-07c7-47a4-52fd-0745e0cfe967”
}

data “vault” {
address = “https://vault.krausen.com:8200”
namespace = “developer”
}

A

b) provider “consul” {
address = “https://consul.krausen.com:8500”
namespace = “developer”
token = “45a3bd52-07c7-47a4-52fd-0745e0cfe967”
}

provider “vault” {
address = “https://vault.krausen.com:8200”
namespace = “developer”
}

To configure each provider, you need to define a provider block and provide the configuration within that block. You would need to do this for each provider that you need to configure. For example, if you needed to customize the aws, gcp, and vault provider, you’d need to create three separate provider blocks, one for each provider.

Don’t forget that configurations for a provider go inside of a provider block, but any provider constraints go inside of the terraform –> required_providers block.

34
Q

Which of the following is the best description of a dynamic block?

a) produces nested configuration blocks instead of a complex typed value

b) declares a resource of a given type with a given local name

c) requests that Terraform read from a given data source and export the result under the given local name

d) exports a value exported by a module or configuration

A

a) produces nested configuration blocks instead of a complex typed value

A dynamic block acts much like a for expression, but produces nested blocks instead of a complex typed value. It iterates over a given complex value and generates a nested block for each element of that complex value. You can dynamically construct repeatable nested blocks like setting using a special dynamic block type, which is supported inside resource, data, provider, and provisioner blocks.

35
Q

True or false? In both Terraform OSS and Terraform Cloud, workspaces provide similar functionality of using a separate state file for each workspace.

A

True

This is true. When you create a new workspace using Terraform OSS/CLI using the terraform workspace new command, you will be working with a separate state file when working with that workspace. You can easily change between workspaces and their respective state file using the terraform workspace select command.
The same is true in Terraform Cloud. When you create a new workspace, you’ll be working with a dedicated state file for that particular workspace. It doesn’t share a state file with any other workspace.

36
Q

Which of the following are true regarding Terraform variables? (Select two.)

a) the default value will be found in the state file if no other value was set for the variable

b) variables marked as sensitive are still stored in the state file, even though the values are obfuscated from the CLI output

c) the description of a variable will be written to state to help describe the contents of the state file

d) the variable name can be found in the state file to allow for easy searching

A

a), b)

When it comes to working with variables, the value that is used in the Terraform configuration will be stored in the state file, regardless of whether the sensitive argument was set to true. However, the value will not be shown in the CLI output if the value was to be exported by an output block.

37
Q

When using Terraform, where can you install providers from? (Select four.)

a) the provider’s source code
b) Terraform registry
c) plugins directory
d) official HashiCorp releases site
e) Terraform plugin cache

A

b), c), d), e)

Providers can be installed using multiple methods, including downloading from a Terraform public or private registry, the official HashiCorp releases page, a local plugins directory, or even from a plugin cache. Terraform cannot, however, install directly from the source code.

38
Q

True or false? When developing Terraform code, you must include a provider block for each unique provider so Terraform knows which ones you want to download and use.

A

False

Unlike many other objects in the Terraform language, a provider block may be omitted if its contents would otherwise be empty. Terraform assumes an empty default configuration for any provider that is not explicitly configured. In other words, if you don’t have any specific configurations for your provider, you may indeed leave it out of your configuration.

39
Q

Which of the following statements are true about using terraform import? (Select three.)

a) the resource address (example: aws_instance.web) and resource ID (example: i-abdcef12345) must be provided when importing a resource

b) the terraform import command will automatically update the referenced Terraform resource block after the resource has been imported to ensure consistency

c) using terraform import will bring the imported resource under Terraform management and add the new resource to the state file

d) you must update your Terraform configuration for the imported resource before attempting to import the resource

A

a), c), d)

terraform import can be used to import resources into Terraform so they can be managed by Terraform moving forward. Any resources that are imported will be added to Terraform state so they can be managed like any other resource. Before you can use the terraform import command, you MUST develop the resource block for the resource that will be imported. For example, if you are planning to import an Azure virtual machine, you must add an azurerm_virtual_machine block with the proper configurations.
When you run the terraform import command, you will need to reference the resource address – like azure_virtual_machine.web-server – and the resource ID – like the ID of the virtual machine in Azure – as the two required parameters.

40
Q

Which common action does not cause Terraform to refresh its state?

a) terraform apply
b) terraform destroy
c) terraform plan
d) terraform state list

A

d) terraform state list

Running a terraform state list does not cause Terraform to refresh its state. This command simply reads the state file but it will not modify it.
terraform plan will refresh current state of any already-existing remote objects to make sure that the Terraform state is up-to-date.

41
Q

Where is the most secure place to store credentials when using a remote backend?

a) using an input variable defined in your variables.tf file
b) defined outside of Terraform
c) environment variables
d) in the backend configuration block where the remote state location is defined

A

b) defined outside of Terraform

Anytime you can configure these credentials outside of Terraform is your best choice. Environment variables would be the second most-secure choice here. The primary focus is to ensure your credentials are not stored in plain text and committed to a code repository. NOTE: You could use an encrypted file to store credentials and that encrypted file could be accessed by Terraform to read the creds.

environment variables: this is the SECOND best choice here, with storing outside of Terraform using a credential file being the best choice.

42
Q

True or false? Input variables that are marked as sensitive are NOT written to Terraform state.

A

False

While the value is not shown in the Terraform CLI output, the value will still be written to state. This is why it’s important to secure your state file wherever possible.

43
Q

Beyond storing state, what capability can an enhanced storage backend, such as the remote backend, provide your organisation?

a) allow multiple people to execute operations on the state file at the same time

b) execute your Terraform on infrastructure either locally or in Terraform Cloud

c) replicate your state to a secondary location for backup

d) provides versioning capabilities on your state file in the event it becomes corrupted

A

b) execute your Terraform on infrastructure either locally or in Terraform Cloud

Using an enhanced storage backend allows you to execute your Terraform on infrastructure either locally or in Terraform Cloud. Note that this enhanced storage backend term has now been deprecated by Terraform but it’s likely to show up in the test for a while.

44
Q

As part of a Terraform configuration, you are deploying a Linux-based server using a default image that needs to be customised based on input variables. What feature of Terraform can execute a script on the server once it has been provisioned?

a) provider
b) local-exec provisioner
c) remote-exec provisioner
d) data resource

A

c) remote-exec provisioner

We can utilize Terraform provisioners to deploy a web app onto an instance we’ve created. In order to run these steps, Terraform needs a connection block along with our generated SSH key from the previous labs in order to authenticate into our instance. Terraform can utilize both the local-exec provisioner to run commands on our local workstation (that is executing Terraform) and the remote-exec provisioner to execute commands against a resource that has been provisioned with Terraform.
Note: Provisioners should only be used as a last resort. For most common situations there are better alternatives.

45
Q

True or false? In order to use the terraform console command, the CLI must be able to lock state to prevent changes.

A

True

The terraform console command will read the Terraform configuration in the current working directory and the Terraform state file from the configured backend so that interpolations can be tested against both the values in the configuration and the state file.

46
Q

Which of the following code snippets will ensure you’re using a specific version of the AWS provider?

a) terraform {
required_version = “>= 3.0”
}

b) provider “aws” {
region = “us-east-2”
required_version “>= 3.0”
}

c) provider “aws” {
region = “us-east-1”
required_provider “>= 3.0”
}

d) terraform {
required_providers {
aws = “>= 3.0”
}
}

A

d) terraform {
required_providers {
aws = “>= 3.0”
}
}

To specify the version of Terraform provider that is required, you need to use the required_providers block parameter under the terraform block. HashiCorp recommends that you explicitly set the version of both Terraform and the required providers/plugins to avoid issues when upgrading to the latest versions.

47
Q

You have a number of different variables in a parent module that calls multiple child modules. Can the child modules refer to any of the variables declared in the parent module?

a) Not the variable, but it can refer to values that are passed to the child module

b) Yes, child modules can refer to any variable in a parent module

c) No, child modules can never refer to any variables or values declared in the parent module

A

a) Not the variable, but it can refer to values that are passed to the child module

Child modules can only access values that are passed in the calling module block. The resources defined in a module are encapsulated, so the calling module cannot access its attributes directly. However, the child module can declare output values to selectively export certain values to be accessed by the calling module.

48
Q

How can you reference all of the subnets created by a resource block (that uses for_each, so creates multiple)?

A

You can reference all of the subnets created by this for_each by using a [*] at the end of the resource address like this aws_subnet.private_subnets[*]

49
Q

What command can you use to display details about a specific resource?

A

terraform state show ADDRESS will show the attributes of a single resource

50
Q

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (Select four.)

a) GitHub
b) CVS Version Control
c) Azure DevOps Server
d) GitHub Enterprise
e) Bitbucket Cloud

A

b) CVS Version Control

51
Q

True or false? Using the latest versions of Terraform, terraform init cannot automatically download community providers.

A

False

The statement “False” is correct because using the latest versions of Terraform, the command terraform init can automatically download community providers. This functionality simplifies the process of integrating community providers into Terraform configurations, enhancing the overall user experience.

52
Q

True or false? Workspaces provide similar functionality in the open-source and Terraform Cloud versions of Terraform.

A

False

Workspaces, managed with the terraform workspace command, isn’t the same thing as Terraform Cloud’s workspaces. Terraform Cloud workspaces act more like completely separate working directories.
CLI workspaces (OSS) are just alternate state files.

53
Q

Which of the following features support the versioning of a module? (Select two.)

a) private registry
b) local file paths
c) Terraform registry
d) modules stored in GitLab

A

a), c)

Version constraints are supported only for modules installed from a module registry, such as the public Terraform Registry or Terraform Cloud’s private registry. Other module sources can provide their own versioning mechanisms within the source string itself, or might not support versions at all. In particular, modules sourced from local file paths do not support version; since they’re loaded from the same source repository, they always share the same version as their caller.

54
Q

In regards to Terraform state file, select all the statements below which are correct. (Select four.)

a) using the mask feature, you can instruct Terraform to mask sensitive data in the state file
b) the state file is always encrypted at rest
c) the Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access
d) Terraform Cloud always encrypts state at rest
e) when using local state, the state file is stored in plain-text
f) storing state remotely can provide better security

A

c), d), e), f)

Terraform state can contain sensitive data, depending on the resources in use and your definition of “sensitive.” The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords.
When using local state, state is stored in plain-text JSON files.
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Storing Terraform state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when remote state is in use, and some backends can be configured to encrypt the state data at rest.

55
Q

True or false? Similar to Terraform OSS, you must use the CLI to switch between workspaces when using Terraform Cloud workspaces.

A

False

When using Terraform Cloud workspaces, you do not need to use the Terraform CLI to switch between workspaces. Terraform Cloud provides a web-based interface where you can manage your workspaces and their associated infrastructure.

56
Q

Given the code snippet below, how would you refer to the value of ip of an environment when using a for_each argument in a resource block?

variable “env” {
type = map(any)
default = {
prod = {
ip = “”
az = “”
}
dev = {
ip = “”
az = “”
}
}
}

a) each.dev.ip
b) var.env.dev.ip
c) var.env[“dev.ip”]
d) each.value.ip

A

d) each.value.ip

Sort of testing two different things here - a complex map variable plus the for_each argument.
A for_each argument will iterate over a map or set of strings and create a similar instance/resource for each item in the map or set. In our case, the map is the input variable and the “each” would be the higher-level map, so prod and dev. Underneath each value, there are two arguments, both az and ip that you can choose from.
The input variable that is shown in this example is essentially a map of maps.

57
Q

You have declared a variable named db_connection_string inside of the app module. However, when you run a terraform apply, you get the following error message:

An input variable with the name “db_connection_string” has not been declared. This variable can be declared with a variable “db_connection_string” {} block. Why?

a) the variable should be referenced as var.module.app.db_connection_string
b) input variables are not referenced using the var prefix
c) since the variable was declared within the module, it cannot be referenced outside of the module
d) an output block was not created in the module, and therefore the variable cannot be referenced

A

c) since the variable was declared within the module, it cannot be referenced outside of the module

When using modules, it’s common practice to declare variables outside of the module and pass the value(s) to the child module when it is called by the parent/root module. However, it’s perfectly acceptable to declare a variable inside of a module if you needed. Any variables declared inside of a module are only directly referencable within that module. You can’t directly reference that variable outside of the module. You can, however, create an output in the module to export any values that might be needed outside of the module.

Output block? While an output block would allow you to get information from within the module, creating an output block still wouldn’t allow you to reference the variable directly using the var.<name> nomenclature.</name>

58
Q

You are worried about unauthorised access to the Terraform state file since it might contain sensitive information. What are some ways you can protect the state file? (Select two.)

a) enable native encryption in Terraform as configured in the terraform block
b) store in a remote backend that encrypts state at rest
c) use the S3 backend using the encrypt option to ensure state is encrypted
d) replicate the state file to an encrypted storage device

A

b), c)

59
Q

You have infrastructure deployed with Terraform. A developer recently submitted a support ticket to update a security group to permit a new port. To satisfy the ticket, you update the Terraform configuration to reflect the changes and run a terraform plan. However, a co-worker has since logged into the console and manually updated the security group to the same configuration. What will happen when you run a terraform apply?

a) Terraform will detect the drift and return an error.
b) the terraform apply command will require you to re-run the terraform plan command first
c) the security group will be changed back to the original configuration
d) Nothing will happen. Terraform will validate the infrastructure matches the desired state.

A

d) Nothing will happen. Terraform will validate the infrastructure matches the desired state.

A terraform apply will run its own state refresh and see the configuration matches the deployed infrastructure, so no changes will be made to the infrastructure.

60
Q
A
61
Q

In the terraform block, which configuration would be used to identify the specific version of a provider required?

a) required_providers
b) required_versions
c) required-version
d) required-provider

A

a) required_providers

To identify a specific version of a provider in Terraform, you can use the required_providers configuration block. This block allows you to specify the provider’s name and the version range you want to use by using Terraform’s version constraints syntax.

62
Q

What is the primary function of Terraform Cloud agents?

a) monitor and troubleshoot Terraform deployments
b) provide remote access to Terraform workspaces
c) execute Terraform plans and apply changes to infrastructure
d) store and manage Terraform state files

A

c) execute Terraform plans and apply changes to infrastructure

Terraform Cloud agents are lightweight programs deployed within your target infrastructure environment. Their primary function is to receive Terraform plans from Terraform Cloud, execute those plans locally, and apply the desired infrastructure changes. This allows you to manage private or on-premises infrastructure with Terraform Cloud without opening your network to public ingress traffic.

63
Q
A

Terraform (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions