Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Terraform associate exam questions with correct answers
Typology: Exams
1 / 18
If a module declares a variable with a default, that variable must also be defined within the module. A. True B. False CORRECT ANSWER B Which option cannot be used to keep secrets out of Terraform configuration files? A. Environment Variables B. Mark the variable as sensitive C. A Terraform provider D. A -var flag CORRECT ANSWER B Which of the following arguments are required when declaring a Terraform output? A. sensitive B. description C. default D. value CORRECT ANSWER D Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Enterprise automatically and proactively enforce this security control?
A. With a Sentinel policy, which runs before every apply B. By adding variables to each TFE workspace to ensure these settings are always enabled C. With an S3 module with proper settings for buckets D. Auditing cloud storage buckets with a vulnerability scanning tool CORRECT ANSWER A Most Terraform providers interact with ____________. A. API B. VCS Systems C. Shell scripts D. None of the above CORRECT ANSWER A terraform validate validates that your infrastructure matches the Terraform state file. A. True B. False CORRECT ANSWER B What does terraform import allow you to do? A. Import a new Terraform module B. Use a state file to import infrastructure to the cloud C. Import provisioned infrastructure to your state file
D. Import an existing state file to a new Terraform workspace CORRECT ANSWER C FILL BLANK - In the below configuration, how would you reference the module output vpc_id? module "vpc" { source = "terraform-and-modules/vpc/aws" cidr = "10.0.0.0/16" name = "test-vpc". } Type your answer in the field provided. The text field is not case sensitive and all variations of the correct answer are accepted. CORRECT ANSWER module.vpc.id How would you reference the Volume IDs associated with the ebs_block_device blocks in this configuration? resource "aws_instance" "example" { ami = "ami-abc123" instance_type = "t2.micro" } ebs_block_device { device_name = "sda2" volume_size = 16
ebs_block_device { device_name = "sda3" volume_size = 20 } A. aws_instance.example.ebs_block_device.[*].volume_id B. aws_instance.example.ebs_block_device.volume_id C. aws_instance.example.ebs_block_device[sda2,sda3].volume_id D. aws_inst CORRECT ANSWER A(57%) - D(43%) What does state locking accomplish? A. Copies the state file from memory to disk B. Encrypts any credentials stored within the state file C. Blocks Terraform commands from modifying the state file D. Prevents accidental deletion of the state file CORRECT ANSWER C You just upgraded the version of a provider in an existing Terraform project. What do you need to do to install the new provider? A. Run terraform apply -upgrade B. Run terraform init -upgrade C. Run terraform refresh D. Upgrade your version of Terraform CORRECT ANSWER B
A module can always refer to all variables declared in its parent module. A. True B. False CORRECT ANSWER B When you use a remote backend that needs authentication, HashiCorp recommends that you: A. Use partial configuration to load the authentication credentials outside of the Terraform code B. Push your Terraform configuration to an encrypted git repository C. Write the authentication credentials in the Terraform configuration files D. Keep the Terraform configuration files in a secret store CORRECT ANSWER A You have a simple Terraform configuration containing one virtual machine (VM) in a cloud provider. You run terraform apply and the VM is created successfully. What will happen if you terraform apply again immediately afterwards without changing any Terraform code? A. Terraform will terminate and recreate the VM B. Terraform will create another duplicate VM C. Terraform will apply the VM to the state file D. Nothing CORRECT ANSWER D A junior admin accidentally deleted some of your cloud instances. What does Terraform do when you run terraform apply?
A. Build a completely brand new set of infrastructure B. Tear down the entire workspace infrastructure and rebuild it C. Rebuild only the instances that were deleted D. Stop and generate an error message about the missing instances CORRECT ANSWER C You have created a main.tr Terraform configuration consisting of an application server, a database, and a load balancer. You ran terraform apply and all resources were created successfully. Now you realize that you do not actually need the load balancer so you run terraform destroy without any flags What will happen? A. Terraform will destroy the application server because it is listed first in the code B. Terraform will prompt you to confirm that you want to destroy all the infrastructure C CORRECT ANSWER B Which type of block fetches or computes information for use elsewhere in a Terraform configuration? A. provider B. resource C. local D. data CORRECT ANSWER D You have just developed a new Terraform configuration for two virtual machines with a cloud provider. You would like to create the infrastructure for the first time. Which Terraform command should you run first?
A. terraform apply B. terraform plan C. terraform show D. terraform init CORRECT ANSWER D All modules published on the official Terraform Module Registry have been verified by HashiCorp. A. True B. False CORRECT ANSWER B You have to initialize a Terraform backend before it can be configured. A. True B. False CORRECT ANSWER A(63%) - B(38%) Which of the following does terraform apply change after you approve the execution plan? (Choose two.) A. Cloud infrastructure B. The .terraform directory C. The execution plan D. State file E. Terraform code CORRECT ANSWER A D
A Terraform backend determines how Terraform loads state and stores updates when you execute ___________. A. apply B. taint C. destroy D. All of the above E. None of the above CORRECT ANSWER D What does Terraform use .terraform.lock.hcl file for? A. Tracking provider dependencies B. There is no such file C. Preventing Terraform runs from occurring D. Storing references to workspaces which are locked CORRECT ANSWER A You've used Terraform to deploy a virtual machine and a database. You want to replace this virtual machine instance with an identical one without affecting the database. What is the best way to achieve this using Terraform? A. Use the terraform state rm command to remove the VM from state file B. Use the terraform taint command targeting the VMs then run terraform plan and terraform apply. C. Use the terraform apply command targeting the VM resources only D. Delete the Terraform VM resource CORRECT ANSWER B How do you specify a module's version when publishing it to the public Terraform Module Registry?
A. The module's configuration page on the Terraform Module Registry B. Terraform Module Registry does not support versioning modules C. The release tags in the associated repo D. The module's Terraform code CORRECT ANSWER C Terraform plan updates your state file. A. True B. False CORRECT ANSWER B To check if all code in a Terraform configuration with multiple modules is properly formatted without making changes, what command should be run? A. terraform fmt -check B. terraform fmt -write-false C. terraform fmt ג"€list -recursive D. terraform fmt -check -recursive CORRECT ANSWER D As a member of the operations team, you need to run a script on a virtual machine created by Terraform. Which provision is best to use in your Terraform code? A. null-ex׀μׁ B. local-exec C. remote-exec D. file CORRECT ANSWER C
You are using a networking module in your Terraform configuration with the name label my_network. In your main configuration you have the following code: output: "net_id" { value = module.my_network.vnet_id } When you run terraform validate, you get the following error: Error: Reference to undeclared output value on main.tf line 12, in output "net_id": 12: value = module.my_network.vnet_id What must you do to successfully retrieve this value from your networking module? A. Define the at CORRECT ANSWER C You are writing a child Terraform module which provisions an AWS instance. You want to make use of the IP address returned in the root configuration. You name the instance resource "main". Which of these is the correct way to define the output value using HCL2? A. output "instance_ip_addr" {
value = "${aws_instance.main.private_id}" } B. output "instance_ip_addr" { return aws_instance.main.private_id } CORRECT ANSWER A How can a ticket-based system slow down infrastructure provisioning and limit the ability to scale? (Choose two.) A. A full audit trail of the request and fulfillment process is generated B. A request must be submitted for infrastructure changes C. As additional resources are required, more tickets are submitted D. A catalog of approved resources can be accessed from drop down lists in a request form CORRECT ANSWER B C Which of the following statements about Terraform modules is not true? A. Modules must be publicly accessible B. Modules can be called multiple times C. Module is a container for one or more resources D. Modules can call other modules CORRECT ANSWER A Which Terraform collection type should you use to store key/value pairs? A. tuple
B. set C. ma ׁ€ D. list CORRECT ANSWER C You have used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your Terraform configuration. To be safe, you would like to first see all the infrastructure that will be deleted by Terraform. Which command should you use to show all of the resources that will be deleted? (Choose two.) A. Run terraform plan -destroy B. Run terraform show -destroy C. Run terraform destroy and it will first output all the resou CORRECT ANSWER A C When do you need to explicitly execute terraform refresh? A. Before every terraform plan B. Before every terraform apply C. Before every terraform import D. None of the above CORRECT ANSWER D All Terraform Cloud tiers support team management and governance. A. True B. False CORRECT ANSWER B
What advantage does an operations team that uses infrastructure as code have? A. The ability to delete infrastructure B. The ability to update existing infrastructure C. The ability to reuse best practice configurations and settings D. The ability to autoscale a group of servers CORRECT ANSWER C You have modified your Terraform configuration to fix a typo in the Terraform ID of a resource from aws_security_group.http to aws_security_group.http Original Configuration: resource "aws_security_group" "htp" { name = "http" ingress { from_port = "80" to_port = "80" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } Updated Configuration: resource "aws_security_group" "http" { name = "http" ingress { from_port = "80"
to_port = "80" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } CORRECT ANSWER A You are creating a Terraform configuration which needs to make use of multiple providers, one for AWS and one for Datadog. Which of the following provider blocks would allow you to do this? A. provider { "aws" { profile = var.aws_profile region = var.aws_region } "datadog" { api_key = var.datadog_api_key app_key = var.datadog_app_key } } B. provider "aws" { profile = var.aws_profile region = var.aws_region }
"datadog" { api_key = var.datadog_api_key app_key = var.datadog_app_key CORRECT ANSWER B Terraform variable names are saved in the state file. A. True B. False CORRECT ANSWER B Terraform Cloud is available only as a paid offering from HashiCorp. A. True B. False CORRECT ANSWER B Which of the following is not a way to trigger terraform destroy? A. Using the destroy command with auto-approve B. Running terraform destroy from the correct directory and then typing "yes" when prompted in the CLI C. Passing --destroy at the end of a plan request D. Delete the state file and run terraform apply CORRECT ANSWER C Which of the following is not an advantage of using infrastructure as code operations?
A. Self-service infrastructure deployment B. Troubleshoot via a Linux diff command C. Public cloud console configuration workflows D. Modify a count parameter to scale resources E. API driven workflows CORRECT ANSWER B You're writing a Terraform configuration that needs to read input from a local file called id_rsa.pub. Which built-in Terraform function can you use to import the file's contents as a string? A. fileset("id_rsa.pub") B. filebase64("id_rsa.pub") C. templatefile("id_rsa.pub") D. file("id_rsa.pub") CORRECT ANSWER D What does Terraform use providers for? (Choose three.) A. Provision resources for on-premises infrastructure services B. Simplify API interactions C. Provision resources for public cloud infrastructure services D. Enforce security and compliance policies E. Group a collection of Terraform configuration files that map to a single state file CORRECT ANSWER A B C (55%) - B C E (36%) You can reference a resource created with for_each using a Splat (*) expression. , A. True
B. False CORRECT ANSWER B How does Terraform determine dependencies between resources? A. Terraform automatically builds a resource graph based on resources, provisioners, special meta-parameters, and the state file, if present. B. Terraform requires all dependencies between resources to be specified using the depends_on parameter C. Terraform requires resources in a configuration to be listed in the order they will be created to determine dependencies D. Terraform requires resource dependencies to be defined as modu CORRECT ANSWER A Which parameters does terraform import require? (Choose two.) A. Path B. Provider C. Resource ID D. Resource address CORRECT ANSWER C D Once a new Terraform backend is configured with a Terraform code block, which command(s) is (are) used to migrate the state file? A. terraform apply B. terraform push C. terraform destroy, then terraform apply D. terraform init CORRECT ANSWER D B
What does this code do? terraform { required_providers { aws = "~> 3.0" } } A. Requires any version of the AWS provider >= 3.0 and < 4. B. Requires any version of the AWS provider >= 3. C. Requires any version of the AWS provider after the 3.0 major release, like 4. D. Requires any version of the AWS provider > 3.0 CORRECT ANSWER A(62%) - B(38%)