Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Terraform associate exam questions with correct answers, Exams of Law

Terraform associate exam questions with correct answers

Typology: Exams

2024/2025

Available from 11/29/2024

EXAMDOC
EXAMDOC 🇺🇸

3.3

(4)

4.5K documents

1 / 14

Toggle sidebar

Related documents


Partial preview of the text

Download Terraform associate exam questions with correct answers and more Exams Law in PDF only on Docsity!

Terraform associate exam questions with correct

answers

What does terraform refresh modify? A. Your cloud infrastructure B. Your state file C. Your Terraform plan D. Your Terraform configuration CORRECT ANSWER B Which of the following is not valid source path for specifying a module? A. source = "./modulelversion=v1.0.0" B. source = "github.com/hashicorp/example?ref=v1.0.0" C. source = "./module" D. source = "hashicorp/consul/aws" CORRECT ANSWER A Which of the following is true about terraform apply? (Choose two.) A. It only operates on infrastructure defined in the current working directory or workspace B. You must pass the output of a terraform plan command to it C. Depending on provider specification, Terraform may need to destroy and recreate your infrastructure resources D. By default, it does not refresh your state file to reflect current infrastructure configuration E. You cannot target specific resources for the operation CORRECT ANSWER A C

Which of the following statements about local modules is incorrect? A. Local modules are not cached by terraform init command B. Local modules are sourced from a directory on disk C. Local modules support versions D. All of the above (all statements above are incorrect) E. None of the above (all statements above are correct) CORRECT ANSWER C Which of the following is true about Terraform's implementation of infrastructure as code? (Choose two.) A. It is only compatible with AWS infrastructure management B. You cannot reuse infrastructure configuration C. You can version your infrastructure configuration D. It requires manual configuration of infrastructure resources E. It allows you to automate infrastructure provisioning CORRECT ANSWER C E You need to write some Terraform code that adds 42 firewall rules to a security group as shown in the example. resource "aws_security_group" "many_rules" { name = "many-rules" ingress { from_port = 443 to_port = 443

protocol = "tcp" cidr_blocks = "0.0.0.0/0" } } What can you use to avoid writing 42 different nested ingress config blocks by hand? A. A count loop B. A for block C. A for each block D. A dynamic block CORRECT ANSWER D Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace? A. Write the value to a file and specify the file with the -var-file flag B. Set a value for the variable in the UI and check the "Sensitive" check box C. Edit the state file directly just before running terraform apply D. Set the variable value on the command line with the -var flag CORRECT ANSWER B terraform apply will fail if you have not am terraform plan first to update the plan output. A. True B. False CORRECT ANSWER B

How would you reference the attribute "name" of this fictitious resource in HCL? resource "kubernetes_namespace" "example" { name = "test" } A. resource.kubernetes_namespace.example.name B. kubernetes_namespace.test.name C. kubernetes_namespace.example.name D. data.kubernetes_namespace.name E. None of the above CORRECT ANSWER C A Terraform output that sets the "sensitive" argument to true will not store that value in the state file. A. True B. False CORRECT ANSWER B Which are forbidden actions when the Terraform state file is locked? (Choose three.) A. terraform destroy B. terraform fmt C. terraform state list D. terraform apply

E. terraform plan F. terraform validate CORRECT ANSWER A D E Terraform installs its providers during which phase? A. Plan B. Init C. Refresh D. All of the above CORRECT ANSWER B When does Sentinel enforce policy logic during a Terraform Enterprise run? A. Before the plan phase B. During the plan phase C. Before the apply phase D. After the apply phase CORRECT ANSWER C What is the purpose of a Terraform workspace in either open source or enterprise? A. Workspaces allow you to manage collections of infrastructure in state files B. A logical separation of business units C. A method of grouping multiple infrastructure security policies D. Provides limited access to a cloud environment CORRECT ANSWER A Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example git::https://example.com/vpc.git)?

A. Append ?ref=v1. 0. 0 argument to the source path B. Add version = "1.0.0" parameter to module block C. Nothing ג "€modules stored on GitHub always default to version 1.0.0 D. Modules stored on GitHub do not support versioning CORRECT ANSWER A Changing the Terraform backend from the default "local" backend to a different one after doing your first terraform apply is: A. Mandatory B. Optional C. Impossible D. Discouraged CORRECT ANSWER B You have modified your local Terraform configuration and ran terraform plan to review the changes. Simultaneously, your teammate manually modified the infrastructure component you are working on. Since you already ran terraform plan locally, the execution plan for terraform apply will be the same. A. True B. False CORRECT ANSWER B terraform apply is failing with the following error. What next step should you take to determine the root cause of the problem? Error loading state: AccessDenied: Access Denied status code: 403, request id: 288766CE5CCA24A0, host id: FOOBAR

A. Set TF_LOG=DEBUG B. Review syslog for Terraform error messages C. Run terraform login to reauthenticate with the provider D. Review /var/log/terraform.log for error messages CORRECT ANSWER A As a member of an operations team that uses infrastructure as code (IaC) practices, you are tasked with making a change to an infrastructure stack running in a public cloud. Which pattern would follow IaC best practices for making a change? A. Clone the repository containing your infrastructure code and then run the code B. Use the public cloud console to make the change after a database record has been approved C. Make the change programmatically via the public cloud CLI D. Make the change CORRECT ANSWER E What command can you run to generate DOT (Document Template) formatted data to visualize Terraform dependencies? A. terraform refresh B. terraform show C. terraform graph D. terraform output CORRECT ANSWER C Which provider authentication method prevents credentials from being stored in the state file? A. Using environment variables

B. Specifying the login credentials in the provider block C. Setting credentials as Terraform variables D. None of the above CORRECT ANSWER A Running terraform fmt without any flags in a directory with Terraform configuration files will check the formatting of those files without changing their contents. A. True B. False CORRECT ANSWER B terraform init retrieves the source code for all referenced modules. A. True B. False CORRECT ANSWER A(60%) - B(40%) You have a Terraform configuration that defines a single virtual machine with no references to it. You have run terraform apply to create the resource, and then removed the resource definition from your Terraform configuration file. What will happen when you run terraform apply in the working directory again? A. Nothing B. Terraform will destroy the virtual machine C. Terraform will error D. Terraform will remove the virtual machine from the state file, but the resource will still exist CORRECT ANSWER B

Which configuration consistency errors does terraform validate report? A. A mix of spaces and tabs in configuration files B. Differences between local and remote state C. Terraform module isn't the latest version D. Declaring a resource identifier more than once CORRECT ANSWER D In Terraform HCL, an object type of object({ name=string, age=number }) would match this value: A. { name = "John" age = fifty two } B. { name = "John" age = 52 } CORRECT ANSWER B Where can Terraform not load a provider from? A. Source code B. Plugins directory C. Official HashiCorp distribution on releases.hashicorp.com

D. Provider plugin cache CORRECT ANSWER A(50%) - B(50%) Which of the following locations can Terraform use as a private source for modules? (Choose two.) A. Internally hosted SCM (Source Control Manager) platform B. Public Terraform Module Registry C. Private repository on GitHub D. Public repository on GitHub CORRECT ANSWER A C Why should secrets not be hard coded into Terraform code? (Choose two.) A. It makes the code less reusable. B. Terraform code is typically stored in version control, as well as copied to the systems from which it's run. Any of those may not have robust security mechanisms. C. The Terraform code is copied to the target resources to be ap CORRECT ANSWER B C If a Terraform creation-time provisioner fails, what will occur by default? A. The resource will not be affected, but the provisioner will need to be applied again B. The resource will be destroyed C. The resource will be marked as "tainted" D. Nothing, provisioners will not show errors in the command line CORRECT ANSWER C

When should Terraform configuration files be written when running terraform import on existing infrastructure? A. Infrastructure can be imported without corresponding Terraform code B. Terraform will generate the corresponding configuration files for you C. You should write Terraform configuration files after the next terraform import is executed D. Terraform configuration should be written before terraform import is executed CORRECT ANSWER D(67%) - C(33%) Which command lets you experiment with Terraform's built-in functions? A. terraform env B. terraform console C. terraform test D. terraform validate CORRECT ANSWER B Why does this backend configuration not follow best practices? terraform { backend "s3" { bucket = "terraform-state-prod" key = "network/terraform.tfstate" region = "us-east-1" access_key = "AKIAIOSFODNN7EXAMPLE" secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

}

required_providers { aws = { source = "hashicorp/aws" version = "~> 3.38" } } required_version = ">= 0.15" } A. You should not store credentials in Terraform Configuration B. You should use the local enhanced st CORRECT ANSWER A Open source Terraform can only import publicly-accessible and open-source modules. A. True B. False CORRECT ANSWER A What does terraform destroy do? A. Destroy all infrastructure in the Terraform state file B. Destroy all Terraform code files in the current directory while leaving the state file intact C. Destroy all infrastructure in the configured Terraform provider

D. Destroy the Terraform state file while leaving infrastructure intact CORRECT ANSWER A While attempting to deploy resources into your cloud provider using Terraform, you begin to see some odd behavior and experience sluggish responses. In order to troubleshoot you decide to turn on Terraform debugging. Which environment variables must be configured to make Terraform's logging more verbose? A. TF_LOG_LEVEL B. TF_LOG_FILE C. TF_LOG D. TP_LOG_PATH CORRECT ANSWER C If a DevOps team adopts AWS CloudFormation as their standardized method for provisioning public cloud resources, which of the following scenarios poses a challenge for this team? A. The team is asked to build a reusable code base that can deploy resources into any AWS region B. The team is asked to manage a new application stack built on AWS-native services C. The organization decides to expand into Azure and wishes to deploy new infrastructure using their existing codebase D. The DevOps te CORRECT ANSWER C You cannot install third party plugins using terraform init. A. True

B. False CORRECT ANSWER B Which of the following can you do with terraform plan? (Choose two.) A. Save a generated execution plan to apply later B. Execute a plan in a different workspace C. View the execution plan and check if the changes match your expectations D. Schedule Terraform to run at a planned time in the future CORRECT ANSWER A C Which are examples of infrastructure as code? (Choose two.) A. Cloned virtual machine images B. Change management database records C. Versioned configuration files D. Docker files CORRECT ANSWER C D FILL BLANK - You need to migrate a workspace to use a remote backend. After updating your configuration, what command do you run to perform the migration? Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted. CORRECT ANSWER terraform init