5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate

ng N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Terraform Variables and Outputs

CODING N CONCEPTS Terraform Module

Terraform Security
ASHISH LAHOTI'S TECHNICAL BLOG
Terraform Workspace

MENU Terraform Version Constraint

Terraform Types and Functions

Hashicorp Terraform Associate (003) Exam Questions

A comprehensive list of 200+ unique practice exam questions for Hashicorp Terraform Associate Certification (003).
Ashish Lahoti Last Modified: May 13, 2023 Cloud

PAGE CONTENT
200+ Practice Exam Questions
200+ Practice Exam Questions
Infrastructure as Code (IaC) Go through the list of compiled questions for Hashicorp Terraform Associate certification (003) exam. All the exam questions are
Terraform Cloud categorized based on different Terraform features for easy navigation. It is not an exam dump but you can expect similar questions in
Terraform Configuration the real exam.

Terraform State
It took a lot of effort to compile these questions. If these exam questions helped you in the preparation, consider
Terraform Commands

Terraform Backend
Also follow the post for exam guide and notes:- Hashicorp Terraform Associate (003) Exam Guide
Terraform Provisioners

Terraform Providers Happy Learning and best of luck for the exam!
Terraform Resources

Infrastructure as Code (IaC)

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 1/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 2/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q1. What is the advantage of Infrastructure as Code tools like Terraform? Q4. Which are some of the benefits of using Infrastructure as Code in an organization? (select three)

⬜ Manage and track infrastructure ⬜ IaC is written as an imperative approach, where specific commands need to be executed in the correct order
⬜ Automate infrastructure changes ⬜ IaC uses a human-readable configuration language to help you write infrastructure code quickly
⬜ Resusable configuration ⬜ IaC allows you to commit your configurations to version control to safely collaborate on infrastructure
⬜ Collaboration using VCS (version control system) ⬜ IaC code can be used to manage infrastructure on multiple cloud platforms
⬜ All of the above

Reference: https://developer.hashicorp.com/terraform/intro Q5. Which is NOT a benefit of using Infrastructure as Code with Terraform?

⬜ You can commit your configurations to version control to safely collaborate on infrastructure
Q2. Which of the following best describes Terraform? ⬜ Manage infrastructure on multiple cloud platforms
⬜ Reducing vulnerabilities in your publicly-facing applications
⬜ A programming language ⬜ The human-readable configuration language helps you write infrastructure code quickly
⬜ An infrastructure as code (IaC) tool
⬜ A cloud provider Reference: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/infrastructure-as-code
⬜ A containerization tool

Reference: https://developer.hashicorp.com/terraform/intro Q6. Does Terraform support multiple cloud deployment?

⬜ true
Q3. What is the main advantage to use Terraform as the IaC tool? ⬜ false

⬜ Terraform can manage infrastructure on multiple cloud platforms. Terraform lets you use the same workflow to manage multiple providers and handle cross-cloud dependencies. This simplifies management and
⬜ Terraform’s state allows you to track resource changes throughout your deployments. orchestration for large-scale, multi-cloud infrastructures.
⬜ You can commit your configurations to version control to safely collaborate on infrastructure. Reference: https://developer.hashicorp.com/terraform/intro/use-cases#multi-cloud-deployment
⬜ All of the above

Reference: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/infrastructure-as-code Q7. What is the core terraform workflow?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 3/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 4/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Plan, write, apply. Q10. Which of the following Terraform feature is available in the Enterprise edition but NOT in Terraform Cloud for
⬜ Write, plan, apply. Business edition?
⬜ Apply, write, plan.
⬜ Apply, plan, write. ⬜ Application-level logging
⬜ SSO (Single Sign On)
Reference: https://developer.hashicorp.com/terraform/intro/core-workflow ⬜ Drift detection
⬜ Audit logging
Terraform Cloud
Reference: https://www.hashicorp.com/products/terraform/pricing

Q8. What are three Terraform Cloud features? (Choose 3 answers)

Q11. Your boss has asked you to come up with a new cloud automation provider that supports a Private Module registry as
⬜ Remote state management. part of the offering. Which Cloud Provider and plan do you choose?
⬜ Remote Terraform Execution.
⬜ Private Module Registry. ⬜ Terraform Cloud with a Terraform Enterprise
⬜ Terraform Linting. ⬜ Amazon Web Services and the Enterprise Terraform Plus Plan
⬜ The Azure Supercharged Automation Professional Direct plan from Microsoft
Reference: https://developer.hashicorp.com/terraform/cloud-docs/overview ⬜ The Google GCP Terraform Deluxe Plan

https://developer.hashicorp.com/terraform/cloud-docs/registry#private-providers-and-modules
Q9. Which of the following options are NOT available in Terraform OSS/CLI and Terraform Cloud Free Tier?

⬜ Audit Logging Terraform Configuration

⬜ Policy as code (Sentinel)
⬜ Workspaces
⬜ Public Module Registry Q12. Which file is typically used to define resources in a Terraform configuration?
⬜ Single Sign-On (SSO)
⬜ main.tf
Reference: https://www.hashicorp.com/products/terraform/pricing ⬜ terraform.tfvars
⬜ variables.tf
⬜ outputs.tf
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 5/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 6/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

The main.tf will contain the main set of configuration for your module. You can also create other configuration files and organize them however Q14. Which of the following is NOT a valid Terraform block type?
makes sense for your project. The variables.tf and outputs.tf contains the variable and output definitions for your module. A typical file
structure for the module is:- ⬜ provider
⬜ resource
⬜ output
.
⬜ module
├── LICENSE
⬜ data
├── README.md
⬜ bucket
├── main.tf
├── variables.tf
Terraform has following block types: terraform, provider, resource, variable, locals, data, module, output, and provisioner
├── outputs.tf
Reference: https://dev.to/af/hashicorp-configuration-language-hcl-blocks-5627

Reference: https://developer.hashicorp.com/terraform/tutorials/modules/module-create
Q15. What is the workflow for deploying new infrastructure with Terraform?

⬜ terraform plan to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
Q13. In the following code snippet, the block type is identified by which string?
⬜ Write a Terraform configuration, run terraform show to view proposed changes, and terraform apply to create new infrastructure.
⬜ terraform import to import the current infrastructure to the state file, make code changes, and terraform apply to update the
resource "aws_instance" "db" { infrastructure.
ami = "ami-123456" ⬜ Write a Terraform configuration, run terraform init, run terraform plan to view planned infrastructure changes, and terraform apply to
instance_type = "t2.micro" create new infrastructure.
}
Reference: https://developer.hashicorp.com/terraform/intro/core-workflow

⬜ resource
⬜ aws_instance Q16. Which language does terraform configuration support from the below list?
⬜ db
⬜ instance_type
⬜ XML
⬜ JSON
Reference: https://developer.hashicorp.com/terraform/language/syntax/configuration#blocks

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 7/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 8/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Hashicorp Configuration Language (HCL) Q19. Terraform is distributed as a single binary and available for many different platforms. Which of the following platform
⬜ YAML is NOT supported?

Reference: https://developer.hashicorp.com/terraform/language/syntax ⬜ Solaris

⬜ AIX
⬜ FreeBSD
Q17. When writing Terraform code, how many spaces between each nesting level does HashiCorp recommends that you ⬜ OpenBSD
use?
There is no Terraform binary for AIX. Terraform is available for:- macOS, Windows, Linux, FreeBSD, OpenBSD, and Solaris.
⬜4 Reference: https://developer.hashicorp.com/terraform/downloads
⬜2
⬜1
⬜5 Q20. Which of the following Terraform files should be ignored by Git when committing code to a repo? (select two)

Reference: https://developer.hashicorp.com/terraform/language/syntax/style ⬜ output.tf

⬜ terraform.tfstate
⬜ terraform.tfvars
Q18. Which of the following statements represents the most accurate statement about the Terraform language?
⬜ variables.tf

⬜ Terraform is a mutable, imperative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or
The .tfstate and .tfvars might contain sensitive data and should be added in .gitignore file
optionally YAML.
Reference: https://github.com/github/gitignore/blob/main/Terraform.gitignore
⬜ Terraform is an immutable, declarative, Infrastructure as Code provisioning language based on Hashicorp Configuration Language, or
optionally JSON.
⬜ Terraform is a mutable, declarative, Infrastructure as Code configuration management language based on Hashicorp Configuration
Q21. You have been given requirements to create a security group for a new application. Since your organization
Language, or optionally JSON. standardizes on Terraform, you want to add this new security group with the fewest number of lines of code. What feature
⬜ Terraform is an immutable, imperative, Infrastructure as Code configuration management language based on Hashicorp Configuration could you use to iterate over a list of required tcp ports to add to the new security group?
Language, or optionally JSON.
⬜ terraform import
Configuration management tool like Chef and Puppet install and manage software on a machine that already exists. Terraform is not a configuration ⬜ dynamic blocks
management tool, it is an Infrastructure provisioning tool to bootstrap and initialize resources.
Reference: https://developer.hashicorp.com/terraform/intro/vs/chef-puppet
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 9/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 10/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ splat expression Q24. Terraform remembers the compatible version of dependencies such as providers and modules through dependency
⬜ dynamic backend lock file. What is the name of that file?

You can dynamically construct repeatable nested blocks using a special dynamic block type, which is supported inside resource , data , ⬜ .terraform.lock.hcl
provider , and provisioner blocks ⬜ .terraform.lock.tf
Reference: https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks ⬜ .dependency.lock.hcl
⬜ .dependency.lock.tf

Q22. Which of the following is the best description of a dynamic block? The dependency lock file is always named .terraform.lock.hcl , and this name is intended to signify that it is a lock file for various items that
Terraform caches in the .terraform subdirectory of your working directory. Terraform automatically creates or updates the dependency lock file
⬜ requests that Terraform read from a given data source and export the result under the given local name each time you run the terraform init command. You should include this file in your version control repository so that you can discuss potential
⬜ declares a resource of a given type with a given local name
changes to your external dependencies via code review, just as you would discuss potential changes to your configuration itself.
⬜ produces nested configuration blocks instead of a complex typed value
Reference: https://developer.hashicorp.com/terraform/language/files/dependency-lock
⬜ exports a value exported by a module or configuration

A dynamic block acts much like a for expression, but produces nested blocks instead of a complex typed value
Q25. Terraform Core is a statically-compiled binary written in the ______ programming language.
Reference: https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks

⬜ Java
⬜ C#
Q23. Which one of the following is considered as a Terraform plugin?
⬜ Python
⬜ Terraform provisioner ⬜ Go
⬜ Terraform module
Terraform Core is a statically-compiled binary written in the Go programming language. The compiled binary is the command line tool (CLI)
⬜ Terraform provider
terraform , the entrypoint for anyone using Terraform. The code is open source and hosted at https://github.com/hashicorp/terraform.
⬜ Terraform registry
Reference: https://developer.hashicorp.com/terraform/plugin/how-terraform-works#terraform-core

A provider is a plugin that allows Terraform to manage a specific cloud provider or service.
Reference: https://developer.hashicorp.com/terraform/plugin
Q26. Terraform builds a dependency graph from the Terraform configurations. Which is NOT a correct step of building a
Graph?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 11/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 12/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Resources are mapped to provisioners if they have any defined. No, terraform state file not always match to the cloud resources if there is any manual update in the resources from cloud console.
⬜ Resources are mapped to providers. Reference: https://developer.hashicorp.com/terraform/language/state
⬜ Resources nodes are added to the graph from the configuration.
⬜ Resources are not added to the graph that are no longer present in the configuration but are present in the state file.
Q29. Usernames and passwords referenced in the Terraform code, even as variables, will end up in plain text in the state
If a state is present, any “orphan” resources are added to the graph. Orphan resources are any resources that are no longer present in the file?
configuration but are present in the state file. Orphans never have any configuration associated with them, since the state file does not store
configuration. ⬜ true
Reference: https://developer.hashicorp.com/terraform/internals/graph#building-the-graph ⬜ false

Terraform state can contain sensitive data, depending on the resources in use and your definition of “sensitive.” The state contains resource IDs and all
resource attributes. For resources such as databases, this may contain usernames and passwords.
Terraform State Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data

Q27. Which of the following best describes a Terraform state file?

Q30. Without using a state file, terraform can inspect cloud resources on every run to validate that the real-world
resources match the desired state.
⬜ A file that contains a list of available Terraform providers
⬜ A file that stores the current state of infrastructure managed by Terraform ⬜ true
⬜ A file that contains a list of Terraform modules used in a configuration ⬜ false
⬜ A file that stores the output of a Terraform plan
State is a necessary requirement for Terraform to function. Terraform requires state file to map Terraform config to the real world.
Reference: https://developer.hashicorp.com/terraform/language/state Reference: https://developer.hashicorp.com/terraform/language/state/purpose

Q28. The Terraform state always matches to the remote cloud resources defined in the configuration? Q31. You injected some secrets from variables into your Terraform configuration. What happens after you run the
terraform apply command and they are loaded into state?
⬜ true
⬜ false ⬜ They are shown in clear-text.
⬜ They are shown as their referenced variables.

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 13/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 14/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ They are shown as encrypted values.
⬜ They are omitted from state.
Terraform state can contain sensitive data, depending on the resources in use and your definition of “sensitive.” The state contains resource IDs and all
resource attributes. For resources such as databases, this may contain initial passwords.
Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data
Q32. What is the name of the default file where Terraform stores the state?
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
⬜ By configuring a remote backend such that multiple teams can work in tandem and know which resources are being created and
destroyed.
⬜ By sticking the state in a cloud instance, and having team members SSH into the instance to work on their configuration files.
⬜ Having your state synced to a github repo for members to compare to.
⬜ By using the daily standup you are a part of sot that you can share changes to the state file.
Remote state is the recommended solution to this problem. With a fully-featured state backend, Terraform can use remote locking as a measure to
avoid two or more different users accidentally running Terraform at the same time, and thus ensure that each Terraform run begins with the most
recent updated state.
Reference: https://developer.hashicorp.com/terraform/language/state/purpose#syncing

⬜ terraform.tfstate Q35. You are part of a large DevOps team using the current version of Terraform, and there can be multiple changes going
on to your terraform files across the company. What would you do to ensure that the state file is locked when you run
Reference: https://developer.hashicorp.com/terraform/language/state terraform apply ?

⬜ Add the -lock=true flag to the command.

Q33. Where is the default location that Terraform stores its state in? ⬜ Nothing, terraform will manage the locking by itself.
⬜ First run terraform plan to lock in your proposed changes. Then run terraform apply to commit them.
⬜ The current working directory in which Terraform was run.
⬜ Add the -state-lock=true to the command.
⬜ At the users root directory.
⬜ In the same location that Terraform is installed. E.g. /usr/bin/terraform State locking happens automatically on all operations that could write state. You won’t see any message that it is happening. If state locking fails,
⬜ In ~/.terraform.d/plugins Terraform will not continue. You can disable state locking for most commands with the -lock flag but it is not recommended.
Reference: https://developer.hashicorp.com/terraform/language/state/locking
In the default configuration, Terraform stores the state in a file in the current working directory where Terraform was run.
Reference: https://developer.hashicorp.com/terraform/language/state/purpose#syncing

Q36. If supported by your backend, Terraform will lock your state for all operations that could write state. What purpose
does this serve?
Q34. What is the recommended way to implement Terraform’s state for larger teams?
⬜ Prevents others from committing Terraform code that could override your updates.
⬜ Locks colleagues from making manual changes to the managed infrastructure
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 15/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 16/90
5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ This prevents others from acquiring the lock and potentially corrupting your state. Q39. You manage the AWS cloud resources using Terraform and want to follow new naming standard for the local name
⬜ Ensures the state file cannot be moved after the initial terraform apply within resource block. However, you don’t want Terraform to replace the object after changing your configuration files.
How can you change the local name from data-bucket to prod-aws-s3-bucket in the following resource block:-
Reference: https://developer.hashicorp.com/terraform/language/state/locking

resource "aws_s3_bucket" "data-bucket" {

Q37. Which of the following Terraform backend type supports state locking? bucket = "prod-data-bucket"

⬜ consul tags = {

⬜ kubernetes Name = "prod-data-bucket"

Environment = "prod"
⬜ s3
}
⬜ All of the above
}

Not all backends support locking. Following Terraform backend types supports state locking:- local, remote, azurerm, consul, cos, gcs, http, kubernetes,
oss, pg, and s3
After renaming the local name of the resource block, what command would you run to update the local name while ensuring Terraform does
Reference: https://developer.hashicorp.com/terraform/language/state/locking
not replace the existing resource?

⬜ terraform apply -refresh-only

Q38. You manage the AWS cloud resources using Terraform and want to destroy all dev resources to save cost. However,
your team member request you to keep the Amazon Aurora dev instance running. How can you destroy all cloud resources ⬜ terrafrorm apply -replace aws_s3_bucket.data-bucket

without impacting the database instance? ⬜ terraform state mv aws_s3_bucket.data-bucket aws_s3_bucket.prod-aws-s3-bucket

⬜ run terraform state rm command to remove the database instance from terraform state before running terraform
⬜ take a snapshot of database, run terraform destroy , and then recreate database by restoring the snapshot
⬜ run a terraform destroy , modify configuration file to include only database instance, and then run terraform apply
⬜ manually delete the other resource from AWS
⬜ terraform state rm aws_s3_bucket.data-bucket
destroy command
You can use terraform state mv in the less common situation where you wish to retain an existing remote object but track it as a different resource
instance address in Terraform, such as if you have renamed a resource block or you have moved it into a different module in your configuration.
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/mv

You can use terraform state rm in the less common situation where you wish to remove a binding to an existing remote object without first
destroying it, which will effectively make Terraform “forget” the object while it continues to exist in the remote system. Q40. Which common action does not cause Terraform to refresh its state?
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/rm

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 17/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 18/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ terraform state list ⬜ terraform init {PATH}

⬜ terraform plan ⬜ terraform init -plugin-dir={PATH}
⬜ terraform apply
⬜ terraform destroy Given a version control source, terraform init -from-module={MODULE-SOURCE} can serve as a shorthand for checking out a configuration from
version control and then initializing the working directory for it.
Running a terraform state list does not cause Terraform to refresh its state. This command simply reads the state file but it will not modify it. Reference: https://developer.hashicorp.com/terraform/cli/commands/init#copy-a-source-module
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/list

Q43. When you add a new module to a configuration, Terraform must download it before it can be used. What two
commands can be used to download and update modules? (select two)
Terraform Commands
⬜ terraform plan
⬜ terraform refresh
Q41. You have recently added new resource blocks to your configuration from a different provider. What command do you
need to run before you can run a terraform plan/apply ? ⬜ terraform init
⬜ terraform get
⬜ terraform plan
⬜ terraform apply Whenever you add a new module to a configuration, Terraform must install the module before it can be used. Both the terraform get and

⬜ terraform init terraform init commands will install and update modules.

⬜ terraform validate Reference: https://developer.hashicorp.com/terraform/tutorials/modules/module-create#install-the-local-module

The command terraform init is the first command that should be run after writing a new Terraform configuration, cloning an existing one from
version control, adding new provider or module before you run terraform plan/apply
Q44. Which command is used to create an execution plan in Terraform?
Reference: https://developer.hashicorp.com/terraform/cli/commands/init
⬜ terraform plan
⬜ terraform apply

Q42. How can you check out the configuration from version control and initialize a directory? ⬜ terraform init
⬜ terraform validate
⬜ terraform init -from-module={MODULE-SOURCE}
⬜ terraform init -source={PATH} Reference: https://developer.hashicorp.com/terraform/cli/commands/plan

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 19/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 20/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q45. By default, when running terraform plan , what files are scanned? Q48. What two options are available to delete all of your managed infrastructure? (select two)

⬜ All *.tf files in the current directory. ⬜ terraform init -destroy

⬜ Only files in the .terraform directory ⬜ terraform apply -destroy
⬜ Only files you specify with the -file-path flag. ⬜ terraform destroy
⬜ All files on your hard drive. ⬜ terraform plan -destroy

Reference: https://developer.hashicorp.com/terraform/cli/commands/plan The terraform destroy command is just a convenience alias for the terraform apply -destroy command
Reference: https://developer.hashicorp.com/terraform/cli/commands/destroy#usage

Q46. Which command is used to apply changes to infrastructure in Terraform?

Q49. If different teams are working on the same configuration. How do you make files to have consistent formatting?
⬜ terraform destroy
⬜ terraform apply ⬜ terraform fmt
⬜ terraform plan ⬜ terraform apply
⬜ terraform validate ⬜ terraform plan
⬜ terraform validate
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply

Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt

Q47. Which command is used to destroy infrastructure in Terraform?

Q50. What Terraform command modifies a HashiCorp Configuration Language (HCL) file to adhere to the recommended
⬜ terraform destroy
spacing rules for HCL files?
⬜ terraform apply
⬜ terraform plan ⬜ terraform fmt
⬜ terraform validate ⬜ terraform apply
⬜ terraform plan
Reference: https://developer.hashicorp.com/terraform/cli/commands/destroy ⬜ terraform validate

Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 21/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 22/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q51. Your teammate is worried that if they run the terraform fmt command on their current directory, it will change their ⬜ terraform plan
configuration files too much. What flag do you tell them to pass into the command such that they can see the differences? ⬜ terraform fmt

⬜ -diff The terraform validate command runs checks that verify whether a configuration is syntactically valid and internally consistent.
⬜ -check Reference: https://developer.hashicorp.com/terraform/cli/commands/validate
⬜ -refresh
⬜ -list=true
Q54. How would you get the JSON output of the terraform validate command?
The terraform fmt -diff command display diffs of formatting changes
Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt#diff ⬜ terraform validate -json
⬜ terraform validate json
⬜ terraform validate -output=json
Q52. You need to ensure your Terraform is easily readable and follows the HCL canonical format and style. In the current ⬜ terraform json validate
directory, you have a main.tf that calls modules stored in a modules directory. What command could you run to easily
rewrite your Terraform to follow the HCL style in both the current directory and all sub-directories? When you use the -json option, Terraform will produce validation results in JSON format to allow using the validation result for tool integrations,
such as highlighting errors in a text editor.
⬜ terraform fmt -check -recursive
Reference: https://developer.hashicorp.com/terraform/cli/commands/validate#json-output-format
⬜ terraform fmt -diff
⬜ terraform fmt -check
⬜ terraform fmt -list=true Q55. Does the terraform validate command connect to remote APIs and state when being ran?

The terraform fmt -recursive command process files in subdirectories. By default, only the given directory (or current directory) is processed. ⬜ No it does not.
Reference: https://developer.hashicorp.com/terraform/cli/commands/fmt#recursive ⬜ Only if configured to do so on the backend.
⬜ If the -remote=true is set, yes it does.
⬜ If there are providers set, it will attempt to.
Q53. Which command can be used to verify whether a configuration is syntactically valid and internally consistent?
The terraform validate command validates the configuration files in a directory, referring only to the configuration and not accessing any remote
⬜ terraform validate services such as remote state, provider APIs, etc.
⬜ terraform apply Reference: https://developer.hashicorp.com/terraform/cli/commands/validate

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 23/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 24/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q56. Which command provides an interactive command-line console for evaluating and experimenting with expressions? You can specify Variable definition file using -var-file option. Terraform also automatically loads a number of variable definitions files if they are
present: terraform.tfvars or terraform.tfvars.json .
⬜ terraform show Reference: https://developer.hashicorp.com/terraform/language/values/variables#variable-definitions-tfvars-files
⬜ terraform eval
⬜ terraform console
⬜ terraform exec Q59. Which two steps are required to provision new infrastructure in the Terraform workflow? Choose TWO correct
answers.
The terraform console command provides an interactive console for evaluating and experimenting with expressions.
⬜ terraform init
Reference: https://developer.hashicorp.com/terraform/cli/commands/console
⬜ terraform import
⬜ terraform apply

Q57. Which command is used to extract the value of an output variable from the state file? ⬜ terraform validate
⬜ terraform destroy
⬜ terraform exec
⬜ terraform show The terraform init command is prerequisite to initialize the Terraform workspace before you can run terraform apply to provision new
⬜ terraform output infrastructure. When you run terraform apply without passing a saved plan file, Terraform automatically creates a new execution plan as if you
⬜ terraform state had run terraform plan .
Reference: https://developer.hashicorp.com/terraform/intro/core-workflow
The terraform output command is used to extract the value of an output variable from the state file.
Reference: https://developer.hashicorp.com/terraform/cli/commands/output
Q60. It is necessary to run terraform plan command before terraform apply in the Terraform Workflow.

Q58. You have defined the values for your variables in the file terraform.tfvars , and saved it in the same directory as ⬜ true
your Terraform configuration. Which of the following commands will use those values when creating an execution plan? ⬜ false

⬜ terraform plan No, it is not necessary. When you run terraform apply without passing a saved plan file, Terraform automatically creates a new execution plan as if
⬜ terraform plan -var-file=terraform.tfvars you had run terraform plan .
⬜ All of the above Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#automatic-plan-mode
⬜ None of the above

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 25/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 26/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q61. Someone created few resources manually using the Azure console. You have company policy to manage all
infrastructure using Terraform. How can you manage manually deployed resource using Terraform without impacting
other resources?
⬜ run a terraform get to get the manually deployed resources that are not under Terraform management
⬜ delete the resources created manually using the Azure console and add these resource in terraform configuration, then run
apply
⬜ use terraform import to import existing resources under Terraform management
⬜ resources created outside Terraform cannot be managed by Terraform
Reference: https://developer.hashicorp.com/terraform/cli/commands/import
The terraform import aws_instance.foo i-abcd1234 command will find the existing resource from AWS instance ID i-abcd1234 and import it
into your Terraform state at the given ADDRESS aws_instance.foo .
- ID is dependent on the resource type being imported. For example, for AWS instances it is the instance ID (e.g. i-abcd1234) but for AWS Route53 zones
it is the zone ID (e.g. Z12ABC4UGMOZ2N).
- ADDRESS must be a valid resource address which is made up of two parts: resource_type.resource_name
terraform
Reference: https://developer.hashicorp.com/terraform/cli/commands/import
Q64. You want to use terraform import to start managing infrastructure that was not originally provisioned through
infrastructure as code. Before you can import the resource’s current state, what must you do to prepare to manage these
resources using Terraform?

Q62. How does terraform import run?
⬜ As a part of terraform
⬜ As a part of terraform
⬜ As a part of terraform
⬜ By an explicit call
⬜ All of the above
Reference: https://developer.hashicorp.com/terraform/cli/commands/import
⬜ update the Terraform configuration file to include the new resources that match the resources you want to import
⬜ modify the Terraform state file to add the new resources so Terraform will have a record of the resources to be managed
⬜ shut down or stop using the resources being imported so no changes are inadvertently missed
init ⬜ run terraform apply -refresh-only to ensure that the state file has the latest information for existing resources.
plan
refresh You should first add the new resource block in terraform configuration matching the remote resource or just empty resource block, then you can
import the remote resource using terraform import by resource ID e.g. terraform import aws_instance.foo i-abcd1234 where i-abcd1234 is
EC2 instance Id
Reference: https://developer.hashicorp.com/terraform/cli/commands/import

Q65. A user wants to list all resources which are deployed using Terraform. How can this be done?
Q63. What must be provided with the terraform import command for Terraform to successfully import resources?
⬜ terraform state show
⬜ Resource ID, resource type, and the resource name. ⬜ terraform state list
⬜ The resource name. ⬜ terraform show
⬜ The full resource ARN. ⬜ terraform show list
⬜ Only resource Id
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 27/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 28/90
5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

The terraform state list command is used to list resources within a Terraform state. ⬜ terraform state -json
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/list ⬜ terraform state show -json
⬜ terraform show -json
⬜ terraform show state -json
Q66. Which terraform state subcommand will give you all of the resources in your state?
The terraform show -json command is used to provide human-readable JSON output from a state or plan file.
⬜ list
Reference: https://developer.hashicorp.com/terraform/cli/commands/show
⬜ show
⬜ refresh
⬜ apply Q69. Why would you use the terraform taint command?
The terraform state list command is used to list resources within a Terraform state. ⬜ When you want to force Terraform to destroy a resource on the next apply
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/list ⬜ When you want to force Terraform to destroy and recreate a resource on the next apply
⬜ When you want Terraform to ignore a resource on the next apply
⬜ When you want Terraform to destroy all the infrastructure in your workspace
Q67. A user wants to see the resource block for resource aws_instance having name foo in state file. How can this be
done? The terraform taint command informs Terraform that a particular object has become degraded or damaged. Terraform will propose to replace it
in the next plan you create.
⬜ terraform show aws_instance.foo
Reference: https://developer.hashicorp.com/terraform/cli/commands/taint
⬜ terraform show aws_instance foo
⬜ terraform state show aws_instance.foo
⬜ terraform state show aws_instance foo Q70. The command terraform.taint is deprecated in v0.15.2, which command you should use intead?

The terraform state show command is used to show the attributes of a single resource in the Terraform state. ⬜ terraform apply -replace
Reference: https://developer.hashicorp.com/terraform/cli/commands/state/show ⬜ terraform plan -replace
⬜ terraform apply -taint
⬜ terraform plan -taint
Q68. Which of the following command provides the JSON reprentation of the state?
The command terraform taint is deprecated and recommended to use terraform apply -replace to inform Terraform that a particular object
has become degraded or damaged. Terraform will propose to replace it in the next plan you create.
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 29/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 30/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Reference: https://developer.hashicorp.com/terraform/cli/commands/taint ⬜ State file

⬜ Configuration file
⬜ Credentials
Q71. You need Terraform to destroy and recreate a single database server that was deployed with a bunch of other ⬜ Cloud provider
resources. You don’t want to modify the Terraform code. What command can be used to accomplish this task?
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
⬜ terraform apply -replace=aws_instance.database
⬜ terraform apply -destroy=aws_instance.database
⬜ terraform state recreate aws_instance.database Q74. Which of the following Terraform commands will automatically refresh the state unless supplied with additional flags
⬜ terraform state destroy aws_instance.database or arguments? Choose TWO correct answers.

The planning option -replace=ADDRESS instructs Terraform to plan to replace (destroy and recreate) the resource instance with the given address ⬜ terraform plan

Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#planning-options ⬜ terraform state

⬜ terraform apply
⬜ terraform validate
Q72. You have an EC2 instance that is acting up in the cloud. It handles a relatively light ephemeral workload, so it can be ⬜ terraform output
restarted/destroyed with no repercussions. What full command would you use to target only this instance for recreation?
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
⬜ terraform apply -replace=aws_instance.{INSTANCE_NAME}
⬜ terraform apply -replace aws_instance
⬜ terraform apply -replace {INSTANCE_NAME} Q75. The command terraform refresh is deprecated in v0.15.4, which command is recommended to use instead? Choose
⬜ terraform destroy --target=aws.instance{INSTANCE_NAME} and terraform apply TWO correct answers.

The planning option -replace=ADDRESS instructs Terraform to plan to replace (destroy and recreate) the resource instance with the given address ⬜ terraform apply -refresh-only

Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#replace-address ⬜ terraform plan -refresh-only

⬜ terraform apply -refresh
⬜ terraform plan -refresh
Q73. What is not processed when running a terraform refresh ?
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 31/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 32/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q76. Which of the following command will give you an opportunity to review the changes that Terraform has detected Answers that would also receive full credit:
during refresh? Choose TWO correct answers. --h
terraform plan -h
⬜ terraform apply -refresh-only -auto-approve terraform plan --h
⬜ terraform apply -refresh-only terraform plan -help
⬜ terraform refresh terraform plan --help
⬜ terraform plan -refresh-only terraform -h plan
terraform -help plan
Reference: https://developer.hashicorp.com/terraform/cli/commands/refresh
terraform --help plan
plan -h

Q77. What happens when you apply Terraform configuration? Choose TWO correct answers. plan --h
plan -help
⬜ Terraform makes any infrastructure changes defined in your configuration. plan --help
⬜ Terraform gets the plugins that the configuration requires. -h plan
⬜ Terraform updates the state file with any configuration changes it made. -help plan
⬜ Terraform corrects formatting errors in your configuration. --help plan
⬜ Terraform destroys and recreates all your infrastructure from scratch.

Q79. Which flag would you add to terraform plan to save the execution plan to a file? You would type: terraform plan
Q78. Which flag is used to find more information about a Terraform command? For example, you need additional _____
information about how to use the plan command. You would type: terraform plan _____ .
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
Type your answer in the field provided. The text field is not case-sensitive and all variations of the correct answer are accepted.
⬜ -out=FILENAME
⬜ -h
⬜ -help The command terraform plan -out=dev.tfplan saves the plan to dev.tfplan file that you can later pass to command terraform apply
⬜ --help dev.tfplan for execution. Typical convention is to use .tfplan file extension to save plan file.
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#out-filename

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 33/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 34/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q80. You just added a new set of resources to your configuration and would only like to see them when you run your ⬜ Manually apply two spaces indentation and align equal sign “=” characters in every Terraform file (*.tf)
terraform plan command. What flag do you specify when running the terraform plan command to only see their plans? ⬜ Write a shell script to transform Terraform files using tools such as AWK, Python, and sed

⬜ -target={resources}
⬜ -refresh=true Q83. You have deployed a new webapp with a public IP address on a clod provider. However, you did not create any
⬜ -state={new_state_file}
outputs for your code. What is the best method to quickly find the IP address of the resource you deployed?
⬜ -lock=true
⬜ Run terraform output ip_address to view the result
You can use the -target option to focus Terraform’s attention on only a subset of resources. You can use resource address syntax to specify the
⬜ In a new folder, use the terraform_remote_state data source to load in the state file, then write an output for each resource that you find
the state file
constraint
⬜ Run terraform state list to find the name of the resource, then terraform state show to find the attributes including public IP address
Reference: https://developer.hashicorp.com/terraform/cli/commands/plan#resource-targeting
⬜ Run terraform destroy then terraform apply and look for the IP address in stdout

Reference: https://developer.hashicorp.com/terraform/cli/commands/output
Q81. You have a simple Terraform configuration containing one virtual machine (VM) in a cloud provider. You run
terraform apply and the VM is created successfully. What will happen if you delete the VM using the cloud provider
console, and run terraform apply again without changing any Terraform code?
Q84. In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many
⬜ Terraform will remove the VM from state file resources will Terraform provision concurrently during a terraform apply ?
⬜ Terraform will report an error
⬜ 100
⬜ Terraform will not make any changes
⬜ 10
⬜ Terraform will recreate the VM
⬜5
⬜1
Q82. You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply
The command terraform apply -parallelism=20 limits the number of concurrent operation to 20 as Terraform walks the graph. default is 10.
formatting standards for readability.How can you format Terraform HCL (HashiCorp Configuration Language) code
according to standard Terraform style convention? Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n

⬜ Run the terraform fmt command during the code linting phase of your CI/CD process
⬜ Designate one person in each team to review and format everyone’s code Q85. Say you wanted to increase the number of operations that terraform is concurrently using to create your resources.
Which command would you run, with what specific flag, to accomplish this? (Choose 2 answers)

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 35/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 36/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ terraform apply
⬜ -parallelism={NUMBER-OF-OPERATIONS} Terraform Backend
⬜ terraform init
⬜ -concurrent={NUMBER-OF-OPERATIONS}
Q88. What does the default local Terraform backend store?
The command terraform apply -parallelism=20 limits the number of concurrent operation to 20 as Terraform walks the graph. default is 10.
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n ⬜ *.tfplan files
⬜ Terraform binary
⬜ Provider plugins
Q86. Lately you noticed that your Terraform jobs are failing in your CI/CD pipeline. The error that is coming back mentions ⬜ terraform.tfstate file
something about hitting a rate limit. Without altering the time that the builds are ran, what could you pass into the
terraform apply command to slow your operations down? Reference: https://developer.hashicorp.com/terraform/language/settings/backends/local

⬜ -parallelism={NUMBER_OF_OPERATIONS}
⬜ -concurrent={NUMBER_OF_OPERATIONS} Q89. What two configuration variables are available to a default local backend? (Choose 2 answers)
⬜ -rate-limit={NUMBER_OF_OPERATIONS}
⬜ -refresh=false ⬜ path
⬜ workspace_dir
Reference: https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n ⬜ working_dir
⬜ path_dest

Q87. What Terraform command can be used to remove the lock on the state for the current configuration? The path and workspace_dir are two optional configuration supported by local backend
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/local#configuration-variables
⬜ terraform unlock
⬜ terraform force-unlock
⬜ Removing the lock on the state file is not possible Q90. What is NOT true about the Terraform backend?
⬜ terrafom state unlock
⬜ A backend is where Terraform stores its state data files.
The command terraform force-unlock Manually unlock the state for the defined configuration. ⬜ By default, Terraform uses a backend called local, which stores state as a local file on disk.
Reference: https://developer.hashicorp.com/terraform/cli/commands/force-unlock

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 37/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 38/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ A terraform configuration can only provide one backend block. Q93. You are a part of a growing Cloud Infrastructure team. Your boss asks you to transition the team off of local backends,
⬜ A backend block can refer to named values (like input variables, locals, or data source attributes). and onto remote backends. Within Terraform, what do you do to use the S3 buckets as a remote backend? (Choose 2
answers)
A backend block cannot refer to named values (like input variables, locals, or data source attributes).
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#using-a-backend-block
terraform {
backend "s3" {
bucket = "mybucket"
Q91. How is the Terraform remote backend different than other state backends such as s3 , http and consul , etc.?
key = "path/to/my/key"
region = "us-east-1"
⬜ It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
}
⬜ It doesn’t show the output of a terraform apply locally
}
⬜ It is only available to enterprise customers
⬜ All of the above
⬜ Specify the key to store state file inside the S3 bucket
The remote backend is unique among all other Terraform backends because it can both store state snapshots and execute operations for Terraform
⬜ Make sure Terraform gets AWS IAM permission on target backend bucket and stored state file
Cloud’s CLI-driven run workflow. It used to be called an “enhanced” backend
⬜ Export your AWS API key to TF_BACKEND_KEY
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/remote
⬜ Encrypt your AWS buckets with SSE.

Reference: https://developer.hashicorp.com/terraform/language/settings/backends/s3#example-configuration
Q92. How do you supply remaining arguments to a partial backend configuration? (Choose 2 answers)

⬜ Specify file terraform init -backend-config=PATH

Q94. Which of the following is a type of backend configurable in Terraform?
⬜ Specify key/value pairs terraform init -backend-config="KEY=VALUE"
⬜ Environment variable export TF_VAR_key=value ⬜ local
⬜ Set variable terraform init -var="KEY=VALUE" ⬜ standard
⬜ enhanced
A backend block cannot refer to Environment or Input variables, you can supply the arguments through -backend-config option in init command ⬜ advanced
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#backend-types

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 39/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 40/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q95. Which of the following is NOT a supported backend type? Q98. Which of the following backend type doesn’t support remote state storage?

⬜ consul ⬜ remote
⬜ github ⬜ Terraform Cloud
⬜ local ⬜ github
⬜ s3 ⬜ artifactory

Terraform v1.4.x supports the following backend types:- local, remote, azurerm, consul, cos, gcs, http, kubernetes, oss, pg, s3 Github is not a valid backend type supported by Terraform
Terraform v1.2.x also supports following backend types:- artifactory, etcd, etcdv3, manta, swift

Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration Q99. Your co-worker has decided to migrate Terraform state to a remote backend. They configure Terraform with the
backend configuration, including the type, location, and credentials. However, you want to better secure this
configuration. Rather than storing them in plaintext, where should you store the credentials? (select two)
Q96. All standard backend types support remote state storage, state locking, and encryption at rest?
⬜ use a variable
⬜ true ⬜ credentials file
⬜ false ⬜ on the remote system
⬜ environment variables
No, All the standard backend doesn’t support all three. local backend type doesn’t support remote state storage, artifactory and etcd backend
types doesn’t support state locking. Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#credentials-and-sensitive-data

Q97. Which of the following backend type doesn’t support state locking? Q100. You can migrate the Terraform backend but only if there are no resources currently being managed.

⬜ local ⬜ false
⬜ s3 ⬜ true
⬜ remote
Terraform will automatically detect any changes in your configuration/backend and request a reinitialization. As part of the reinitialization process,
⬜ artifactory
Terraform will ask if you’d like to migrate your existing state to the new configuration. This allows you to easily switch from one backend to another.
Backend types support state locking:- local, remote, azurerm, consul, cos, gcs, http, kubernetes, oss, pg, s3, etcdv3, manta, swift Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#changing-configuration
Backend types doesn’t support state locking:- artifactory, etcd
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 41/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 42/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q101. You have decided to migrate the Terraform state to a remote s3 backend. You have added the backend block in the Provisioners should only be used as a last resort. They add a considerable amount of complexity and uncertainty to Terraform usage. For most
Terraform configuration. Which command you should run to migrate the state? common situations there are better alternatives available.
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#provisioners-are-a-last-resort

terraform {
backend "s3" { Q103. You want to use a Terraform provisioner to execute a script on the remote machine. What block type would use to
bucket = "terraform-s3-bucket-name" declare the provisioner?
key = "s3 key path"
region = "us-west-1" ⬜ terraform block
} ⬜ data block
}
⬜ provider block
⬜ resource block

⬜ terraform init
You can add a provisioner block inside the resource block of a compute instance for e.g. below provisioner will be executed when the aws_instance
⬜ terraform push
resource is built.
⬜ terraform apply
⬜ terraform plan
resource "aws_instance" "web" {
When you change a backend’s configuration, you must run terraform init again to validate and configure the backend before you can perform any # ...
plans, applies, or state operations.
Reference: https://developer.hashicorp.com/terraform/language/settings/backends/configuration#initialization provisioner "local-exec" {
command = "echo The server's IP address is ${self.private_ip}"
}

Terraform Provisioners }

Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#how-to-use-provisioners
Q102. Provisioners should only be used as a last resort.

⬜ true
Q104. Which option will you use to run provisioners that are not associated with any resources?
⬜ false

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 43/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 44/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ null_resource ⬜ null_resource
⬜ file ⬜ file
⬜ local-exec ⬜ local-exec
⬜ remote-exec ⬜ remote-exec

null_resource has been renamed to terraform_data in Terraform v1.4.x and later version Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/null_resource

Q108. Where does the ’local-exec’ provisioner execute its code provided in its block?
Q105. Which provisioner copies files or directories from the machine running Terraform to the newly created resource?
⬜ On the remote resource specified.
⬜ null_resource ⬜ On the local machine running terraform.
⬜ file ⬜ On a spot-instance on your cloud provider.
⬜ local-exec ⬜ In a container on your machine provided by the Terraform binary.
⬜ remote-exec
The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/file resource.
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec

Q106. Which type of connections supported by file provisioner? Select all valid options.
Q109. Which provisioner invokes a process on the resource created by Terraform?
⬜ ssh
⬜ sftp ⬜ null_resource
⬜ winrm ⬜ file
⬜ rdc ⬜ local-exec
⬜ remote-exec
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/file
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec

Q107. Which provisioner invokes a process on the machine running Terraform, not on the resource?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 45/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 46/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q110. What are the two accepted values for provisioners that have the “on_failure” key specified? (Choose 2 answers) Terraform Providers
⬜ continue
⬜ fail Q112. Which of the following best describes a Terraform provider?
⬜ abort
⬜ retry ⬜ A collection of resources that can be used to define a specific piece of infrastructure
⬜ A plugin that allows Terraform to interact with a specific cloud provider or service
By default, provisioners that fail will also cause the Terraform apply itself to fail. The on_failure setting can be used to change this. The allowed values ⬜ A tool for managing Docker containers
are: continue and fail ⬜ A set of variables used to configure Terraform resources
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#failure-behavior
Reference: https://developer.hashicorp.com/terraform/language/providers

Q111. What does the following provisioner block specify?

Q113. Which of the following is NOT true of Terraform providers?

provisioner "local-exec" { ⬜ Providers can be written by individuals

when = destroy ⬜ Providers can be maintained by a community of users
command = "echo 'Destroy-time provisioner'" ⬜ Some providers are maintained by HashiCorp
}
⬜ Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform providers
⬜ None of the above
⬜ Before the resource is destroyed, the provisioner will invoke “echo ‘Destroy-time provisioner’”
⬜ If the resource receives a ‘destroy’ command locally, it will echo ‘Destroy-time provisioner’ Q114. A provider configuration block is required in every Terraform configuration.
⬜ After the resource is destroyed, it will invoke “echo ‘Destroy-time provisioner’”
⬜ On the next ’terraform apply’ the resource will be destroyed
provider "provider_name" {
Destroy provisioners are run before the resource is destroyed. If they fail, Terraform will error and rerun the provisioners again on the next terraform ...
apply. }
Reference: https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax#destroy-time-provisioners

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 47/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 48/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ true ⬜ A partial provider configuration.

⬜ false ⬜ There must be an alias meta argument.

Reference: https://developer.hashicorp.com/terraform/language/providers/configuration#default-provider-configurations
Q115. Official Terraform providers are owned and maintained by HashiCorp.

⬜ true Q118. How do you select the alternate aws provider for us-west-2 region?
⬜ false

1. Hashicorp Official providers and modules are owned and maintained by HashiCorp. Namespace = hashicorp # The default provider configuration
provider "aws" {
2. Partner providers and modules are owned and maintained by a technology company that has gone through our Terraform Integration Program
region = "us-east-1"
and maintains a partnership with HashiCorp. Namespace e.g. mongodb/mongodbatlas
}
3. Anyone can publish and share a provider by signing into the Registry using their GitHub account and following a few additional steps Reference:
# Additional provider configuration for west coast region
https://developer.hashicorp.com/terraform/docs/partnerships#terraform-provider-integrations provider "aws" {
alias = "west"
region = "us-west-2"
Q116. Which provider configuration can be used to define multiple aws provider with different regions? }

⬜ provider
⬜ source ⬜ resource "aws_instance" "foo" { provider = aws }
⬜ region ⬜ resource "aws_instance" "foo" { provider = aws.west }
⬜ alias ⬜ resource "aws_instance" "foo" { provider = aws.us-west-2 }
⬜ resource "aws_instance" "foo" { provider = west }
Reference: https://developer.hashicorp.com/terraform/language/providers/configuration#alias-multiple-provider-configurations

When Terraform needs the name of an alternare provider configuration, it expects a reference of the form <PROVIDER NAME>.<ALIAS>
Reference: https://developer.hashicorp.com/terraform/language/providers/configuration
Q117. What is a provider block without an alias meta argument?

⬜ The default provider configuration.

⬜ A broken provider configuration. Q119. Terraform uses a lock file to ensure predictable runs when using ambiguous provider version constraints. How do
you update the lock file?
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 49/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 50/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ terraform providers lock Each Terraform module must declare which providers it requires, so that Terraform can install and use them. Provider requirements are declared in a
⬜ terraform lock required_providers block.
⬜ terraform apply lock
⬜ terraform lock provider -provider={PROVIDER_NAME}
terraform {
required_providers {
The terraform providers lock will analyze the configuration in the current working directory to find all of the providers it depends on, and it will
mycloud = {
fetch the necessary data about those providers from their origin registries and then update the dependency lock file to include a selected version for
source = "mycorp/mycloud"
each provider and all of the package checksums that are covered by the provider developer’s cryptographic signature. version = "~> 1.0"
Reference: https://developer.hashicorp.com/terraform/cli/commands/providers/lock }
}
}
Q120. Terraform is running in an isolated network without access to Terraform registry. How can you configure Terraform
to consult only a local filesystem mirror to download plugins?
Reference: https://developer.hashicorp.com/terraform/language/providers/requirements#requiring-providers
⬜ terraform providers mirror
⬜ terraform mirror
⬜ terraform providers local Q122. Which of the following is true for installing provider when terraform init command runs?
⬜ terraform plugins mirror
⬜ If any acceptable versions are installed, Terraform uses the newest installed version that meets the constraint (even if the Terraform
Reference: https://developer.hashicorp.com/terraform/cli/commands/providers/mirror Registry has a newer acceptable version)
⬜ If no acceptable versions are installed and the plugin is one of the providers distributed by HashiCorp, Terraform downloads the newest
acceptable version from the Terraform Registry and saves it in a subdirectory under .terraform/providers/
Q121. In the terraform block, which configuration would be used to identify the specific version of a provider required? ⬜ If no acceptable versions are installed and the plugin is not distributed in the Terraform Registry, initialization fails and the user must
manually install an appropriate version.
⬜ required_providers
⬜ All of the above
⬜ required_provider
⬜ required_versions Reference: https://developer.hashicorp.com/terraform/plugin/how-terraform-works#selecting-plugins
⬜ required_version

Terraform Resources
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 51/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 52/90
5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q123. Who is the provider for the below resource? Q125. Examine the following Terraform configuration, which uses the data source for an AWS AMI. What value should you
enter for the ami argument in the AWS instance resource?

resource "aws_vpc" "main" {

name = "test" data "aws_ami" "ubuntu" {
} ...
}

⬜ vpc resource "aws_instance" "web" {

⬜ main ami = ______________________
⬜ aws instance_type = "t3.micro"

⬜ test }

Resource type must always start with their containing provider’s name followed by an underscore, so a resource type from the provider aws might be
named aws_vpc .
⬜ aws_ami.ubuntu
⬜ data.aws_ami.ubuntu
Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
⬜ data.aws_ami.ubuntu.id
⬜ aws_ami.ubuntu.id
Q124. What is the name assigned by Terraform to reference this resource?
Data source attributes can be used in other resources using expression data.<TYPE>.<NAME>.<ATTRIBUTE> i.e. data.aws_ami.ubuntu.id
Reference: https://developer.hashicorp.com/terraform/language/data-sources#description
resource "google_computer_instance" "main" {
name = "test"
} Q126. What’s the correct syntax for referencing a resource within the configuration file?

⬜ <RESOURCE TYPE>.<NAME>
⬜ computer_instance ⬜ <NAME>.<RESOURCE TYPE>
⬜ main ⬜ <PROVIDER>.<RESOURCE TYPE>
⬜ google ⬜ <LOCAL/REMOTE STATE>.<RESOURCE TYPE>
⬜ test
Reference: https://developer.hashicorp.com/terraform/cli/state/resource-addressing#resource-spec

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 53/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 54/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

}
Q127. From the code below, identify the implicit dependency:

⬜ non-dependency resource
resource "aws_eip" "public_ip" { ⬜ implicit dependency
vpc = true ⬜ explicit dependency
instance = aws_instance.web_server.id ⬜ internal dependency
}
Reference: https://developer.hashicorp.com/terraform/tutorials/configuration-language/dependencies#manage-explicit-dependencies
resource "aws_instance" "web_server" {
ami = "ami-2757f631"
instance_type = "t2.micro" Q129. What is the syntax to correctly reference a data source?
depends_on = [aws_s3_bucket.company_data]
} ⬜ data.<DATA TYPE>.<NAME>
⬜ data.<NAME>
⬜ data.<NAME>.<DATA TYPE>
⬜ AMI with an id of ami-2757f631
⬜ <DATA TYPE>.<NAME>.data
⬜ S3 Bucket labeled company_data
⬜ Instance Type t2.micro data.<DATA TYPE>.<NAME> is an object representing a data resource of the given data source type and name.
⬜ EC instance labeled web-server Reference: https://developer.hashicorp.com/terraform/language/expressions/references#data-sources

EC2 instance must exist before the Elastic IP can be created and attached, Terraform handled this automatically as part of implicit dependency
Reference: https://developer.hashicorp.com/terraform/tutorials/configuration-language/dependencies#manage-implicit-dependencies Q130. You want to use the terraform state show to see the attributes of a single resource created by the for_each in
below resource block. What resource address should be used for the instance related to vault ?

Q128. In the example below, the depends_on argument creates what type of dependency?
resource "aws_instance" "demo" {
# ...
resource "aws_instance" "example" { for_each = {
ami = "ami-2757f631" "terraform": "infrastructure",
instance_type = "t2.micro" "vault": "security",
depends_on = [aws_s3_bucket.company_data] "consul": "connectivity",

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 55/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 56/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

"nomad": "scheduler", ⬜ aws_instance.example.ebs_block_device[*].device_name

} ⬜ aws_instance.example.ebs_block_device[0,1].device_name
}
⬜ aws_instance.example.*.device_name
⬜ aws_instance.*.*.device_name
⬜ aws_instance.demo[1]
⬜ aws_instance.demo["2"]
The splat expression special [*] iterates over all of the elements of the list given to its left and accesses from each one the attribute name given on its
⬜ aws_instance.demo.vault
right
⬜ aws_instance.demo["vault"] Reference: https://developer.hashicorp.com/terraform/language/expressions/references#references-to-resource-attributes
Reference: https://developer.hashicorp.com/terraform/language/expressions/splat
Reference: https://developer.hashicorp.com/terraform/cli/state/resource-addressing#for_each-example

Q132. Terraform can only manage dependencies between resources if the depends_on argument is explicitly set for the
Q131. How can you obtain a list of all of the device_name values from ebs_block_device nested blocks, that are created dependent resources.
by this resource block?
⬜ true
resource "aws_instance" "example" {
⬜ false
ami = "ami-abc123"
Terraform automatically infers when one resource depends on another by studying the resource attributes used in interpolation expressions.
instance_type = "t2.micro"
Terraform uses this dependency information to determine the correct order in which to create the different resources

ebs_block_device {
Reference: https://developer.hashicorp.com/terraform/tutorials/configuration-language/dependencies

device_name = "sda2"
volume_size = 16
} Terraform Variables and Outputs
ebs_block_device {
device_name = "sda3"
volume_size = 20 Q133. How can you set the value to a variable “region” declared in the configuration file?
}
} ⬜ Using command line terraform apply -var="region=us-east-1"
⬜ Using variable file terraform apply -var-file="variables.tfvars" where the file contains: region=us-east-1

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 57/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 58/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Using environment variable export TF_VAR_region=us-east-1 Q136. How would you configure your input variable to fallback to a pre-declared value in your variable block?
⬜ All of the above
⬜ By specifying the default meta-argument.
Reference: https://developer.hashicorp.com/terraform/language/values/variables ⬜ By specifying the fallback meta-argument.
⬜ Terraform has a list of fallbacks that it will always implement if nothing is specified. E.g. aws_instance will fall back to a t2.micro if the size is
not specifed.
Q134. Which one of the following takes higher precedence in loading variable in Terraform? ⬜ Terraform will ask you to set a fallback when you run the terraform apply command.
⬜ Command line flag - terraform apply -var="region=us-east-1" Reference: https://developer.hashicorp.com/terraform/language/values/variables#default-values
⬜ Configuration file - set in your terraform.tfvars file
⬜ Environment variable - export TF_VAR_region=us-east-1
⬜ Default Config - default value in variables.tf Q137. You defined a variable and would like to reference it in your terraform configuration file. What is the syntax required
to do so?
Reference: https://developer.hashicorp.com/terraform/language/values/variables
⬜ var.<VARIABLE_NAME>
⬜ <VARIABLE_NAME>.var
Q135. Which of the following is an invalid argument for defining input variable in Terraform? ⬜ var.<VARIABLE_NAME>.<RESOURCE_NAME>
⬜ <RESOURCE_NAME>.var.<VARIABLE_NAME>
⬜ default
⬜ type Reference: https://developer.hashicorp.com/terraform/language/values/variables#using-input-variable-values
⬜ description
⬜ validation
⬜ sensitive Q138. Consider the following configuration snippet: How would you define the cidr_block for us-east-1 in the aws_vpc
⬜ nullable resource using a variable?
⬜ depends_on
variable "vpc_cidrs" {
depends_on is an optional argument for declaring output value, not for declaring input variable
type = map
Reference: https://developer.hashicorp.com/terraform/language/values/variables
default = {
us-east-1 = "10.0.0.0/16"
us-east-2 = "10.1.0.0/16"

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 59/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 60/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

us-west-1 = "10.2.0.0/16"
us-west-2 = "10.3.0.0/16" ⬜ var.fruits[2]
} ⬜ var.fruits.banana
}
⬜ var.list.fruits[2]
⬜ var.fruits[3]
resource "aws_vpc" "shared" {
cidr_block = _____________
Variable of type list values are referenced using index that start with 0
}

⬜ var.vpc_cidrs["us-east-1"]
Q140. A Terraform local value can reference other Terraform local values?
⬜ var.vpc_cidrs.0
⬜ vpc_cidrs["us-east-1"] ⬜ true
⬜ var.vpc_cidrs[0] ⬜ false

Variable of type map values are referenced using key e.g. us-east-1 Reference: https://developer.hashicorp.com/terraform/language/values/locals

Q139. A new variable fruits has been created of type list as shown below. How would you reference banana in your Q141. When are output variables ran and sent to stdout?
configuration?
⬜ Only with terraform apply.
⬜ Only on terraform plan or apply.
variable "fruits" {
⬜ With any terraform command.
type = list(string)
⬜ Only if you specify the -outputs flag on apply.
default = [
"mango",
Reference: https://developer.hashicorp.com/terraform/language/values/outputs
"apple",
"banana",
"orange",
Q142. You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf
"grapes"
files). You need to enable detailed logging to find this out. Which of the following would achieve this?
]
}

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 61/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 62/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Set the environment variable TF_LOG=TRACE Q145. You have a Terraform variable that is declared as follows:
⬜ Set the environment variable TF_INPUT=1
⬜ Set the environment variable TF_VAR_LOG=TRACE
⬜ Set the environment variable TF_LOG_PATH=./terraform.log variable "num" {
default = 3
You can set TF_LOG to one of the log levels TRACE, DEBUG, INFO, WARN or ERROR to change the verbosity of the logs. TRACE is most verbose logging }

Reference: https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_log

You have also defined the following environment variables in your BASH shell:-
Q143. After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the
error. Which of the following values provides the MOST verbose logging?
export TF_VAR_num=10

⬜ TRACE
⬜ DEBUG You also have a terraform.tfvars file with the following contents:-
⬜ WARN
⬜ INFO
num = 7
Reference: https://developer.hashicorp.com/terraform/internals/debugging

When you run the following apply command, what is the value assigned to the num variable?
Q144. You are required to setup Terraform logs. Your boss asks you to make sure they always end up in one location such
that they can be collected, and that they be set to the informational level. How would you accomplish this? (Choose 2
answers) terraform apply -var num=4

⬜ Export the environment variable of TF_LOG to be INFO

⬜ Export the TF_LOG_PATH environment variable to the requested path location. ⬜4
⬜ Only invoke the terraform apply command in the location your boss wants the logs, because terraform automatically saves a .log file in the ⬜7
working directory. ⬜3
⬜ Export the TF_PATH_LOG environment variable to the requested path location. ⬜ 10

Reference: https://developer.hashicorp.com/terraform/cli/config/environment-variables

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 63/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 64/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q146. Which of the following is a valid variable name in Terraform? ⬜ A set of variables used to configure Terraform resources
⬜ A tool for managing Docker containers
⬜ 1234
⬜ 1_aws_vpc Reference: https://developer.hashicorp.com/terraform/language/modules
⬜ invalid
⬜ count
Q149. In Terraform, what is a module?
The name of a variable can be any valid identifier except the following: source, version, providers, count, for_each, lifecycle, depends_on, locals. Valid
Identifiers can contain letters, digits, underscores (_), and hyphens (-). The first character of an identifier must not be a digit, to avoid ambiguity with
⬜ A group of related resources
literal numbers.
⬜ A singular, non-abstractive, resource.
Reference: https://developer.hashicorp.com/terraform/language/values/variables#declaring-an-input-variable
⬜ Essentially a comment, it doesn’t do anything except to describe a set of resources.
⬜ Similar to programming functions, modules are used to write code in Golang for direct interaction with Terraform.

Reference: https://developer.hashicorp.com/terraform/language/modules
Q147. What are Data Sources in terraform?

⬜ Data to be fetched or computed for use elsewhere in terraform configuration.

⬜ Similar to resources, they specify data to be created in the corresponding provider. Q150. In Terraform, What are modules used for?
⬜ A binary set of operators that tell resources how to behave with certain meta-arguments.
⬜ Organize configuration
⬜ Data sources are a way for terraform to keep track of all resources created in the provider’s infrastructure.
⬜ Encapsulate configuration
Reference: https://developer.hashicorp.com/terraform/language/data-sources
⬜ Re-use configuration
⬜ All of the above

Reference: https://developer.hashicorp.com/terraform/tutorials/modules/module#what-are-modules-for
Terraform Module

Q151. When initializing Terraform, you notice that Terraform’s CLI output states it is downloading the modules referenced
Q148. Which of the following best describes a Terraform module? in your code. Where does Terraform cache these modules?
⬜ A collection of resources that make up a specific piece of infrastructure ⬜ in the /temp directory on the machine executing Terraform
⬜ A plugin that allows Terraform to interact with a specific cloud provider or service ⬜ in a /modules directory in the current working directory
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 65/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 66/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ in the /downloads directory for the user running the terraform init Q154. A module that has been called by another module is often referred to as a child module. Where is the child module
⬜ in the .terraform/modules subdirectory in the current working directory stored in below module block?

Reference: https://developer.hashicorp.com/terraform/tutorials/modules/module-create
module "vpc" {
source = "terraform-aws-modules/vpc/aws"

Q152. Which one of the following is the required argument for calling a child module?
name = "my-vpc"

⬜ version cidr = "10.0.0.0/16"

⬜ source
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
⬜ providers
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
⬜ depends_on
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
}
The source argument is mandatory for calling a child module. The version argument is recommended for modules from a registry. You can use
following meta-arguments for modules: count , for_each , providers , and depends_on .
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#calling-a-child-module ⬜ in a local directory named .terraform/terraform-aws-modules/vpc/aws
⬜ in a remote code repository
⬜ in terraform cloud private module registry
Q153. What are three meta-arguments, along with source and version , that a module can use? (Choose 3 answers)
⬜ in terraform public module registry
⬜ for_each
terraform-aws-modules/vpc/aws is a public module registry which creates VPC resources on AWS
⬜ count
Reference: https://registry.terraform.io/browse/modules
⬜ max
⬜ depends_on
Q155. Content of a file named main.tf is shown below. Which of the following statements are true about this code?
Terraform module has following optional meta-arguments: count , for_each , providers , and depends_on . (select two)
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#meta-arguments

module "servers" {
source = "./app-cluster"

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 67/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 68/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ tar.xz and txz

servers = 5 ⬜ All of the above
}
Reference: https://developer.hashicorp.com/terraform/language/modules/sources#fetching-archives-over-http
⬜ app-cluster is the child module
⬜ app-cluster is the calling module or parent module
⬜ main.tf is the child module Q158. How do you download a module configured in your Terraform code?
⬜ main.tf is the calling module or parent module

module "consul" {
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#calling-a-child-module
source = "hashicorp/consul/aws"
version = "0.1.0"
}
Q156. Which one of the following is a valid source type to download the source code of a module?

⬜ Local Paths ⬜ terraform get module consul

⬜ Terraform Registry
⬜ terraform install modules consul
⬜ Github
⬜ terraform init
⬜ Bitbucket
⬜ terraform module init
⬜ HTTP URLs
⬜ S3 buckets
Reference: https://developer.hashicorp.com/terraform/language/modules/sources
⬜ All of the above

Reference: https://developer.hashicorp.com/terraform/language/modules/sources
Q159. What feature of Terraform Cloud allows you to publish and maintain a set of custom modules which can be used
within your organization?
Q157. Which one of the following file extension recognized by terraform while fetching archived module over HTTP? ⬜ remote runs
⬜ terraform registry
⬜ zip
⬜ private module registry
⬜ tar.bz2 and tbz2
⬜ custom VCS integration
⬜ tar.gz and tgz

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 69/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 70/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Reference: https://developer.hashicorp.com/terraform/cloud-docs/registry#private-providers-and-modules Reference: https://developer.hashicorp.com/terraform/language/modules/sources#terraform-registry

Q160. How do you correctly reference a private registry module source? Q162. When specifying a module, what is the best practice for the implementation of the meta-argument version?

⬜ <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER> ⬜ The best practice is to explicitly set the version argument as a version constraint string from the Terraform registry.
⬜ <NAMESPACE>/<NAME>/<PROVIDER> ⬜ The best practice is to use no version and accept the latest version.
⬜ <HOSTNAME>/<NAMESPACE>/<PROVIDER> ⬜ The best practice is to download the module, place it in your working directory, then source that module, and specify the version that was
⬜ <NAMESPACE>/<NAME>/<PROVIDER>/<HOSTNAME> downloaded.
⬜ The best practice is to always ensure you append beta to the end of the version. This allows you and your team to always be working on
When specifying a source for a private registry, the correct Syntax is <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER> e.g. the latest and greatest features for that module.
app.terraform.io/example_corp/vpc/aws . It is different than the public registry because it includes the <HOSTNAME> field.
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#version
Reference: https://developer.hashicorp.com/terraform/registry/modules/use#private-registry-module-sources

Q161. How do you reference module source from public terraform registry? Q163. How do you access module attributes?

⬜ <NAMESPACE>/<NAME>/<PROVIDER>
⬜ Through the child module, by declaring an output value to selectively export certain values to be accessed by the calling module.
⬜ <NAMESPACE>/<PROVIDER>/<NAME>
⬜ Through the parent module, by declaring an output value to selectively export certain values to be accessed by the calling module.
⬜ By specifying the outputs block.
⬜ <NAMESPACE>/<PROVIDER>
⬜ When apply is ran, you must pass in -resource-output={ATTRIBUTE.NAME}.
⬜ <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>

The resources defined in a module are encapsulated, so the calling module cannot access their attributes directly. However, the child module can
Let’s look at the example of referencing module from public terraform registry:-
declare output values to selectively export certain values to be accessed by the calling module.
Reference: https://developer.hashicorp.com/terraform/language/modules/syntax#accessing-module-output-values
module "consul" {
source = "hashicorp/consul/aws" #<NAMESPACE>/<NAME>/<PROVIDER>
version = "0.1.0" Q164. Who can publish and share modules on the Terraform Registry?
}
⬜ Anyone
⬜ Only specific providers
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 71/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 72/90
5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Those who have passed the Hashicorp Terraform Associate exam Q167. In a parent module, outputs of child modules are available in expressions as?
⬜ Only those who have contributed to Open Source Terraform
⬜ module.<MODULE NAME>.<OUTPUT NAME>
Anyone can publish and share modules on the Terraform Registry. ⬜ <MODULE NAME>.<OUTPUT NAME>
Reference: https://developer.hashicorp.com/terraform/registry/modules/publish ⬜ module.<OUTPUT NAME>
⬜ output.<MODULE NAME>.<OUTPUT NAME>

Q165. What are some of the requirements that must be met in order to publish a module on the Terraform Public Module In a parent module, outputs of child modules are available in expressions as: module.<MODULE NAME>.<OUTPUT NAME>
Registry? (select three)
Reference: https://developer.hashicorp.com/terraform/language/values/outputs#accessing-child-module-outputs

⬜ The module must be PCI/HIPPA compliant.

⬜ The module must be on GitHub and must be a public repo.
⬜ To publish a module initially, at least one release tag must be present e.g. v1.0.4 and 0.9.2
⬜ Module repositories must use this three-part name format, terraform-<PROVIDER>-<NAME> e.g.
Q168. You have a module named prod_subnet that outputs the subnet_id of the subnet created by the module. How
would you reference the subnet ID when using it for an input of another module?
terraform-google-vault

⬜ subnet = module.outputs.prod_subnet.subnet_id
Reference: https://developer.hashicorp.com/terraform/registry/modules/publish#requirements
⬜ subnet = module.prod_subnet.subnet_id
⬜ subnet = prod_subnet.subnet_id

Q166. What are some of the requirements for publishing Private Modules to the Terraform Cloud Private Registry? (select ⬜ subnet = prod_subnet.outputs.subnet_id
three)
In a parent module, outputs of child modules are available in expressions as: module.<MODULE NAME>.<OUTPUT NAME>
⬜ The module must be PCI/HIPPA compliant. Reference: https://developer.hashicorp.com/terraform/language/values/outputs#accessing-child-module-outputs
⬜ The module must be on your configured VCS providers, and Terraform Cloud’s VCS user account must have admin access to the repository
⬜ The module must adhere to the standard module structure
⬜ Module repositories must use this three-part name format, terraform-<PROVIDER>-<NAME> e.g. terraform-google-vault Terraform Security
The requirements for Publishing to Terraform Cloud Private Registry is same as publishing to Terraform Public Registry except that module repository
can be on your configured VCS providers in case of private registry whereas it must be public Github repo in case of public registry Q169. You want to ensure that your S3 buckets provisioned by Terraform are securely encrypted. What is the best way to
Reference: https://developer.hashicorp.com/terraform/cloud-docs/registry/publish-modules achieve this?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 73/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 74/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ Create a Git hook that checks if the encryption parameter is enabled. ⬜ tfplan
⬜ Use AWS KMS to store a security key. ⬜ tfconfig
⬜ Create a lambda function triggered on a “create bucket CloudTrail” event. ⬜ tfstate
⬜ Create a security policy using Sentinel policies. ⬜ tfapply

Reference: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel Terraform Cloud provides four imports to define policy rules for the plan, configuration, state, and run associated with a policy check. They are: tfplan,
tfconfig, tfstate, and tfrun
Reference: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel#sentinel-imports
Q170. Which of the following allows Terraform users to apply policy as code to enforce standardized configurations for
resources being deployed via infrastructure as code?
Q173. You want to create a sentinel policy to ensure that naming convention is being followed in Terraform Configuration
⬜ Resources as per organization-wide standard. Which sentinel import can be used to access Terraform Configuration?
⬜ Functions
⬜ Sentinel ⬜ tfplan
⬜ Workspaces ⬜ tfconfig
⬜ tfstate
Reference: https://www.hashicorp.com/sentinel
⬜ tflan

The tfconfig import provides access to a Terraform configuration. Use cases of tfconfig import includes Organizational naming conventions,
Q171. HashiCorp Sentinel is a(n) _____ framework.
Required inputs and outputs, Enforcing particular modules, and Enforcing particular providers or resources.
⬜ platform as a service Reference: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel/import/tfconfig
⬜ function as a service
⬜ infrastructure as code
⬜ policy as code Q174. Which is NOT a valid sentinel policy enforcement level?

Reference: https://www.hashicorp.com/sentinel ⬜ advisory

⬜ soft mandatory
⬜ warning
Q172. Terraform Cloud provides imports to define Sentinel Policy Rules. Which of the following is not a valid import? ⬜ hard mandatory

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 75/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 76/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

You can set an enforcement level for each policy that determines what happens when a Terraform plan does not pass the policy rule. Sentinel provides
three policy enforcement levels: advisory, soft mandatory, and hard mandatory.
Reference: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/manage-policy-sets#policy-enforcement-levels
Q175. You have enabled Sentinel Policy in Terraform Cloud. When Terraform Cloud evaluates policies?
⬜ use Terraform Cloud which always encrypts state at rest
⬜ replicate the state file to an encrypted storage device
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Storing state remotely can provide better security. Remote backend should encrypt the state data at rest
Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data

⬜ On every Terraform Run

⬜ After successful terraform plan
Terraform Workspace
⬜ During terraform plan
⬜ Before terraform apply
Q178. Each Terraform CLI Workspace uses its own state file to manage the infrastructure associated with that particular
Reference: https://developer.hashicorp.com/terraform/cloud-docs/run/states#the-sentinel-policy-check-stage workspace.

⬜ true
Q176. Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state files. How ⬜ false
can you protect sensitive data stored in Terraform state files?
Terraform CLI Workspace refer to separate instances of state data inside the same Terraform working directory
⬜ Delete the state file every time you run Terraform Reference: https://developer.hashicorp.com/terraform/cli/workspaces
⬜ Store the state in an encrypted backend
⬜ Edit your state file to scrub out the sensitive data
⬜ Always store your secrets in a secrets.tfvars file. Q179. What Terraform feature is most applicable for managing small differences between different environments, for
example development and production?
Reference: https://developer.hashicorp.com/terraform/language/state/sensitive-data
⬜ Workspaces
⬜ States
Q177. You are worried about unauthorized access to the Terraform state file since it might contain sensitive information. ⬜ Repositories
What are some ways you can protect the state file? (select two) ⬜ Versions

⬜ use the S3 bucket using the encrypt option to ensure state is encrypted Reference: https://developer.hashicorp.com/terraform/language/state/workspaces
⬜ enable native encryption in Terraform as configured in the terraform block
https://codingnconcepts.com/post/terraform-associate-exam-questions/ 77/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 78/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q180. Where are Terraform Workspace local state files stored? ⬜ terraform workspace –new –new-hire
⬜ terraform workspace new new-hire
⬜ a directoy called terraform.tfstate.d ⬜ terraform workspace init new-hire
⬜ a file called terraform.tfstate ⬜ terraform workspace new-hire
⬜ a temp directory called .tfstate*
⬜ a directory called terraform.workspaces.tfstate The terraform workspace new command is used to create a new workspace with the given name
Reference: https://developer.hashicorp.com/terraform/cli/commands/workspace/new
For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d . This directory should be treated similarly to local-
only terraform.tfstate .
Reference: https://developer.hashicorp.com/terraform/cli/workspaces#workspace-internals Q183. As a prestigious Sr. Cloud Engineer, your colleague comes up to you and asks for a new Development workspace.
What’s the fastest way to accomplish this?

Q181. You would like to reuse the same Terraform configuration for your development and production environments with ⬜ Through CLI terraform workspace new dev
a different state file for each. Which command would you use? ⬜ Head to the Terraform Enterprise console and create a new workspace there.
⬜ Specify in the configuration block the new workspace to be created.
⬜ terraform import ⬜ Have them submit a Jira ticket and tell them you’ll get around to it in the next Sprint.
⬜ terraform workspace
⬜ terraform state The Terraform CLI terraform workspace new command is fastest and easiest way to create new workspace

⬜ terraform init Reference: https://developer.hashicorp.com/terraform/cli/commands/workspace/new

The terraform workspace CLI commands can be used to create multiple working directories to maintain multiple instances of same configuration
Q184. A user creates three workspaces from the command line: prod , dev , and test . Which of the following commands
with completely separate state data. Terraform CLI workspace is different from Terraform Cloud Workspace. Each Terraform Cloud workspace has its
will the user run to switch to the dev workspace?
own Terraform configuration, set of variable values, state data, run history, and settings.
Reference: https://developer.hashicorp.com/terraform/cli/commands/workspace
⬜ terraform workspace switch dev
⬜ terraform workspace select dev

Q182. One of your colleagues is new to Terraform and wants to add a new workspace named new-hire. What command he ⬜ terraform workspace dev
should execute from the following? ⬜ terraform workspace -switch dev

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 79/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 80/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

The terraform workspace select command is used to choose a different workspace to use for further operations. Q186. Which is NOT true about Terraform Cloud and Terraform CLI Workspaces?
Reference: https://developer.hashicorp.com/terraform/cli/commands/workspace/select
⬜ Each Terraform Cloud workspace has its own Terraform configuration, variables, state file, backup of previous state files, run history,
credentials & secrets, and settings.
Q185. Most workspaces in Terraform Cloud are associated with a VCS repository, which provides Terraform configurations ⬜ Each Terraform CLI workspace is a persistent working directory, which may contains a configuration, state data, and variables.
for that workspace. Which of the following VCS providers Terraform Cloud supports? ⬜ You cannot manage resources in Terraform Cloud without creating at least one workspace.
⬜ You must create a local working directory using Terraform CLI to manage resources in local.
⬜ Github.com
⬜ Gitlab.com By default when you run terraform init , Terraform CLI intialize the working directory with workspace name default . You don’t need to create
⬜ Bitbucket Cloud workspace manually.
⬜ CVS Version Control Reference: https://developer.hashicorp.com/terraform/cloud-docs/workspaces#terraform-cloud-vs-terraform-cli-workspaces

Terraform Cloud supports the following VCS providers:

● GitHub Terraform Version Constraint

● GitHub App for TFE
● GitHub.com (OAuth) Q187. Which version constraint should use to set both a lower and upper bound on versions for each provider. Also known
as pessimistic constraint operator?
● GitHub Enterprise
● GitLab.com ⬜ >=
● GitLab EE and CE ⬜ ~>

● Bitbucket Cloud ⬜ !=
⬜ <>
● Bitbucket Server
● Azure DevOps Server Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
● Azure DevOps Services

Reference: https://developer.hashicorp.com/terraform/cloud-docs/vcs#supported-vcs-providers Q188. What does the specified contraint version = “~> 1.0.4” means in required_providers block?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 81/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 82/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q190. What is the provider version of Google Cloud being used in Terraform? Select all valid options.
terraform {
required_providers {
provider "google" {
mycloud = {
version = "~> 1.9.0"
source = "mycorp/mycloud"
}
version = "~> 1.0.4"
}
}
⬜ 1.9.1
}
⬜ 1.10.0
⬜ 1.8.0
⬜ >= 1.0.4 and <= 1.1.0 ⬜ 1.9.9
⬜ >= 1.0.4 and < 1.1.0
~> symbol before version x.y.z allows only the rightmost version component z to increment
⬜ > 1.0.4 and < 2.0.0
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
⬜ >= 1.0.5 and < 1.1.0

~> symbol before version x.y.z allows only the rightmost version component z to increment
Q191. How do you force users to use a particular version of required providers in your terraform code?
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints

⬜ terraform { required_providers { aws = { source = “hashicorp/aws” version =”3.74.1″ } } }

Q189. What does this symbol version = “~> 1.0” mean when defining versions? ⬜ terraform { aws = { source = “hashicorp/aws” version = “~>3.74.1” } }
⬜ aws = { source = “hashicorp/aws” version = “3.74.1” }
⬜ > 1.0 and < 2.0 ⬜ terraform { required_providers { aws = { source = “hashicorp/aws” version =”~>3.74.1″ } } }
⬜ >= 1.0 and < 2.0
⬜ >= 1.0 and <= 2.0 Provider requirements such as version are declared in a required_providers block using name = { source version } syntax
⬜ > 1.0.0 and < 2.0.0 Reference: https://developer.hashicorp.com/terraform/language/providers/requirements

~> symbol before version x.y allows only the rightmost version component y to increment
Reference: https://developer.hashicorp.com/terraform/language/expressions/version-constraints Q192. Why might a user opt to include the following snippet in their configuration file?

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 83/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 84/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ A Collection Type
terraform {
⬜ A Structural Type
required_version = ">= 1.3.8" ⬜ A String Type
} ⬜ A float64 type

⬜ this ensures that all Terraform providers are above a certain version to match the application being deployed
⬜ versions before Terraform 1.3.8 were not approved by HashiCorp to be used in production
⬜ The user wants to specify the minimum version of Terraform that is required to run the configuration
⬜ The user wants to ensure that the application being deployed is a minimum version of 1.3.8
Collection and Structural types are the two types that are considered complex types in terraform
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#complex-types
Q195. What are complex types in terraform?

Reference: https://developer.hashicorp.com/terraform/language/settings#specifying-a-required-terraform-version ⬜ A type that groups multiple values into a single value.
⬜ A variation of a string type.
⬜ A variance of a data source.
⬜ A type that derives its value from RegEx logic.
Terraform Types and Functions
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#complex-types

Q193. You are adding a new variable to your configuration. Which of the following is not a valid primitive variable type in
Terraform?
Q196. If an input variable has no type value set, what type does it accept?
⬜ string
⬜ Any type.
⬜ number
⬜ None, it has to have a type value set.
⬜ float
⬜ Terraform infers the type when it is referenced.
⬜ bool
⬜ Type string. As strings can be interpreted in a number of ways by Terraform.
Terraform has following primitive types: string, number and bool
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. If no type constraint is
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#primitive-types
set then a value of any type is accepted.
Reference: https://developer.hashicorp.com/terraform/language/values/variables#type-constraints

Q194. What are two complex types in terraform? (Choose 2 answers)

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 85/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 86/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

Q197. Which of the following is not a valid Terraform Collection type? A structural type object allows multiple values of several distinct types to be grouped together as a single value.
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#structural-types
⬜ list
⬜ map
⬜ tree Q200. You need to input variables that follow a key/value type structure. What type of variable would be used for this use
⬜ set case?

The list , map , and set are three Terraform Collection types. ⬜ list
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#collection-types ⬜ tuple
⬜ map
⬜ set
Q198. Which of the followings are valid Terraform Structural types? (Choose 2 answers)
A map is a collection of values where each is identified by a string label.
⬜ optional Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#map
⬜ object
⬜ pair
⬜ tuple Q201. Which of the following is not a valid string function in Terraform?

The object and tuple are two Terraform Structural types. ⬜ split()
Reference: https://developer.hashicorp.com/terraform/language/expressions/type-constraints#structural-types ⬜ join()
⬜ slice()
⬜ chomp()
Q199. You want to define a single input variable to store information about servers mainly server-name of type string and
memory-size of type number. Which variable type should you choose? Reference: https://developer.hashicorp.com/terraform/language/functions

⬜ list
⬜ map Q202. What are some built-in functions that terraform provides? (Choose 3 answers)
⬜ object
⬜ set ⬜ max()
⬜ regex()

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 87/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 88/90

5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts 5/22/23, 10:22 PM Hashicorp Terraform Associate (003) Exam Questions - Coding N Concepts

⬜ alltrue() Hashicorp Terraform Associate (003) Exam Guide

⬜ delete()

Reference: https://developer.hashicorp.com/terraform/language/functions

© 2023 CodingNConcepts. Generated with Hugo and Mainroad theme.

TERRAFORM POPULAR POSTS

See Also
Hashicorp Terraform Associate (003) Exam Guide
Leading SAFe (Scaled Agile Framework) Exam Notes
MarkDown Getting Started
Elastic Search - Basic Concepts
Build Your First AWS DeepRacer Model

About Ashish Lahoti

Ashish Lahoti has 10+ years of experience in front-end and back-end technologies. He is a technology enthusiast and
has a passion for coding & blogging.

« PREVIOUS

https://codingnconcepts.com/post/terraform-associate-exam-questions/ 89/90 https://codingnconcepts.com/post/terraform-associate-exam-questions/ 90/90