- Expert Veri ed, Online, Free.

 Custom View Settings

Topic 1 - Single Topic

Question #1 Topic 1

The terraform.tfstate le always matches your currently built infrastructure.

A. True

B. False

Correct Answer: B
Reference:
https://www.terraform.io/docs/language/state/index.html

Community vote distribution

B (89%) 11%
Question #2 Topic 1

One remote backend con guration always maps to a single remote workspace.

A. True

B. False

Correct Answer: A
Reference:
https://www.terraform.io/docs/language/settings/backends/remote.html

Community vote distribution

B (81%) A (19%)

Question #3 Topic 1

How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?

A. It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud

B. It doesn't show the output of a terraform apply locally

C. It is only available to paying customers

D. All of the above

Correct Answer: A
If you and your team are using Terraform to manage meaningful infrastructure, we recommend using the remote backend with Terraform Cloud
or Terraform
Enterprise.
Reference:
https://www.terraform.io/docs/language/settings/backends/index.html

Community vote distribution

A (100%)
Question #4 Topic 1

What is the work ow for deploying new infrastructure with Terraform?

A. terraform plan to import the current infrastructure to the state le, make code changes, and terraform apply to update the infrastructure.

B. Write a Terraform con guration, run terraform show to view proposed changes, and terraform apply to create new infrastructure.

C. terraform import to import the current infrastructure to the state le, make code changes, and terraform apply to update the infrastructure.

D. Write a Terraform con guration, run terraform init, run terraform plan to view planned infrastructure changes, and terraform apply to create
new infrastructure.

Correct Answer: D

Community vote distribution

D (100%)

Question #5 Topic 1

A provider con guration block is required in every Terraform con guration.

Example:

A. True

B. False

Correct Answer: A
Reference:
https://github.com/hashicorp/terraform/issues/17928

Community vote distribution

B (61%) A (39%)

Question #6 Topic 1

You run a local-exec provisioner in a null resource called null_resource.run_script and realize that you need to rerun the script.
Which of the following commands would you use rst?

A. terraform taint null_resource.run_script

B. terraform apply -target=null_resource.run_script

C. terraform validate null_resource.run_script

D. terraform plan -target=null_resource.run_script

Correct Answer: A

Community vote distribution

A (66%) B (23%) 11%
Question #7 Topic 1

Which provisioner invokes a process on the resource created by Terraform?

A. remote-exec

B. null-exec

C. local-exec

D. le

Correct Answer: A
The remote-exec provisioner invokes a script on a remote resource after it is created.
Reference:
https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html

Community vote distribution

A (100%)

Question #8 Topic 1

Which of the following is not true of Terraform providers?

A. Providers can be written by individuals

B. Providers can be maintained by a community of users

C. Some providers are maintained by HashiCorp

D. Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform providers

E. None of the above

Correct Answer: D
Reference:
https://jayendrapatil.com/terraform-cheat-sheet/#Terraform_Read_and_write_con guration

Community vote distribution

E (93%) 7%

Question #9 Topic 1

What command does Terraform require the rst time you run it within a con guration directory?

A. terraform import

B. terraform init

C. terraform plan

D. terraform workspace

Correct Answer: B
terraform init command is used to initialize a working directory containing Terraform con guration les.
Reference:
https://www.terraform.io/docs/cli/commands/init.html

Community vote distribution

B (100%)
Question #10 Topic 1

You have deployed a new webapp with a public IP address on a cloud provider. However, you did not create any outputs for your code.
What is the best method to quickly nd the IP address of the resource you deployed?

A. Run terraform output ip_address to view the result

B. In a new folder, use the terraform_remote_state data source to load in the state le, then write an output for each resource that you nd the
state le

C. Run terraform state list to nd the name of the resource, then terraform state show to nd the attributes including public IP address

D. Run terraform destroy then terraform apply and look for the IP address in stdout

Correct Answer: A
Reference:
https://www.terraform.io/docs/cli/commands/output.html

Community vote distribution

C (100%)

Question #11 Topic 1

Which of the following is not a key principle of infrastructure as code?

A. Versioned infrastructure

B. Golden images

C. Idempotence

D. Self-describing infrastructure

Correct Answer: ABD

Reference:
https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-
code#:~:text=Idempotence%20is%20a%20principle%20of,of%20the%
20environment's%20starting%20state
.

Community vote distribution

B (88%) 13%

Question #12 Topic 1

Terraform variables and outputs that set the "description" argument will store that description in the state le.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)
Question #13 Topic 1

What is the provider for this ctitious resource?

A. vpc

B. main

C. aws

D. test

Correct Answer: C
Reference:
https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html

Community vote distribution

C (100%)

Question #14 Topic 1

If you manually destroy infrastructure, what is the best practice re ecting this change in Terraform?

A. Run terraform refresh

B. It will happen automatically

C. Manually update the state re

D. Run terraform import

Correct Answer: B

Community vote distribution

A (72%) B (23%) 3%

Question #15 Topic 1

What is not processed when running a terraform refresh?

A. State le

B. Con guration le

C. Credentials

D. Cloud provider

Correct Answer: CD
Reference:
https://www.terraform.io/docs/cli/commands/refresh.html

Community vote distribution

B (97%)
Question #16 Topic 1

What information does the public Terraform Module Registry automatically expose about published modules?

A. Required input variables

B. Optional inputs variables and default values

C. Outputs

D. All of the above

E. None of the above

Correct Answer: E
Reference:
https://www.terraform.io/docs/registry/modules/publish.html

Community vote distribution

D (97%)

Question #17 Topic 1

If a module uses a local values, you can expose that value with a terraform output.

A. True

B. False

Correct Answer: A
Output values are like function return values.
Reference:
https://www.terraform.io/docs/language/values/locals.html
https://www.terraform.io/docs/language/values/outputs.html

Community vote distribution

A (100%)
Question #18 Topic 1

You should store secret data in the same version control repository as your Terraform con guration.

A. True

B. False

Correct Answer: B
Reference:
https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1

Community vote distribution

B (100%)

Question #19 Topic 1

Which of the following is not a valid string function in Terraform?

A. split

B. join

C. slice

D. chomp

Correct Answer: D
Reference:
https://www.terraform.io/docs/language/functions/chomp.html

Community vote distribution

C (100%)
Question #20 Topic 1

You have provisioned some virtual machines (VMs) on Google Cloud Platform (GCP) using the gcloud command line tool. However, you are
standardizing with
Terraform and want to manage these VMs using Terraform instead.
What are the two things you must do to achieve this? (Choose two.)

A. Provision new VMs using Terraform with the same VM names

B. Use the terraform import command for the existing VMs

C. Write Terraform con guration for the existing VMs

D. Run the terraform import-gcp command

Correct Answer: BD
The terraform import command is used to import existing infrastructure.
Import existing Google Cloud resources into Terraform with Terraformer.
Reference:
https://www.terraform.io/docs/cli/import/usage.html
https://cloud.google.com/docs/terraform

Community vote distribution

BC (100%)

Question #21 Topic 1

You have recently started a new job at a retailer as an engineer. As part of this new role, you have been tasked with evaluating multiple outages
that occurred during peak shopping time during the holiday season. Your investigation found that the team is manually deploying new compute
instances and con guring each compute instance manually. This has led to inconsistent con guration between each compute instance.
How would you solve this using infrastructure as code?

A. Implement a ticketing work ow that makes engineers submit a ticket before manually provisioning and con guring a resource

B. Implement a checklist that engineers can follow when con guring compute instances

C. Replace the compute instance type with a larger version to reduce the number of required deployments

D. Implement a provisioning pipeline that deploys infrastructure con gurations committed to your version control system following code
reviews

Correct Answer: A

Community vote distribution

D (100%)

Question #22 Topic 1

terraform init initializes a sample main.tf le in the current directory.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)
Question #23 Topic 1

Which two steps are required to provision new infrastructure in the Terraform work ow? (Choose two.)

A. Destroy

B. Apply

C. Import

D. Init

E. Validate

Correct Answer: BD
Reference:
https://www.terraform.io/guides/core-work ow.html

Community vote distribution

BD (100%)

Question #24 Topic 1

Why would you use the terraform taint command?

A. When you want to force Terraform to destroy a resource on the next apply

B. When you want to force Terraform to destroy and recreate a resource on the next apply

C. When you want Terraform to ignore a resource on the next apply

D. When you want Terraform to destroy all the infrastructure in your workspace

Correct Answer: B
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next
apply.
Reference:
https://www.terraform.io/docs/cli/commands/taint.html

Community vote distribution

B (100%)
Question #25 Topic 1

Terraform requires the Go runtime as a prerequisite for installation.

A. True

B. False

Correct Answer: B
Reference:
https://www.terraform.io/docs/extend/guides/v1-upgrade-guide.html

Community vote distribution

B (100%)

Question #26 Topic 1

When should you use the force-unlock command?

A. You see a status message that you cannot acquire the lock

B. You have a high priority change

C. Automatic unlocking failed

D. You apply failed due to a state lock

Correct Answer: C
Manually unlock the state for the de ned con guration.
Reference:
https://www.terraform.io/docs/cli/commands/force-unlock.html

Community vote distribution

C (100%)
Question #27 Topic 1

Terraform can import modules from a number of sources `" which of the following is not a valid source?

A. FTP server

B. GitHub repository

C. Local path

D. Terraform Module Registry

Correct Answer: A

Community vote distribution

A (100%)

Question #28 Topic 1

Which of the following is available only in Terraform Enterprise or Cloud workspaces and not in Terraform CLI?

A. Secure variable storage

B. Support for multiple cloud providers

C. Dry runs with terraform plan

D. Using the workspace as a data source

Correct Answer: A

Community vote distribution

A (91%) 9%

Question #29 Topic 1

terraform validate validates the syntax of Terraform les.

A. True

B. False

Correct Answer: A
The terraform validate command validates the syntax and arguments of the Terraform con guration les.
Reference:
https://www.terraform.io/docs/cli/code/index.html

Community vote distribution

A (100%)
Question #30 Topic 1

You have used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure
described by your
Terraform con guration. To be safe, you would like to rst see all the infrastructure that will be deleted by Terraform.
Which command should you use to show all of the resources that will be deleted? (Choose two.)

A. Run terraform plan -destroy.

B. This is not possible. You can only show resources that will be created.

C. Run terraform state rm *.

D. Run terraform destroy and it will rst output all the resources that will be deleted before prompting for approval.

Correct Answer: CD
Reference:
https://www.terraform.io/docs/cli/commands/state/rm.html

Community vote distribution

AD (96%) 4%

Question #31 Topic 1

Which of the following is the correct way to pass the value in the variable num_servers into a module with the input servers?

A. servers = num_servers

B. servers = variable.num_servers

C. servers = var(num_servers)

D. servers = var.num_servers

Correct Answer: A

Community vote distribution

D (100%)
Question #32 Topic 1

A Terraform provisioner must be nested inside a resource con guration block.

A. True

B. False

Correct Answer: A
Most provisioners require access to the remote resource via SSH or WinRM, and expect a nested connection block with details about how to
connect.
Reference:
https://www.terraform.io/docs/language/resources/provisioners/connection.html

Community vote distribution

A (67%) B (33%)

Question #33 Topic 1

Terraform can run on Windows or Linux, but it requires a Server version of the Windows operating system.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #34 Topic 1

What does the default "local" Terraform backend store?

A. tfplan les

B. Terraform binary

C. Provider plugins

D. State le

Correct Answer: D
The local backend stores state on the local lesystem, locks that state using system APIs, and performs operations locally.
Reference:
https://www.terraform.io/docs/language/settings/backends/local.html

Community vote distribution

D (100%)
Question #35 Topic 1

You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for
readability.
How can you format Terraform HCL (HashiCorp Con guration Language) code according to standard Terraform style convention?

A. Run the terraform fmt command during the code linting phase of your CI/CD process

B. Designate one person in each team to review and format everyone's code

C. Manually apply two spaces indentation and align equal sign "=" characters in every Terraform le (*.tf)

D. Write a shell script to transform Terraform les using tools such as AWK, Python, and sed

Correct Answer: C
Indent two spaces for each nesting level.
When multiple arguments with single-line values appear on consecutive lines at the same nesting level, align their equals signs.
Reference:
https://www.terraform.io/docs/language/syntax/style.html

Community vote distribution

A (100%)

Question #36 Topic 1

What value does the Terraform Cloud/Terraform Enterprise private module registry provide over the public Terraform Module Registry?

A. The ability to share modules with public Terraform users and members of Terraform Enterprise Organizations

B. The ability to tag modules by version or release

C. The ability to restrict modules to members of Terraform Cloud or Enterprise organizations

D. The ability to share modules publicly with any user of Terraform

Correct Answer: D
Terraform Registry is an index of modules shared publicly using this protocol. This public registry is the easiest way to get started with
Terraform and nd modules created by others in the community.
Reference:
https://www.terraform.io/docs/language/modules/sources.html

Community vote distribution

C (100%)
Question #37 Topic 1

Which task does terraform init not perform?

A. Sources all providers present in the con guration and ensures they are downloaded and available locally

B. Connects to the backend

C. Sources any modules and copies the con guration locally

D. Validates all required variables are present

Correct Answer: D
Reference:
https://www.terraform.io/docs/cli/commands/init.html

Community vote distribution

D (100%)

Question #38 Topic 1

You have declared a variable called var.list which is a list of objects that all have an attribute id.
Which options will produce a list of the IDs? (Choose two.)

A. { for o in var.list : o => o.id }

B. var.list[*].id

C. [ var.list[*].id ]

D. [ for o in var.list : o.id ]

Correct Answer: AB

Community vote distribution

BD (91%) 9%
Question #39 Topic 1

Which argument(s) is (are) required when declaring a Terraform variable?

A. type

B. default

C. description

D. All of the above

E. None of the above

Correct Answer: B
The variable declaration can also include a default argument.
Reference:
https://www.terraform.io/docs/language/values/variables.html

Community vote distribution

E (92%) 8%

Question #40 Topic 1

When using a module block to reference a module stored on the public Terraform Module Registry such as:

How do you specify version 1.0.0?

A. Modules stored on the public Terraform Module Registry do not support versioning

B. Append ?ref=v1.0.0 argument to the source path

C. Add version = "1.0.0" attribute to module block

D. Nothing €" modules stored on the public Terraform Module Registry always default to version 1.0.0

Correct Answer: C

Community vote distribution

C (100%)
Question #41 Topic 1

What features does the hosted service Terraform Cloud provide? (Choose two.)

A. Automated infrastructure deployment visualization

B. Automatic backups

C. Remote state storage

D. A web-based user interface (UI)

Correct Answer: BC
Reference:
https://www.terraform.io/docs/enterprise/admin/automated-recovery.html https://www.terraform.io/docs/language/state/remote.html

Community vote distribution

CD (100%)

Question #42 Topic 1

Where does the Terraform local backend store its state?

A. In the /tmp directory

B. In the terraform le

C. In the terraform.tfstate le

D. In the user's terraform.state le

Correct Answer: C
The local backend stores state on the local lesystem, locks that state using system APIs, and performs operations locally.
Reference:
https://www.terraform.io/docs/language/settings/backends/local.html

Community vote distribution

C (100%)
Question #43 Topic 1

Which option can not be used to keep secrets out of Terraform con guration les?

A. A Terraform provider

B. Environment variables

C. A -var ag

D. secure string

Correct Answer: C
Reference:
https://secrethub.io/blog/secret-management-for-terraform/

Community vote distribution

D (71%) B (16%) 13%

Question #44 Topic 1

What is one disadvantage of using dynamic blocks in Terraform?

A. They cannot be used to loop through a list of values

B. Dynamic blocks can construct repeatable nested blocks

C. They make con guration harder to read and understand

D. Terraform will run more slowly

Correct Answer: A
Reference:
https://github.com/hashicorp/terraform/issues/19291

Community vote distribution

C (100%)

Question #45 Topic 1

Only the user that generated a plan may apply it.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)
Question #46 Topic 1

Examine the following Terraform con guration, which uses the data source for an AWS AMI.
What value should you enter for the ami argument in the AWS instance resource?

A. aws_ami.ubuntu

B. data.aws_ami.ubuntu

C. data.aws_ami.ubuntu.id

D. aws_ami.ubuntu.id

Correct Answer: C
resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
Reference:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance

Community vote distribution

C (100%)

Question #47 Topic 1

FILL BLANK -
You need to specify a dependency manually.
What resource meta-parameter can you use to make sure Terraform respects the dependency?
Type your answer in the eld provided. The text eld is not case-sensitive and all variations of the correct answer are accepted.

Correct Answer: depends_on

Question #48 Topic 1

You have never used Terraform before and would like to test it out using a shared team account for a cloud provider. The shared team account
already contains
15 virtual machines (VM). You develop a Terraform con guration containing one VM, perform terraform apply, and see that your VM was created
successfully.
What should you do to delete the newly-created VM with Terraform?

A. The Terraform state le contains all 16 VMs in the team account. Execute terraform destroy and select the newly-created VM.

B. The Terraform state le only contains the one new VM. Execute terraform destroy.

C. Delete the Terraform state le and execute Terraform apply.

D. Delete the VM using the cloud provider console and terraform apply to apply the changes to the Terraform state le.

Correct Answer: B

Community vote distribution

B (86%) 14%

Question #49 Topic 1

What is the name assigned by Terraform to reference this resource?

A. dev

B. azurerm_resource_group

C. azurerm

D. test

Correct Answer: A

Community vote distribution

A (90%) 7%
Question #50 Topic 1

Setting the TF_LOG environment variable to DEBUG causes debug messages to be logged into syslog.

A. True

B. False

Correct Answer: A
Reference:
https://www.terraform.io/docs/internals/debugging.html

Community vote distribution

B (82%) A (18%)

Question #51 Topic 1

Where in your Terraform con guration do you specify a state backend?

A. The terraform block

B. The resource block

C. The provider block

D. The datasource block

Correct Answer: A
Backends are con gured with a nested backend block within the top-level terraform block.
Reference:
https://www.terraform.io/docs/language/settings/backends/con guration.html

Community vote distribution

A (100%)
Question #52 Topic 1

In Terraform 0.13 and above, outside of the required_providers block, Terraform con gurations always refer to providers by their local names.

A. True

B. False

Correct Answer: A
Outside of the required_providers block, Terraform con gurations always refer to providers by their local names.
Reference:
https://www.terraform.io/docs/language/providers/requirements.html

Community vote distribution

A (91%) 9%

Question #53 Topic 1

What command should you run to display all workspaces for the current con guration?

A. terraform workspace

B. terraform workspace show

C. terraform workspace list

D. terraform show workspace

Correct Answer: C
terraform workspace list
The command will list all existing workspaces.
Reference:
https://www.terraform.io/docs/cli/commands/workspace/list.html

Community vote distribution

C (100%)

Question #54 Topic 1

Terraform providers are always installed from the Internet.

A. True

B. False

Correct Answer: B
Terraform con gurations must declare which providers they require, so that Terraform can install and use them.
Reference:
https://www.terraform.io/docs/language/providers/con guration.html

Community vote distribution

B (100%)
Question #55 Topic 1

Which of these is the best practice to protect sensitive values in state les?

A. Blockchain

B. Secure Sockets Layer (SSL)

C. Enhanced remote backends

D. Signed Terraform providers

Correct Answer: C
Use of remote backends and especially the availability of Terraform Cloud, there are now a variety of backends that will encrypt state at rest and
will not store the state in cleartext on machines running.
Reference:
https://www.terraform.io/docs/extend/best-practices/sensitive-state.html

Community vote distribution

C (100%)

Question #56 Topic 1

When does terraform apply re ect changes in the cloud environment?

A. Immediately

B. However long it takes the resource provider to ful ll the request

C. After updating the state le

D. Based on the value provided to the -refresh command line argument

E. None of the above

Correct Answer: B

Community vote distribution

B (85%) C (15%)
Question #57 Topic 1

How would you reference the "name" value of the second instance of this ctitious resource?

A. element(aws_instance.web, 2)

B. aws_instance.web[1].name

C. aws_instance.web[1]

D. aws_instance.web[2].name

E. aws_instance.web.*.name

Correct Answer: A
Reference:
https://www.terraform.io/docs/con guration-0-11/interpolation.html

Community vote distribution

B (93%) 4%

Question #58 Topic 1

A Terraform provider is not responsible for:

A. Understanding API interactions with some service

B. Provisioning infrastructure in multiple clouds

C. Exposing resources and data sources based on an API

D. Managing actions to take based on resource differences

Correct Answer: D
Reference:
https://www.terraform.io/docs/con guration-0-11/providers.html

Community vote distribution

B (66%) D (28%) 7%
Question #59 Topic 1

Terraform provisioners can be added to any resource block.

A. True

B. False

Correct Answer: A
Reference:
https://www.terraform.io/docs/language/resources/provisioners/syntax.html

Community vote distribution

A (73%) B (27%)
Question #60 Topic 1

What is terraform refresh intended to detect?

A. Terraform con guration code changes

B. Empty state les

C. State le drift

D. Corrupt state les

Correct Answer: C
Reference:
https://www.hashicorp.com/blog/detecting-and-managing-drift-with-terraform

Community vote distribution

C (100%)

Question #61 Topic 1

FILL BLANK -
Which ag would you add to terraform plan to save the execution plan to a le?
Type your answer in the eld provided. The text eld is not case-sensitive and all variations of the correct answer are accepted.

Correct Answer: -out=FILENAME

Reference:
https://www.terraform.io/docs/cli/commands/plan.html
Question #62 Topic 1

FILL BLANK -
What is the name of the default le where Terraform stores the state?
Type your answer in the eld provided. The text eld is not case-sensitive and all variations of the correct answer are accepted.

Correct Answer: Terraform.tfstate

Reference:
https://www.terraform.io/docs/language/state/index.html

Question #63 Topic 1

A Terraform local value can reference other Terraform local values.

A. True

B. False

Correct Answer: A
Reference:
https://www.terraform.io/docs/con guration-0-11/locals.html

Community vote distribution

A (100%)
Question #64 Topic 1

Which of the following is not a valid Terraform collection type?

A. list

B. map

C. tree

D. set

Correct Answer: C
Reference:
https://www.terraform.io/docs/language/expressions/type-constraints.html

Community vote distribution

C (100%)

Question #65 Topic 1

When running the command terraform taint against a managed resource you want to force recreation upon, Terraform will immediately destroy
and recreate the resource.

A. True

B. False

Correct Answer: B
Reference:
https://www.devopsschool.com/blog/terraform-taint-and-untaint-explained-with-example-programs-and-tutorials/

Community vote distribution

B (100%)
Question #66 Topic 1

All standard backend types support state storage, locking, and remote operations like plan, apply and destroy.

A. True

B. False

Correct Answer: A
Reference:
https://www.terraform.io/docs/language/settings/backends/remote.html

Community vote distribution

B (100%)

Question #67 Topic 1

How can terraform plan aid in the development process?

A. Validates your expectations against the execution plan without permanently modifying state

B. Initializes your working directory containing your Terraform con guration les

C. Formats your Terraform con guration les

D. Reconciles Terraform's state against deployed resources and permanently modi es state using the current status of deployed resources

Correct Answer: A
Reference:
https://github.com/hashicorp/terraform/issues/19235

Community vote distribution

A (85%) D (15%)

Question #68 Topic 1

You would like to reuse the same Terraform con guration for your development and production environments with a different state le for each.
Which command would you use?

A. terraform import

B. terraform workspace

C. terraform state

D. terraform init

Correct Answer: B

Community vote distribution

B (100%)
Question #69 Topic 1

What is the name assigned by Terraform to reference this resource?

A. compute_instance

B. main

C. google

D. teat

Correct Answer: B

Community vote distribution

B (100%)

Question #70 Topic 1

You're building a CI/CD (continuous integration/ continuous delivery) pipeline and need to inject sensitive variables into your Terraform run.
How can you do this safely?

A. Pass variables to Terraform with a €"var ag

B. Copy the sensitive variables into your Terraform code

C. Store the sensitive variables in a secure_vars.tf le

D. Store the sensitive variables as plain text in a source code repository

Correct Answer: B

Community vote distribution

A (100%)
Question #71 Topic 1

Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state les.
How can you protect sensitive data stored in Terraform state les?

A. Delete the state le every time you run Terraform

B. Store the state in an encrypted backend

C. Edit your state le to scrub out the sensitive data

D. Always store your secrets in a secrets.tfvars le.

Correct Answer: B
Reference:
https://www.terraform.io/docs/language/state/sensitive-data.html

Community vote distribution

B (100%)

Question #72 Topic 1

In contrast to Terraform Open Source, when working with Terraform Enterprise and Cloud Workspaces, conceptually you could think about them as
completely separate working directories.

A. True

B. False

Correct Answer: A

Community vote distribution

A (100%)
Question #73 Topic 1

You want to know from which paths Terraform is loading providers referenced in your Terraform con guration (*.tf les). You need to enable
debug messages to nd this out.
Which of the following would achieve this?

A. Set the environment variable TF_LOG=TRACE

B. Set verbose logging for each provider in your Terraform con guration

C. Set the environment variable TF_VAR_log=TRACE

D. Set the environment variable TF_LOG_PATH

Correct Answer: A
Reference:
https://www.terraform.io/docs/cli/con g/environment-variables.html

Community vote distribution

A (100%)

Question #74 Topic 1

How is terraform import run?

A. As a part of terraform init

B. As a part of terraform plan

C. As a part of terraform refresh

D. By an explicit call

E. All of the above

Correct Answer: D

Community vote distribution

D (100%)
Question #75 Topic 1

You have a simple Terraform con guration containing one virtual machine (VM) in a cloud provider. You run terraform apply and the VM is created
successfully.
What will happen if you delete the VM using the cloud provider console, and run terraform apply again without changing any Terraform code?

A. Terraform will remove the VM from state le

B. Terraform will report an error

C. Terraform will not make any changes

D. Terraform will recreate the VM

Correct Answer: D

Community vote distribution

D (81%) C (19%)

Question #76 Topic 1

Which of these options is the most secure place to store secrets foe connecting to a Terraform remote backend?

A. De ned in Environment variables

B. Inside the backend block within the Terraform con guration

C. De ned in a connection con guration outside of Terraform

D. None of above

Correct Answer: A

Community vote distribution

A (61%) C (36%)

Question #77 Topic 1

Your DevOps team is currently using the local backend for your Terraform con guration. You would like to move to a remote backend to begin
storing the state le in a central location.
Which of the following backends would not work?

A. Amazon S3

B. Artifactory

C. Git

D. Terraform Cloud

Correct Answer: A
Reference:
https://secrethub.io/blog/secret-management-for-terraform/

Community vote distribution

C (100%)
Question #78 Topic 1

Which backend does the Terraform CLI use by default?

A. Terraform Cloud

B. Consul

C. Remote

D. Local

Correct Answer: D
Reference:
https://www.terraform.io/docs/language/settings/backends/con guration.html

Community vote distribution

D (100%)

Question #79 Topic 1

When you initialize Terraform, where does it cache modules from the public Terraform Module Registry?

A. On disk in the /tmp directory

B. In memory

C. On disk in the .terraform sub-directory

D. They are not cached

Correct Answer: C
Reference:
https://www.terraform.io/docs/language/modules/sources.html

Community vote distribution

C (100%)
Question #80 Topic 1

You write a new Terraform con guration and immediately run terraform apply in the CLI using the local backend.
Why will the apply fail?

A. Terraform needs you to format your code according to best practices rst

B. Terraform needs to install the necessary plugins rst

C. The Terraform CLI needs you to log into Terraform cloud rst

D. Terraform requires you to manually run terraform plan rst

Correct Answer: C

Community vote distribution

B (100%)

Question #81 Topic 1

What features stops multiple admins from changing the Terraform state at the same time?

A. Version control

B. Backend types

C. Provider constraints

D. State locking

Correct Answer: D
Reference:
https://blog.gruntwork.io/how-to-manage-terraform-state-28f5697e68fa

Community vote distribution

D (100%)
Question #82 Topic 1

A fellow developer on your team is asking for some help in refactoring their Terraform code. As part of their application's architecture, they are
going to tear down an existing deployment managed by Terraform and deploy new. However, there is a server resource named
aws_instance.ubuntu[1] they would like to keep to perform some additional analysis.
What command should be used to tell Terraform to no longer manage the resource?

A. terraform apply rm aws_instance.ubuntu[1]

B. terraform state rm aws_instance.ubuntu[1]

C. terraform plan rm aws_instance.ubuntu[1]

D. terraform delete aws_instance.ubuntu[1]

Correct Answer: B
Reference:
https://www.terraform.io/docs/cli/commands/state/rm.html

Community vote distribution

B (100%)

Question #83 Topic 1

Terraform can only manage resource dependencies if you set them explicitly with the depends_on argument.

A. True

B. False

Correct Answer: A
Reference:
https://learn.hashicorp.com/tutorials/terraform/dependencies?in=terraform/0-13

Community vote distribution

B (95%) 5%
Question #84 Topic 1

A terraform apply can not _________ infrastructure.

A. change

B. destroy

C. provision

D. import

Correct Answer: D

Community vote distribution

D (100%)

Question #85 Topic 1

You need to constrain the GitHub provider to version 2.1 or greater.

Which of the following should you put into the Terraform 0.12 con guration's provider block?

A. version >= 2.1

B. version ~> 2.1

C. version = 2.1 =>€ €

D. version = 2.1 =<€ €

Correct Answer: B
Reference:
https://github.com/hashicorp/terraform-provider-null/issues/31

Community vote distribution

D (87%) 13%

Question #86 Topic 1

You just scaled your VM infrastructure and realized you set the count variable to the wrong value. You correct the value and save your change.
What do you do next to make your infrastructure match your con guration?

A. Run an apply and con rm the planned changes

B. Inspect your Terraform state because you want to change it

C. Reinitialize because your con guration has changed

D. Inspect all Terraform outputs to make sure they are correct

Correct Answer: A

Community vote distribution

A (90%) 10%
Question #87 Topic 1

Terraform provisioners that require authentication can use the ______ block.

A. connection

B. credentials

C. secrets

D. ssh

Correct Answer: B

Community vote distribution

A (100%)

Question #88 Topic 1

Terraform validate reports syntax check errors from which of the following scenarios?

A. Code contains tabs indentation instead of spaces

B. There is missing value for a variable

C. The state les does not match the current infrastructure

D. None of the above

Correct Answer: B
Reference:
http://man.hubwiz.com/docset/Terraform.docset/Contents/Resources/Documents/docs/commands/validate.html

Community vote distribution

D (60%) B (38%)
Question #89 Topic 1

Which of the following is allowed as a Terraform variable name?

A. count

B. name

C. source

D. version

Correct Answer: B
Reference:
https://www.terraform.io/docs/language/values/variables.html

Community vote distribution

B (100%)

Question #90 Topic 1

What type of block is used to construct a collection of nested con guration blocks?

A. for_each

B. repeated

C. nesting

D. dynamic

Correct Answer: D
Reference:
https://www.hashicorp.com/blog/hashicorp-terraform-0-12-preview-for-and-for-each

Community vote distribution

D (90%) 10%
Question #91 Topic 1

Module variable assignments are inherited from the parent module and do not need to be explicitly set.

A. True

B. False

Correct Answer: B
Reference:
https://github.com/hashicorp/terraform/issues/15818

Community vote distribution

B (100%)

Question #92 Topic 1

If writing Terraform code that adheres to the Terraform style conventions, how would you properly indent each nesting level compared to the one
above it?

A. With four spaces

B. With a tab

C. With three spaces

D. With two spaces

Correct Answer: D
Reference:
https://www.terraform.io/docs/language/syntax/style.html

Community vote distribution

D (88%) 13%
Question #93 Topic 1

Which of the following is not an action performed by terraform init?

A. Create a sample main.tf le

B. Initialize a con gured backend

C. Retrieve the source code for all referenced modules

D. Load required provider plugins

Correct Answer: A
Reference:
https://www.terraform.io/docs/cli/init/index.html

Community vote distribution

A (100%)

Question #94 Topic 1

HashiCorp Con guration Language (HCL) supports user-de ned functions.

A. True

B. False

Correct Answer: B
Reference:
https://www.packer.io/docs/templates/hcl_templates/functions

Community vote distribution

B (100%)
Question #95 Topic 1

How can you trigger a run in a Terraform Cloud workspace that is connected to a Version Control System (VCS) repository?

A. Only Terraform Cloud organization owners can set workspace variables on VCS connected workspaces

B. Commit a change to the VCS working directory and branch that the Terraform Cloud workspace is connected to

C. Only members of a VCS organization can open a pull request against repositories that are connected to Terraform Cloud workspaces

D. Only Terraform Cloud organization owners can approve plans in VCS connected workspaces

Correct Answer: B
Reference:
https://www.terraform.io/docs/cloud/vcs/index.html

Community vote distribution

B (100%)

Question #96 Topic 1

Terraform and Terraform providers must use the same major version number in a single con guration.

A. True

B. False

Correct Answer: B
Reference:
https://www.terraform.io/docs/language/expressions/version-constraints.html

Community vote distribution

B (100%)
Question #97 Topic 1

Which statement describes a goal of infrastructure as code?

A. An abstraction from vendor speci c APIs

B. Write once, run anywhere

C. A pipeline process to test and deliver software

D. The programmatic con guration of resources

Correct Answer: D

Community vote distribution

D (82%) B (18%)

Question #98 Topic 1

When using Terraform to deploy resources into Azure, which scenarios are true regarding state les? (Choose two.)

A. When a change is made to the resources via the Azure Cloud Console, the changes are recorded in a new state le

B. When a change is made to the resources via the Azure Cloud Console, Terraform will update the state le to re ect them during the next
plan or apply

C. When a change is made to the resources via the Azure Cloud Console, the current state le will not be updated

D. When a change is made to the resources via the Azure Cloud Console, the changes are recorded in the current state le

Correct Answer: AC

Community vote distribution

C (47%) B (28%) BC (22%)
Question #99 Topic 1

You need to deploy resources into two different cloud regions in the same Terraform con guration. To do that, you declare multiple provider
con gurations as follows:

What meta-argument do you need to con gure in a resource block to deploy the resource to the `us-west-2` AWS region?

A. alias = west

B. provider = west

C. provider = aws.west

D. alias = aws.west

Correct Answer: C
Reference:
https://github.com/hashicorp/terraform/issues/451

Community vote distribution

C (100%)

Question #100 Topic 1

You have declared an input variable called environment in your parent module. What must you do to pass the value to a child module in the
con guration?

A. Add node_count = var.node_count

B. Declare the variable in a terraform.tfvars le

C. Declare a node_count input variable for child module

D. Nothing, child modules inherit variables of parent module

Correct Answer: C

Community vote distribution

C (75%) B (25%)

Question #101 Topic 1

If a module declares a variable with a default, that variable must also be de ned within the module.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)
Question #102 Topic 1

Which option cannot be used to keep secrets out of Terraform con guration les?

A. Environment Variables

B. Mark the variable as sensitive

C. A Terraform provider

D. A -var ag

Correct Answer: D

Community vote distribution

B (46%) C (39%) 14%

Question #103 Topic 1

Which of the following arguments are required when declaring a Terraform output?

A. sensitive

B. description

C. default

D. value

Correct Answer: D

Community vote distribution

D (100%)

Question #104 Topic 1

Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Enterprise
automatically and proactively enforce this security control?

A. With a Sentinel policy, which runs before every apply

B. By adding variables to each TFE workspace to ensure these settings are always enabled

C. With an S3 module with proper settings for buckets

D. Auditing cloud storage buckets with a vulnerability scanning tool

Correct Answer: B

Community vote distribution

A (100%)
Question #105 Topic 1

Most Terraform providers interact with ____________.

A. API

B. VCS Systems

C. Shell scripts

D. None of the above

Correct Answer: A

Community vote distribution

A (100%)

Question #106 Topic 1

terraform validate validates that your infrastructure matches the Terraform state le.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)

Question #107 Topic 1

What does terraform import allow you to do?

A. Import a new Terraform module

B. Use a state le to import infrastructure to the cloud

C. Import provisioned infrastructure to your state le

D. Import an existing state le to a new Terraform workspace

Correct Answer: C

Community vote distribution

C (100%)
Question #108 Topic 1

FILL BLANK -
In the below con guration, how would you reference the module output vpc_id?

Type your answer in the eld provided. The text eld is not case sensitive and all variations of the correct answer are accepted.

Correct Answer: output "outvpc_id"

Question #109 Topic 1

How would you reference the Volume IDs associated with the ebs_block_device blocks in this con guration?

A. aws_instance.example.ebs_block_device.[*].volume_id

B. aws_instance.example.ebs_block_device.volume_id

C. aws_instance.example.ebs_block_device[sda2,sda3].volume_id

D. aws_instance.example.ebs_block_device.*.volume_id

Correct Answer: C

Community vote distribution

D (73%) A (27%)
Question #110 Topic 1

What does state locking accomplish?

A. Copies the state le from memory to disk

B. Encrypts any credentials stored within the state le

C. Blocks Terraform commands from modifying the state le

D. Prevents accidental deletion of the state le

Correct Answer: B

Community vote distribution

C (100%)

Question #111 Topic 1

You just upgraded the version of a provider in an existing Terraform project. What do you need to do to install the new provider?

A. Run terraform apply -upgrade

B. Run terraform init -upgrade

C. Run terraform refresh

D. Upgrade your version of Terraform

Correct Answer: B

Community vote distribution

B (100%)

Question #112 Topic 1

A module can always refer to all variables declared in its parent module.

A. True

B. False

Correct Answer: A

Community vote distribution

B (62%) A (38%)
Question #113 Topic 1

When you use a remote backend that needs authentication, HashiCorp recommends that you:

A. Use partial con guration to load the authentication credentials outside of the Terraform code

B. Push your Terraform con guration to an encrypted git repository

C. Write the authentication credentials in the Terraform con guration les

D. Keep the Terraform con guration les in a secret store

Correct Answer: B

Community vote distribution

A (100%)

Question #114 Topic 1

You have a simple Terraform con guration containing one virtual machine (VM) in a cloud provider. You run terraform apply and the VM is created
successfully.
What will happen if you terraform apply again immediately afterwards without changing any Terraform code?

A. Terraform will terminate and recreate the VM

B. Terraform will create another duplicate VM

C. Terraform will apply the VM to the state le

D. Nothing

Correct Answer: C

Community vote distribution

D (100%)

Question #115 Topic 1

A junior admin accidentally deleted some of your cloud instances. What does Terraform do when you run terraform apply?

A. Build a completely brand new set of infrastructure

B. Tear down the entire workspace infrastructure and rebuild it

C. Rebuild only the instances that were deleted

D. Stop and generate an error message about the missing instances

Correct Answer: D

Community vote distribution

C (100%)
Question #116 Topic 1

You have created a main.tr Terraform con guration consisting of an application server, a database, and a load balancer. You ran terraform apply
and all resources were created successfully. Now you realize that you do not actually need the load balancer so you run terraform destroy without
any ags What will happen?

A. Terraform will destroy the application server because it is listed rst in the code

B. Terraform will prompt you to con rm that you want to destroy all the infrastructure

C. Terraform will destroy the main.tf le

D. Terraform will prompt you to pick which resource you want to destroy

E. Terraform will immediately destroy all the infrastructure

Correct Answer: B

Community vote distribution

B (100%)

Question #117 Topic 1

Which type of block fetches or computes information for use elsewhere in a Terraform con guration?

A. provider

B. resource

C. local

D. data

Correct Answer: A

Community vote distribution

D (100%)

Question #118 Topic 1

You have just developed a new Terraform con guration for two virtual machines with a cloud provider. You would like to create the infrastructure
for the rst time.
Which Terraform command should you run rst?

A. terraform apply

B. terraform plan

C. terraform show

D. terraform init

Correct Answer: C

Community vote distribution

D (100%)
Question #119 Topic 1

All modules published on the o cial Terraform Module Registry have been veri ed by HashiCorp.

A. True

B. False

Correct Answer: B

Community vote distribution

B (67%) A (33%)

Question #120 Topic 1

You have to initialize a Terraform backend before it can be con gured.

A. True

B. False

Correct Answer: B

Community vote distribution

B (56%) A (44%)

Question #121 Topic 1

Which of the following does terraform apply change after you approve the execution plan? (Choose two.)

A. Cloud infrastructure

B. The .terraform directory

C. The execution plan

D. State le

E. Terraform code

Correct Answer: C

Community vote distribution

A (69%) D (31%)
Question #122 Topic 1

A Terraform backend determines how Terraform loads state and stores updates when you execute ___________.

A. apply

B. taint

C. destroy

D. All of the above

E. None of the above

Correct Answer: E

Community vote distribution

D (100%)

Question #123 Topic 1

What does Terraform use .terraform.lock.hcl le for?

A. Tracking provider dependencies

B. There is no such le

C. Preventing Terraform runs from occurring

D. Storing references to workspaces which are locked

Correct Answer: D

Community vote distribution

A (95%) 5%

Question #124 Topic 1

You've used Terraform to deploy a virtual machine and a database. You want to replace this virtual machine instance with an identical one without
affecting the database. What is the best way to achieve this using Terraform?

A. Use the terraform state rm command to remove the VM from state le

B. Use the terraform taint command targeting the VMs then run terraform plan and terraform apply

C. Use the terraform apply command targeting the VM resources only

D. Delete the Terraform VM resources from your Terraform code then run terraform plan and terraform apply

Correct Answer: B

Community vote distribution

B (100%)
Question #125 Topic 1

How do you specify a module's version when publishing it to the public Terraform Module Registry?

A. The module's con guration page on the Terraform Module Registry

B. Terraform Module Registry does not support versioning modules

C. The release tags in the associated repo

D. The module's Terraform code

Correct Answer: C

Community vote distribution

C (100%)

Question #126 Topic 1

Terraform plan updates your state le.

A. True

B. False

Correct Answer: A

Community vote distribution

B (79%) A (21%)

Question #127 Topic 1

To check if all code in a Terraform con guration with multiple modules is properly formatted without making changes, what command should be
run?

A. terraform fmt -check

B. terraform fmt -write-false

C. terraform fmt €"list -recursive

D. terraform fmt -check -recursive

Correct Answer: C

Community vote distribution

D (100%)
Question #128 Topic 1

As a member of the operations team, you need to run a script on a virtual machine created by Terraform. Which provision is best to use in your
Terraform code?

A. null-ex

B. local-exec

C. remote-exec

D. le

Correct Answer: B

Community vote distribution

C (100%)

Question #129 Topic 1

You are using a networking module in your Terraform con guration with the name label my_network. In your main con guration you have the
following code:

When you run terraform validate, you get the following error:

What must you do to successfully retrieve this value from your networking module?

A. De ne the attribute vnet_id as a variable in the networking module

B. Change the referenced value to module.my_network.outputs.vnet_id

C. De ne the attribute vnet_id as an output in the networking module

D. Change the referenced value to my_network.outputs.vnet_id

Correct Answer: D

Community vote distribution

C (100%)
Question #130 Topic 1

You are writing a child Terraform module which provisions an AWS instance. You want to make use of the IP address returned in the root
con guration. You name the instance resource "main".
Which of these is the correct way to de ne the output value using HCL2?
A.

B.

Correct Answer: A

Question #131 Topic 1

How can a ticket-based system slow down infrastructure provisioning and limit the ability to scale? (Choose two.)

A. A full audit trail of the request and ful llment process is generated

B. A request must be submitted for infrastructure changes

C. As additional resources are required, more tickets are submitted

D. A catalog of approved resources can be accessed from drop down lists in a request form

Correct Answer: B

Community vote distribution

C (54%) B (46%)

Question #132 Topic 1

Which of the following statements about Terraform modules is not true?

A. Modules must be publicly accessible

B. Modules can be called multiple times

C. Module is a container for one or more resources

D. Modules can call other modules

Correct Answer: C

Community vote distribution

A (100%)
Question #133 Topic 1

Which Terraform collection type should you use to store key/value pairs?

A. tuple

B. set

C. ma€

D. list

Correct Answer: C

Community vote distribution

C (100%)

Question #134 Topic 1

You have used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure
described by your
Terraform con guration. To be safe, you would like to rst see all the infrastructure that will be deleted by Terraform.
Which command should you use to show all of the resources that will be deleted? (Choose two.)

A. Run terraform plan -destroy

B. Run terraform show -destroy

C. Run terraform destroy and it will rst output all the resources that will be deleted before prompting for approval

D. Run terraform show -destroy

Correct Answer: AD

Community vote distribution

AC (100%)

Question #135 Topic 1

When do you need to explicitly execute terraform refresh?

A. Before every terraform plan

B. Before every terraform apply

C. Before every terraform import

D. None of the above

Correct Answer: D

Community vote distribution

D (100%)
Question #136 Topic 1

All Terraform Cloud tiers support team management and governance.

A. True

B. False

Correct Answer: A

Community vote distribution

B (92%) 8%

Question #137 Topic 1

What advantage does an operations team that uses infrastructure as code have?

A. The ability to delete infrastructure

B. The ability to update existing infrastructure

C. The ability to reuse best practice con gurations and settings

D. The ability to autoscale a group of servers

Correct Answer: D

Community vote distribution

C (100%)
Question #138 Topic 1

You have modi ed your Terraform con guration to x a typo in the Terraform ID of a resource from aws_security_group.http to
aws_security_group.http

Which of the following commands would you run to update the ID in state without destroying the resource?

A. terraform mv aws_security_group.htp aws_security_group.http

B. terraform apply

C. terraform refresh

Correct Answer: B

Community vote distribution

A (100%)
Question #139 Topic 1

You are creating a Terraform con guration which needs to make use of multiple providers, one for AWS and one for Datadog.
Which of the following provider blocks would allow you to do this?
A.

B.

C.

Correct Answer: B
Question #140 Topic 1

Terraform variable names are saved in the state le.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #141 Topic 1

Terraform Cloud is available only as a paid offering from HashiCorp.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #142 Topic 1

Which of the following is not a way to trigger terraform destroy?

A. Using the destroy command with auto-approve

B. Running terraform destroy from the correct directory and then typing "yes" when prompted in the CLI

C. Passing --destroy at the end of a plan request

D. Delete the state le and run terraform apply

Correct Answer: D

Community vote distribution

C (55%) D (45%)
Question #143 Topic 1

Which of the following is not an advantage of using infrastructure as code operations?

A. Self-service infrastructure deployment

B. Troubleshoot via a Linux diff command

C. Public cloud console con guration work ows

D. Modify a count parameter to scale resources

E. API driven work ows

Correct Answer: B

Community vote distribution

C (60%) B (40%)

Question #144 Topic 1

You're writing a Terraform con guration that needs to read input from a local le called id_rsa.pub.
Which built-in Terraform function can you use to import the le's contents as a string?

A. leset("id_rsa.pub")

B. lebase64("id_rsa.pub")

C. template le("id_rsa.pub")

D. le("id_rsa.pub")

Correct Answer: A

Community vote distribution

D (100%)

Question #145 Topic 1

What does Terraform use providers for? (Choose three.)

A. Provision resources for on-premises infrastructure services

B. Simplify API interactions

C. Provision resources for public cloud infrastructure services

D. Enforce security and compliance policies

E. Group a collection of Terraform con guration les that map to a single state le

Correct Answer: ABC

Community vote distribution

ABC (65%) BCE (26%) 9%
Question #146 Topic 1

You can reference a resource created with for_each using a Splat (*) expression.

A. True

B. False

Correct Answer: B

Community vote distribution

B (73%) A (27%)

Question #147 Topic 1

How does Terraform determine dependencies between resources?

A. Terraform automatically builds a resource graph based on resources, provisioners, special meta-parameters, and the state le, if present.

B. Terraform requires all dependencies between resources to be speci ed using the depends_on parameter

C. Terraform requires resources in a con guration to be listed in the order they will be created to determine dependencies

D. Terraform requires resource dependencies to be de ned as modules and sourced in order

Correct Answer: A

Community vote distribution

A (100%)

Question #148 Topic 1

Which parameters does terraform import require? (Choose two.)

A. Path

B. Provider

C. Resource ID

D. Resource address

Correct Answer: BC

Community vote distribution

CD (100%)
Question #149 Topic 1

Once a new Terraform backend is con gured with a Terraform code block, which command(s) is (are) used to migrate the state le?

A. terraform apply

B. terraform push

C. terraform destroy, then terraform apply

D. terraform init

Correct Answer: D

Community vote distribution

D (74%) B (26%)

Question #150 Topic 1

What does this code do?

A. Requires any version of the AWS provider >= 3.0 and < 4.0

B. Requires any version of the AWS provider >= 3.0

C. Requires any version of the AWS provider after the 3.0 major release, like 4.1

D. Requires any version of the AWS provider > 3.0

Correct Answer: A

Community vote distribution

A (83%) B (17%)

Question #151 Topic 1

What does terraform refresh modify?

A. Your cloud infrastructure

B. Your state le

C. Your Terraform plan

D. Your Terraform con guration

Correct Answer: B

Community vote distribution

B (100%)
Question #152 Topic 1

Which of the following is not valid source path for specifying a module?

A. source = "./modulelversion=v1.0.0"

B. source = "github.com/hashicorp/example?ref=v1.0.0"

C. source = "./module"

D. source = "hashicorp/consul/aws"

Correct Answer: A

Community vote distribution

A (100%)

Question #153 Topic 1

Which of the following is true about terraform apply? (Choose two.)

A. It only operates on infrastructure de ned in the current working directory or workspace

B. You must pass the output of a terraform plan command to it

C. Depending on provider speci cation, Terraform may need to destroy and recreate your infrastructure resources

D. By default, it does not refresh your state le to re ect current infrastructure con guration

E. You cannot target speci c resources for the operation

Correct Answer: AC

Community vote distribution

AC (100%)

Question #154 Topic 1

Which of the following statements about local modules is incorrect?

A. Local modules are not cached by terraform init command

B. Local modules are sourced from a directory on disk

C. Local modules support versions

D. All of the above (all statements above are incorrect)

E. None of the above (all statements above are correct)

Correct Answer: C

Community vote distribution

C (100%)
Question #155 Topic 1

Which of the following is true about Terraform's implementation of infrastructure as code? (Choose two.)

A. It is only compatible with AWS infrastructure management

B. You cannot reuse infrastructure con guration

C. You can version your infrastructure con guration

D. It requires manual con guration of infrastructure resources

E. It allows you to automate infrastructure provisioning

Correct Answer: BD

Community vote distribution

CE (100%)

Question #156 Topic 1

You need to write some Terraform code that adds 42 rewall rules to a security group as shown in the example.

What can you use to avoid writing 42 different nested ingress con g blocks by hand?

A. A count loop

B. A for block

C. A for each block

D. A dynamic block

Correct Answer: D

Community vote distribution

D (86%) 14%
Question #157 Topic 1

Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace?

A. Write the value to a le and specify the le with the -var- le ag

B. Set a value for the variable in the UI and check the "Sensitive" check box

C. Edit the state le directly just before running terraform apply

D. Set the variable value on the command line with the -var ag

Correct Answer: B

Community vote distribution

B (100%)

Question #158 Topic 1

terraform apply will fail if you have not am terraform plan rst to update the plan output.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #159 Topic 1

How would you reference the attribute "name" of this ctitious resource in HCL?

A. resource.kubernetes_namespace.example.name

B. kubernetes_namespace.test.name

C. kubernetes_namespace.example.name

D. data.kubernetes_namespace.name

E. None of the above

Correct Answer: C

Community vote distribution

C (100%)
Question #160 Topic 1

A Terraform output that sets the "sensitive" argument to true will not store that value in the state le.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #161 Topic 1

Which are forbidden actions when the Terraform state le is locked? (Choose three.)

A. terraform destroy

B. terraform fmt

C. terraform state list

D. terraform apply

E. terraform plan

F. terraform validate

Correct Answer: ADE

Community vote distribution

ADE (100%)

Question #162 Topic 1

Terraform installs its providers during which phase?

A. Plan

B. Init

C. Refresh

D. All of the above

Correct Answer: B

Community vote distribution

B (100%)
Question #163 Topic 1

When does Sentinel enforce policy logic during a Terraform Enterprise run?

A. Before the plan phase

B. During the plan phase

C. Before the apply phase

D. After the apply phase

Correct Answer: C

Community vote distribution

C (88%) 13%

Question #164 Topic 1

What is the purpose of a Terraform workspace in either open source or enterprise?

A. Workspaces allow you to manage collections of infrastructure in state les

B. A logical separation of business units

C. A method of grouping multiple infrastructure security policies

D. Provides limited access to a cloud environment

Correct Answer: A

Community vote distribution

A (89%) 11%

Question #165 Topic 1

Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example git::https://example.com/vpc.git)?

A. Append ?ref=v1. 0. 0 argument to the source path

B. Add version = "1.0.0" parameter to module block

C. Nothing €" modules stored on GitHub always default to version 1.0.0

D. Modules stored on GitHub do not support versioning

Correct Answer: A

Community vote distribution

A (81%) B (19%)
Question #166 Topic 1

Changing the Terraform backend from the default "local" backend to a different one after doing your rst terraform apply is:

A. Mandatory

B. Optional

C. Impossible

D. Discouraged

Correct Answer: B

Community vote distribution

B (100%)

Question #167 Topic 1

You have modi ed your local Terraform con guration and ran terraform plan to review the changes. Simultaneously, your teammate manually
modi ed the infrastructure component you are working on. Since you already ran terraform plan locally, the execution plan for terraform apply will
be the same.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #168 Topic 1

terraform apply is failing with the following error. What next step should you take to determine the root cause of the problem?
Error loading state: AccessDenied: Access Denied status code: 403, request id: 288766CE5CCA24A0, host id: FOOBAR

A. Set TF_LOG=DEBUG

B. Review syslog for Terraform error messages

C. Run terraform login to reauthenticate with the provider

D. Review /var/log/terraform.log for error messages

Correct Answer: A

Community vote distribution

A (80%) C (20%)
Question #169 Topic 1

As a member of an operations team that uses infrastructure as code (IaC) practices, you are tasked with making a change to an infrastructure
stack running in a public cloud.
Which pattern would follow IaC best practices for making a change?

A. Clone the repository containing your infrastructure code and then run the code

B. Use the public cloud console to make the change after a database record has been approved

C. Make the change programmatically via the public cloud CLI

D. Make the change via the public cloud API endpoint

E. Submit a pull request and wait for an approved merge of the proposed changes

Correct Answer: E

Community vote distribution

E (100%)

Question #170 Topic 1

What command can you run to generate DOT (Document Template) formatted data to visualize Terraform dependencies?

A. terraform refresh

B. terraform show

C. terraform graph

D. terraform output

Correct Answer: C

Community vote distribution

C (100%)

Question #171 Topic 1

Which provider authentication method prevents credentials from being stored in the state le?

A. Using environment variables

B. Specifying the login credentials in the provider block

C. Setting credentials as Terraform variables

D. None of the above

Correct Answer: A

Community vote distribution

A (55%) D (45%)
Question #172 Topic 1

Running terraform fmt without any ags in a directory with Terraform con guration les will check the formatting of those les without changing
their contents.

A. True

B. False

Correct Answer: B

Community vote distribution

B (70%) A (30%)

Question #173 Topic 1

terraform init retrieves the source code for all referenced modules.

A. True

B. False

Correct Answer: A

Community vote distribution

A (75%) B (25%)

Question #174 Topic 1

You have a Terraform con guration that de nes a single virtual machine with no references to it. You have run terraform apply to create the
resource, and then removed the resource de nition from your Terraform con guration le.
What will happen when you run terraform apply in the working directory again?

A. Nothing

B. Terraform will destroy the virtual machine

C. Terraform will error

D. Terraform will remove the virtual machine from the state le, but the resource will still exist

Correct Answer: B

Community vote distribution

B (100%)
Question #175 Topic 1

Which con guration consistency errors does terraform validate report?

A. A mix of spaces and tabs in con guration les

B. Differences between local and remote state

C. Terraform module isn't the latest version

D. Declaring a resource identi er more than once

Correct Answer: D

Community vote distribution

D (100%)

Question #176 Topic 1

In Terraform HCL, an object type of object({ name=string, age=number }) would match this value:
A.

B.

Correct Answer: B

Question #177 Topic 1

Where can Terraform not load a provider from?

A. Source code

B. Plugins directory

C. O cial HashiCorp distribution on releases.hashicorp.com

D. Provider plugin cache

Correct Answer: A

Community vote distribution

A (75%) C (19%) 6%
Question #178 Topic 1

Which of the following locations can Terraform use as a private source for modules? (Choose two.)

A. Internally hosted SCM (Source Control Manager) platform

B. Public Terraform Module Registry

C. Private repository on GitHub

D. Public repository on GitHub

Correct Answer: AC

Community vote distribution

AC (100%)

Question #179 Topic 1

Why should secrets not be hard coded into Terraform code? (Choose two.)

A. It makes the code less reusable.

B. Terraform code is typically stored in version control, as well as copied to the systems from which it's run. Any of those may not have robust
security mechanisms.

C. The Terraform code is copied to the target resources to be applied locally and could expose secrets if a target resource is compromised.

D. All passwords should be rotated on a quarterly basis.

Correct Answer: BC

Community vote distribution

AB (50%) BC (50%)

Question #180 Topic 1

If a Terraform creation-time provisioner fails, what will occur by default?

A. The resource will not be affected, but the provisioner will need to be applied again

B. The resource will be destroyed

C. The resource will be marked as "tainted"

D. Nothing, provisioners will not show errors in the command line

Correct Answer: C

Community vote distribution

C (100%)
Question #181 Topic 1

When should Terraform con guration les be written when running terraform import on existing infrastructure?

A. Infrastructure can be imported without corresponding Terraform code

B. Terraform will generate the corresponding con guration les for you

C. You should write Terraform con guration les after the next terraform import is executed

D. Terraform con guration should be written before terraform import is executed

Correct Answer: B

Community vote distribution

D (64%) C (33%)

Question #182 Topic 1

Which command lets you experiment with Terraform's built-in functions?

A. terraform env

B. terraform console

C. terraform test

D. terraform validate

Correct Answer: B
Reference:
https://www.terraform.io/language/functions

Community vote distribution

B (100%)
Question #183 Topic 1

Why does this backend con guration not follow best practices?

A. You should not store credentials in Terraform Con guration

B. You should use the local enhanced storage backend whenever possible

C. An alias meta-argument should be included in backend blocks whenever possible

D. The backend con guration should contain multiple credentials so that more than one user can execute terraform plan and terraform apply

Correct Answer: A

Community vote distribution

A (100%)

Question #184 Topic 1

Open source Terraform can only import publicly-accessible and open-source modules.

A. True

B. False

Correct Answer: A

Community vote distribution

B (85%) A (15%)
Question #185 Topic 1

What does terraform destroy do?

A. Destroy all infrastructure in the Terraform state le

B. Destroy all Terraform code les in the current directory while leaving the state le intact

C. Destroy all infrastructure in the con gured Terraform provider

D. Destroy the Terraform state le while leaving infrastructure intact

Correct Answer: D

Community vote distribution

A (79%) C (21%)

Question #186 Topic 1

While attempting to deploy resources into your cloud provider using Terraform, you begin to see some odd behavior and experience sluggish
responses. In order to troubleshoot you decide to turn on Terraform debugging. Which environment variables must be con gured to make
Terraform's logging more verbose?

A. TF_LOG_LEVEL

B. TF_LOG_FILE

C. TF_LOG

D. TP_LOG_PATH

Correct Answer: C
Reference:
https://www.terraform.io/internals/debugging

Community vote distribution

C (100%)

Question #187 Topic 1

If a DevOps team adopts AWS CloudFormation as their standardized method for provisioning public cloud resources, which of the following
scenarios poses a challenge for this team?

A. The team is asked to build a reusable code base that can deploy resources into any AWS region

B. The team is asked to manage a new application stack built on AWS-native services

C. The organization decides to expand into Azure and wishes to deploy new infrastructure using their existing codebase

D. The DevOps team is tasked with automating a manual provisioning process

Correct Answer: D

Community vote distribution

C (100%)
Question #188 Topic 1

You cannot install third party plugins using terraform init.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #189 Topic 1

Which of the following can you do with terraform plan? (Choose two.)

A. Save a generated execution plan to apply later

B. Execute a plan in a different workspace

C. View the execution plan and check if the changes match your expectations

D. Schedule Terraform to run at a planned time in the future

Correct Answer: AC
Reference:
https://learn.hashicorp.com/tutorials/terraform/plan

Community vote distribution

AC (100%)

Question #190 Topic 1

Which are examples of infrastructure as code? (Choose two.)

A. Cloned virtual machine images

B. Change management database records

C. Versioned con guration les

D. Docker les

Correct Answer: BC

Community vote distribution

CD (100%)

Question #191 Topic 1

FILL BLANK -
You need to migrate a workspace to use a remote backend. After updating your con guration, what command do you run to perform the
migration?
Type your answer in the eld provided. The text eld is not case-sensitive and all variations of the correct answer are accepted.

Correct Answer: terraform init

Question #192 Topic 1

When using a module from the public Terraform Module Registry, the following parameters are required attributes in the module block. (Choose
two.)

A. Each of the module’s required inputs

B. The module’s source address

C. Terraform Module Registry account token

D. Each of the module’s dependencies (example: submodules)

E. The version of the module

Correct Answer: BE

Community vote distribution

AB (60%) BE (30%) 10%

Question #193 Topic 1

As a developer, you want to ensure your plugins are up to date with the latest versions. Which Terraform command should you use?

A. terraform init -upgrade

B. terraform apply -upgrade

C. terraform refresh -upgrade

D. terraform providers -upgrade

Correct Answer: A

Community vote distribution

A (100%)

Question #194 Topic 1

You can access state stored with the local backend by using the terraform_remote_state data source.

A. True

B. False

Correct Answer: B

Community vote distribution

A (67%) B (33%)
Question #195 Topic 1

You have been working in a Cloud provider account that is shared with other team members. You previously used Terraform to create a load
balancer that is listening on port 80. After some application changes, you updated the Terraform code to change the port to 443.

You run terraform plan and see that the execution plan shows the port changing from 80 to 443 like you intended, and step away to grab some
coffee.

In the meantime, another team member manually changes the load balancer port to 443 through the Cloud provider console before you get back to
your desk.

What will happen when you terraform apply upon returning to your desk?

A. Terraform will fail with an error because the state le is no longer accurate.

B. Terraform will change the load balancer port to 80, and then change it back to 443.

C. Terraform will not make any changes to the Load Balancer and will update the state le to re ect any changes made.

D. Terraform will change the port back to 80 in your code.

Correct Answer: C

Community vote distribution

C (100%)

Question #196 Topic 1

In a Terraform Cloud workspace linked to a version control repository, speculative plan runs start automatically when you merge or commit
changes to version control.

A. True

B. False

Correct Answer: A

Community vote distribution

A (100%)
Question #197 Topic 1

You have some Terraform code and a variable de nitions le named dev.auto.tfvars that you tested successfully in the dev environment. You want
to deploy the same code in the staging environment with a separate variable de nition le and a separate state le.

Which two actions should you perform? (Choose two.)

A. Copy the existing terraform.tfstate le and save it as staging.terraform.tfstate

B. Write a new staging.auto.tfvars variable de nition le and run Terraform with the var- le=”staging.auto.tfvars” ag

C. Create a new Terraform workspace for staging

D. Create a new Terraform provider for staging

E. Add new Terraform code (*.tf les) for staging in the same directory

Correct Answer: BC

Community vote distribution

BC (100%)

Question #198 Topic 1

The ________ determines how Terraform creates, updates, or deletes resources.

A. Terraform con guration

B. Terraform core

C. Terraform provider

D. Terraform provisioner

Correct Answer: A

Community vote distribution

C (71%) A (29%)

Question #199 Topic 1

Terraform destroy is the only way to remove infrastructure.

A. True

B. False

Correct Answer: B
Question #200 Topic 1

Which of the following is the correct way to pass the value in the variable num_servers into a module with the input servers in HCL2?

A. servers - var.num_servers

B. servers - num_servers

C. servers - var(num_servers)

D. $(var.num_servers)

Correct Answer: B

Community vote distribution

A (100%)

Question #201 Topic 1

Which of the fallowing commands would you use to access all of the attributes and details of a resource managed by Terraform?

A. terraform state list

B. terraform state show

C. terraform get

D. terraform state list

Correct Answer: A

Community vote distribution

B (100%)

Question #202 Topic 1

How would you be able to reference an attribute from the vsphere_datacenter data source for use with the datacenter_id argument within the
vsphere_folder resource in the following con guration?

A. data.dc.id

B. data.vsphere_datacenter.dc

C. vsphere_datacenter.dc.id

D. data.vsphere_datacenter.dc.id

Correct Answer: D

Community vote distribution

D (100%)
Question #203 Topic 1

You decide to move a Terraform state le to Amazon S3 from another location. You write the code below into a le called backend.tf.

Which command will migrate your current state le to the new S3 remote backend?

A. terraform state

B. terraform init

C. terraform refresh

D. terraform push

Correct Answer: B

Community vote distribution

B (100%)

Question #204 Topic 1

You want to tag multiple resources with a string that is a combination of a generated random_id and a variable.

How should you use the same value in all these resources without repeating the random_id and variable in each resource?

A. Local values

B. Data source

C. Modules

D. Outputs

Correct Answer: A

Community vote distribution

A (100%)

Question #205 Topic 1

Which of the following is not a bene t of adopting infrastructure as code?

A. Interpolation

B. Reusability of code

C. Versioning

D. Automation

Correct Answer: A
Question #206 Topic 1

Module version is required to reference a module on the Terraform Module Registry.

A. True

B. False

Correct Answer: B

Community vote distribution

B (75%) A (25%)

Question #207 Topic 1

While deploying a virtual machine, the rst launch user_data script fails due to race condition with another resource deployed during the same
Terraform run.

What is the least disruptive method to correct the issue?

A. Run terraform taint against the virtual machine’s resource name, then terraform apply

B. Restart the virtual machine from the cloud portal

C. Run terraform apply again

D. Run terraform destroy then terraform apply

Correct Answer: A

Community vote distribution

C (67%) A (33%)

Question #208 Topic 1

The public Module Registry is free to use.

A. True

B. False

Correct Answer: A

Community vote distribution

A (100%)

Question #209 Topic 1

Both Terraform Cloud and Terraform Enterprise support policy as code (Sentinel).

A. True

B. False

Correct Answer: A
Question #210 Topic 1

You want to de ne multiple data disks as nested blocks inside the resource block for a virtual machine.

What Terraform feature would help you de ne the blocks using the values in a variable?

A. Local values

B. Collection functions

C. Dynamic blocks

D. Count arguments

Correct Answer: C

Community vote distribution

C (100%)

Question #211 Topic 1

Which of the following module source paths does not specify a remote module?

A. source = “./modules/consul”

B. source = “[email protected]:hashicorp/example.git”

C. source = “github.com/hashicorp/example”

D. source = “hashicorp/consul/aws”

Correct Answer: C

Community vote distribution

A (100%)

Question #212 Topic 1

You have a list of numbers that represents the number of free CPU cores on each virtual cluster:

numcpus = [ 18, 3, 7, 11, 2 ]

What Terraform function could you use to select the largest number from the list?

A. max(numcpus)

B. ceil(numcpus)

C. top(numcpus)

D. high[numcpus]

Correct Answer: A

Community vote distribution

A (100%)
Question #213 Topic 1

Variables declared within a module are accessible outside of the module.

A. True

B. False

Correct Answer: B

Community vote distribution

B (100%)

Question #214 Topic 1

Which of the following is not a valid Terraform variable type?

A. list

B. map

C. array

D. string

Correct Answer: C

Community vote distribution

C (100%)

Question #215 Topic 1

What is a key bene t of the Terraform state le?

A. A state le can be used to schedule recurring infrastructure tasks

B. A state le represents a source of truth for resources provisioned with a public cloud console

C. A state le represents the desired state expressed by the Terraform code les

D. A state le represents a source of truth for resources provisioned with Terraform

Correct Answer: A

Community vote distribution

D (100%)
Question #216 Topic 1

Which of these statements about Terraform Enterprise workspaces is false?

A. They can securely store cloud credentials

B. You must use the CLI to switch between workspaces

C. Plans and applies can be triggered via version control system integrations

D. They have role-based access controls

Correct Answer: C

Community vote distribution

B (100%)

Question #217 Topic 1

De ne the purpose of state in Terraform.

A. State is used to map real world resources to your con guration and keep track of metadata

B. State is a method of codifying the dependencies of related resources

C. State is used to enforce resource con gurations that relate to compliance policies

D. State is used to store variables and quickly reuse existing code

Correct Answer: B

Community vote distribution

A (100%)

Question #218 Topic 1

Which backend does the Terraform CLI use by default?

A. API

B. Remote

C. Terraform Cloud

D. Local

E. HTTP

Correct Answer: D

Community vote distribution

D (100%)
Question #219 Topic 1

Using the terraform state rm command against a resource will destroy it.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)

Question #220 Topic 1

Which method for sharing Terraform con gurations keeps them con dential within your organization, supports Terraform’s semantic version
constraints, and provides a browsable directory?

A. Generic git repository

B. Terraform Cloud/Terraform Enterprise private module registry

C. Public Terraform Module Registry

D. Subfolder within a workspace

Correct Answer: B

Community vote distribution

B (100%)

Question #221 Topic 1

You are writing a child Terraform module which provisions an AWS instance. You want to make use of the IP address returned in the root
con guration. You name the instance resource “main”.

Which of these is the correct way to de ne the output value using HCL2?

A.

B.

C.

D.

Correct Answer: C

Community vote distribution

A (100%)
Question #222 Topic 1

How would you refer to the indexing instance from the below con guration?

A. aws_instance[“web”][“indexing”]

B. aws_instance.web.indexing

C. aws_instance-web[“indexing”]

D. aws_instance.web[“indexing”]

Correct Answer: D

Community vote distribution

D (75%) B (25%)

Question #223 Topic 1

Which feature is not included in Terraform Cloud’s free tier?

A. Workspace

B. Remote state management

C. Audit logging

D. Private module registry

Correct Answer: D

Community vote distribution

C (83%) D (17%)

Question #224 Topic 1

When should you run terraform init?

A. After you run terraform apply for the rst time in a new Terraform project and before you run terraform plan

B. After you run terraform plan for the rst time in a new Terraform project and before you run terraform apply

C. After you start coding a new Terraform project and before you run terraform plan for the rst time

D. Before you start coding a new Terraform project

Correct Answer: D

Community vote distribution

C (100%)
Question #225 Topic 1

Terraform con guration (including any module references) can contain only one Terraform provider type.

A. True

B. False

Correct Answer: A

Community vote distribution

B (100%)

Question #226 Topic 1

You are making changes to existing Terraform code to add some new infrastructure.

When is the best time to run terraform validate?

A. After you run terraform plan so you can validate that your state le is consistent with your infrastructure

B. Before you run terraform plan so you can validate your code syntax

C. Before you run terraform apply so you can validate your infrastructure changes

D. After you run terraform apply so you can validate that your infrastructure is re ected in your code

Correct Answer: B

Community vote distribution

B (100%)

Question #227 Topic 1

How does Terraform manage most dependencies between resources?

A. By de ning dependencies as modules and including them in a particular order

B. The order that resources appear in Terraform con guration indicates dependencies

C. Using the depends_on parameter

D. Terraform will automatically manage most resource dependencies

Correct Answer: B

Community vote distribution

D (100%)
Question #228 Topic 1

What does running a terraform plan do?

A. Imports all of your existing cloud provider resources to the state le

B. Compares the state le to your Terraform code and determines if any changes need to be made

C. Imports all of your existing cloud provider resources to your Terraform con guration le

D. Compares your Terraform code and local state le to the remote state le in a cloud provider and determines if any changes need to be
made

Correct Answer: D

Community vote distribution

B (100%)

Question #229 Topic 1

What are some bene ts of using Sentinel with Terraform Cloud/Terraform Enterprise? (Choose three.)

A. Policy-as-code can enforce security best practices

B. You can restrict speci c con gurations on resources like "CIDR=0.0.0.0/0" not allowed

C. You can enforce a list of approved AWS AMIs

D. Sentinel Policies can be written in HashiCorp Con guration Language (HCL)

E. You can check out and check in cloud access keys

Correct Answer: ABC

Community vote distribution

ABC (100%)

Question #230 Topic 1

You want to share Terraform state with your team, store it securely, and provide state locking.

How would you do this? (Choose three.)

A. Using the remote Terraform backend with Terraform Cloud / Terraform Enterprise.

B. Using the local backend.

C. Using the s3 terraform backend. The dynamodb_ eld option is not needed.

D. Using an s3 terraform backend with an appropriate IAM policy and dynamodb_ eld option con gured.

E. Using the consul Terraform backend.

Correct Answer: ADE

Community vote distribution

ADE (75%) ACE (25%)
Question #231 Topic 1

From which of these sources can Terraform import modules?

A. Local path

B. GitHub Repository

C. Terraform Module Registry

D. All of the above

Correct Answer: D

Community vote distribution

D (100%)

Question #232 Topic 1

How would you output returned values from a child module?

A. Declare the output in the root con guration

B. Declare the output in the child module

C. Declare the output in both the root and child module

D. None of the above

Correct Answer: C

Community vote distribution

B (75%) C (25%)

Question #233 Topic 1

You have decided to create a new Terraform workspace to deploy a development environment.

What is different about this workspace?

A. It has its own state le

B. It pulls in a different terraform.tfvars le

C. It uses a different branch of code

D. It uses a different backend

Correct Answer: A

Community vote distribution

A (75%) B (25%)
Question #234 Topic 1

Any user can publish modules to the public Terraform Module Registry.

A. True

B. False

Correct Answer: A

Community vote distribution

A (100%)