Terraform Associate: HashiCorp Certified Part 6
Question #: 151
Topic #: 1
Which of the following is true about terraform apply? (Choose two.)
A. It only operates on infrastructure defined in the current working directory or workspace
B. You must pass the output of a terraform plan command to it
C. Depending on provider specification, Terraform may need to destroy and recreate your infrastructure resources
D. By default, it does not refresh your state file to reflect current infrastructure configuration
E. You cannot target specific resources for the operation
Selected Answer: AC
Question #: 152
Topic #: 1
Which of the following statements about local modules is incorrect?
A. Local modules are not cached by terraform init command
B. Local modules are sourced from a directory on disk
C. Local modules support versions
D. All of the above (all statements above are incorrect)
E. None of the above (all statements above are correct)
Selected Answer: C
Question #: 153
Topic #: 1
Which of the following is true about Terraform’s implementation of infrastructure as code? (Choose two.)
A. It is only compatible with AWS infrastructure management
B. You cannot reuse infrastructure configuration
C. You can version your infrastructure configuration
D. It requires manual configuration of infrastructure resources
E. It allows you to automate infrastructure provisioning
Selected Answer: CE
Question #: 154
Topic #: 1
You need to write some Terraform code that adds 42 firewall rules to a security group as shown in the example.
What can you use to avoid writing 42 different nested ingress config blocks by hand?
A. A count loop
B. A for block
C. A for each block
D. A dynamic block
Selected Answer: D
Question #: 155
Topic #: 1
Which of the following is the safest way to inject sensitive values into a Terraform Cloud workspace?
A. Write the value to a file and specify the file with the -var-file flag
B. Set a value for the variable in the UI and check the “Sensitive” check box
C. Edit the state file directly just before running terraform apply
D. Set the variable value on the command line with the -var flag
Selected Answer: A
Question #: 156
Topic #: 1
terraform apply will fail if you have not am terraform plan first to update the plan output.
A. True
B. False
Selected Answer: B
Question #: 157
Topic #: 1
How would you reference the attribute “name” of this fictitious resource in HCL?
A. resource.kubernetes_namespace.example.name
B. kubernetes_namespace.test.name
C. kubernetes_namespace.example.name
D. data.kubernetes_namespace.name
E. None of the above
Selected Answer: C
Question #: 158
Topic #: 1
A Terraform output that sets the “sensitive” argument to true will not store that value in the state file.
A. True
B. False
Selected Answer: B
Question #: 159
Topic #: 1
Which are forbidden actions when the Terraform state file is locked? (Choose three.)
A. terraform destroy
B. terraform fmt
C. terraform state list
D. terraform apply
E. terraform plan
F. terraform validate
Selected Answer: ADE
Question #: 160
Topic #: 1
Which are forbidden actions when the Terraform state file is locked? (Choose three.)
A. terraform destroy
B. terraform fmt
C. terraform state list
D. terraform apply
E. terraform plan
F. terraform validate
Selected Answer: ADE
Question #: 161
Topic #: 1
Terraform installs its providers during which phase?
A. Plan
B. Init
C. Refresh
D. All of the above
Selected Answer: B
Question #: 162
Topic #: 1
When does Sentinel enforce policy logic during a Terraform Enterprise run?
A. Before the plan phase
B. During the plan phase
C. Before the apply phase
D. After the apply phase
Selected Answer: C
Question #: 163
Topic #: 1
What is the purpose of a Terraform workspace in either open source or enterprise?
A. Workspaces allow you to manage collections of infrastructure in state files
B. A logical separation of business units
C. A method of grouping multiple infrastructure security policies
D. Provides limited access to a cloud environment
Selected Answer: A
Question #: 164
Topic #: 1
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example git::https://example.com/vpc.git)?
A. Append ?ref=v1. 0. 0 argument to the source path
B. Add version = “1.0.0” parameter to module block
C. Nothing ג€” modules stored on GitHub always default to version 1.0.0
D. Modules stored on GitHub do not support versioning
Selected Answer: A
Question #: 165
Topic #: 1
Changing the Terraform backend from the default “local” backend to a different one after doing your first terraform apply is:
A. Mandatory
B. Optional
C. Impossible
D. Discouraged
Selected Answer: B
Question #: 166
Topic #: 1
You have modified your local Terraform configuration and ran terraform plan to review the changes. Simultaneously, your teammate manually modified the infrastructure component you are working on. Since you already ran terraform plan locally, the execution plan for terraform apply will be the same.
A. True
B. False
Selected Answer: B
Question #: 167
Topic #: 1
terraform apply is failing with the following error. What next step should you take to determine the root cause of the problem?
Error loading state: AccessDenied: Access Denied status code: 403, request id: 288766CE5CCA24A0, host id: FOOBAR
A. Set TF_LOG=DEBUG
B. Review syslog for Terraform error messages
C. Run terraform login to reauthenticate with the provider
D. Review /var/log/terraform.log for error messages
Selected Answer: A
Question #: 168
Topic #: 1
As a member of an operations team that uses infrastructure as code (IaC) practices, you are tasked with making a change to an infrastructure stack running in a public cloud.
Which pattern would follow IaC best practices for making a change?
A. Clone the repository containing your infrastructure code and then run the code
B. Use the public cloud console to make the change after a database record has been approved
C. Make the change programmatically via the public cloud CLI
D. Make the change via the public cloud API endpoint
E. Submit a pull request and wait for an approved merge of the proposed changes
Selected Answer: E
Question #: 169
Topic #: 1
What command can you run to generate DOT (Document Template) formatted data to visualize Terraform dependencies?
A. terraform refresh
B. terraform show
C. terraform graph
D. terraform output
Selected Answer: C
Question #: 170
Topic #: 1
Which provider authentication method prevents credentials from being stored in the state file?
A. Using environment variables
B. Specifying the login credentials in the provider block
C. Setting credentials as Terraform variables
D. None of the above
Selected Answer: A
Question #: 171
Topic #: 1
Running terraform fmt without any flags in a directory with Terraform configuration files will check the formatting of those files without changing their contents.
A. True
B. False
Selected Answer: B
Question #: 172
Topic #: 1
Running terraform fmt without any flags in a directory with Terraform configuration files will check the formatting of those files without changing their contents.
A. True
B. False
Selected Answer: B
Question #: 173
Topic #: 1
terraform init retrieves the source code for all referenced modules.
A. True
B. False
Selected Answer: A
Question #: 174
Topic #: 1
You have a Terraform configuration that defines a single virtual machine with no references to it. You have run terraform apply to create the resource, and then removed the resource definition from your Terraform configuration file.
What will happen when you run terraform apply in the working directory again?
A. Nothing
B. Terraform will destroy the virtual machine
C. Terraform will error
D. Terraform will remove the virtual machine from the state file, but the resource will still exist
Selected Answer: B
Question #: 175
Topic #: 1
Which configuration consistency errors does terraform validate report?
A. A mix of spaces and tabs in configuration files
B. Differences between local and remote state
C. Terraform module isn’t the latest version
D. Declaring a resource identifier more than once
Selected Answer: D
Question #: 176
Topic #: 1
Where can Terraform not load a provider from?
A. Source code
B. Plugins directory
C. Official HashiCorp distribution on releases.hashicorp.com
D. Provider plugin cache
Selected Answer: A
Question #: 177
Topic #: 1
Which of the following locations can Terraform use as a private source for modules? (Choose two.)
A. Internally hosted SCM (Source Control Manager) platform
B. Public Terraform Module Registry
C. Private repository on GitHub
D. Public repository on GitHub
Selected Answer: AC
Question #: 178
Topic #: 1
Why should secrets not be hard coded into Terraform code? (Choose two.)
A. It makes the code less reusable.
B. Terraform code is typically stored in version control, as well as copied to the systems from which it’s run. Any of those may not have robust security mechanisms.
C. The Terraform code is copied to the target resources to be applied locally and could expose secrets if a target resource is compromised.
D. All passwords should be rotated on a quarterly basis.
Selected Answer: AB
Question #: 179
Topic #: 1
If a Terraform creation-time provisioner fails, what will occur by default?
A. The resource will not be affected, but the provisioner will need to be applied again
B. The resource will be destroyed
C. The resource will be marked as “tainted”
D. Nothing, provisioners will not show errors in the command line
Selected Answer: C
Question #: 180
Topic #: 1
When should Terraform configuration files be written when running terraform import on existing infrastructure?
A. Infrastructure can be imported without corresponding Terraform code
B. Terraform will generate the corresponding configuration files for you
C. You should write Terraform configuration files after the next terraform import is executed
D. Terraform configuration should be written before terraform import is executed
Selected Answer: D
