Practice Free Terraform Associate 004 Exam Online Questions
Question #11
Once you configure a new Terraform backend with a terraform code block, which command(s) should you use to migrate the state file?
- A . terraform destroy, then terraform apply
- B . terraform init
- C . terraform push
- D . terraform apply
Correct Answer: A
A
Explanation:
This command will initialize the new backend and prompt you to migrate the existing state file to the new location4. The other commands are not relevant for this task.
A
Explanation:
This command will initialize the new backend and prompt you to migrate the existing state file to the new location4. The other commands are not relevant for this task.
Question #12
Using the terraform state rm command against a resource will destroy it.
- A . True
- B . False
Correct Answer: B
B
Explanation:
The terraform state rm commandremovesa resource from Terraform’s state file butdoes not destroythe resource in the actual infrastructure. It only removes Terraform’s knowledge of the resource, meaning Terraform will no longer manage it.
If you run terraform state rm on a resource, Terraform will forget that the resource exists.
However, the resource will still exist in the cloud or infrastructure provider.
If you later run terraform apply, Terraform may try torecreatethe resource because it is no longer present in its state file.
Official Terraform Documentation
Reference: terraform state rm – HashiCorp Documentation
B
Explanation:
The terraform state rm commandremovesa resource from Terraform’s state file butdoes not destroythe resource in the actual infrastructure. It only removes Terraform’s knowledge of the resource, meaning Terraform will no longer manage it.
If you run terraform state rm on a resource, Terraform will forget that the resource exists.
However, the resource will still exist in the cloud or infrastructure provider.
If you later run terraform apply, Terraform may try torecreatethe resource because it is no longer present in its state file.
Official Terraform Documentation
Reference: terraform state rm – HashiCorp Documentation
Question #13
When does Sentinel enforce policy logic during a Terraform Cloud run?
- A . Before the plan phase
- B . During the plan phase
- C . Before the apply phase
- D . After the apply phase
Correct Answer: C
C
Explanation:
Sentinel policies are checked after the plan stage of a Terraform run, but before it can be confirmed
or the terraform apply is executed3. This allows you to enforce rules on your infrastructure before it is created or modified.
C
Explanation:
Sentinel policies are checked after the plan stage of a Terraform run, but before it can be confirmed
or the terraform apply is executed3. This allows you to enforce rules on your infrastructure before it is created or modified.
Question #14
Running terraform fmt without any flags in a directory with Terraform configuration files will check the formatting of those files, but will never change their contents.
- A . True
- B . False
Correct Answer: B
B
Explanation:
Rationale for Correct Answer
By default, terraform fmt modifies files in place to match Terraform’s canonical formatting. The -check flag is required to only check formatting without making changes.
Analysis of Incorrect Options (Distractors):
A: Incorrect because formatting changes are applied automatically by default.
Key Concept: terraform fmt enforces consistent formatting by rewriting files unless instructed otherwise.
Reference: Terraform Exam Objective C Understand Terraform Basics and CLI
B
Explanation:
Rationale for Correct Answer
By default, terraform fmt modifies files in place to match Terraform’s canonical formatting. The -check flag is required to only check formatting without making changes.
Analysis of Incorrect Options (Distractors):
A: Incorrect because formatting changes are applied automatically by default.
Key Concept: terraform fmt enforces consistent formatting by rewriting files unless instructed otherwise.
Reference: Terraform Exam Objective C Understand Terraform Basics and CLI
Question #15
Why does this backend configuration not follow best practices?
- A . An alias meta-argument should be included in backend blocks whenever possible
- B . You should use the local enhanced storage backend whenever possible
- C . You should not store credentials in Terraform configuration
- D . The backend configuration should contain multiple credentials so that more than one user can execute terraform plan and terraform apply
Correct Answer: C
C
Explanation:
This is a bad practice, as it exposes your credentials to anyone who can access your configuration files or state files. You should use environment variables, credential files, or other mechanisms to provide credentials to Terraform.
C
Explanation:
This is a bad practice, as it exposes your credentials to anyone who can access your configuration files or state files. You should use environment variables, credential files, or other mechanisms to provide credentials to Terraform.
Question #16
Your security team scanned some Terraform workspaces and found secrets stored in plaintext in state files.
How can you protect that data?
- A . Edit your state file to scrub out the sensitive data
- B . Always store your secrets in a secrets.tfvars file
- C . Delete the state file every time you run Terraform
- D . Store the state in an encrypted backend
Correct Answer: D
D
Explanation:
This is a secure way to protect sensitive data in the state file, as it will be encrypted at rest and in transit2. The other options are not recommended, as they could lead to data loss, errors, or security breaches.
D
Explanation:
This is a secure way to protect sensitive data in the state file, as it will be encrypted at rest and in transit2. The other options are not recommended, as they could lead to data loss, errors, or security breaches.
Question #17
Which of the following is not true of Terraform providers?
- A . An individual person can write a Terraform Provider
- B . A community of users can maintain a provider
- C . HashiCorp maintains some providers
- D . Cloud providers and infrastructure vendors can write, maintain, or collaborate on Terraform
- E . providers
- F . None of the above
Correct Answer: F
F
Explanation:
All of the statements are true of Terraform providers. Terraform providers are plugins that enable Terraform to interact with various APIs and services1. Anyone can write a Terraform provider, either as an individual or as part of a community2. HashiCorp maintains some providers, such as the AWS, Azure, and Google Cloud providers3. Cloud providers and infrastructure vendors can also write, maintain, or collaborate on Terraform providers, such as the VMware, Oracle, and Alibaba Cloud providers.
Reference =
• 1: Providers – Configuration Language | Terraform | HashiCorp Developer
• 2: Plugin Development – How Terraform Works With Plugins | Terraform | HashiCorp Developer
• 3: Terraform Registry
• : Terraform Registry
F
Explanation:
All of the statements are true of Terraform providers. Terraform providers are plugins that enable Terraform to interact with various APIs and services1. Anyone can write a Terraform provider, either as an individual or as part of a community2. HashiCorp maintains some providers, such as the AWS, Azure, and Google Cloud providers3. Cloud providers and infrastructure vendors can also write, maintain, or collaborate on Terraform providers, such as the VMware, Oracle, and Alibaba Cloud providers.
Reference =
• 1: Providers – Configuration Language | Terraform | HashiCorp Developer
• 2: Plugin Development – How Terraform Works With Plugins | Terraform | HashiCorp Developer
• 3: Terraform Registry
• : Terraform Registry
Question #18
You have used Terraform lo create an ephemeral development environment in the (loud and are now ready to destroy all the Infrastructure described by your Terraform configuration To be safe, you would like to first see all the infrastructure that Terraform will delete.
Which command should you use to show all of the resources that mil be deleted? Choose two correct answers.
- A . Run terraform state rm ‘
- B . Run terraform show :destroy
- C . Run terraform destroy and it will first output all the resource that will be deleted before prompting for approval
- D . Run terraform plan.destory
Correct Answer: C,D
C,D
Explanation:
To see all the resources that Terraform will delete, you can use either of these two commands:
terraform destroy will show the plan of destruction and ask for your confirmation before proceeding.
You can cancel the command if you do not want to destroy the resources.
terraform plan -destroy will show the plan of destruction without asking for confirmation. You can use this command to review the changes before running terraform destroy.
Reference =: Destroy Infrastructure: Plan Command: Options
C,D
Explanation:
To see all the resources that Terraform will delete, you can use either of these two commands:
terraform destroy will show the plan of destruction and ask for your confirmation before proceeding.
You can cancel the command if you do not want to destroy the resources.
terraform plan -destroy will show the plan of destruction without asking for confirmation. You can use this command to review the changes before running terraform destroy.
Reference =: Destroy Infrastructure: Plan Command: Options
Question #19
A provider configuration block is required in every Terraform configuration.
Example:
- A . True
- B . False
Correct Answer: B
B
Explanation:
A provider configuration block is not required in every Terraform configuration. A provider configuration block can be omitted if its contents would otherwise be empty. Terraform assumes an empty default configuration for any provider that is not explicitly configured. However, some providers may require some configuration arguments (such as endpoint URLs or cloud regions) before they can be used. A provider’s documentation should list which configuration arguments it expects. For providers distributed on the Terraform Registry, versioned documentation is available on each provider’s page, via the “Documentation” link in the provider’s header1.
Reference = [Provider Configuration]1
B
Explanation:
A provider configuration block is not required in every Terraform configuration. A provider configuration block can be omitted if its contents would otherwise be empty. Terraform assumes an empty default configuration for any provider that is not explicitly configured. However, some providers may require some configuration arguments (such as endpoint URLs or cloud regions) before they can be used. A provider’s documentation should list which configuration arguments it expects. For providers distributed on the Terraform Registry, versioned documentation is available on each provider’s page, via the “Documentation” link in the provider’s header1.
Reference = [Provider Configuration]1
Question #20
You’ve used Terraform to deploy a virtual machine and a database. You want to replace this virtual machine instance with an identical one without affecting the database.
What is the best way to achieve this using Terraform?
- A . Use the terraform state rm command to remove the VM from state file
- B . Use the terraform taint command targeting the VMs then run terraform plan and terraform apply
- C . Use the terraform apply command targeting the VM resources only
- D . Delete the Terraform VM resources from your Terraform code then run terraform plan and terraform apply
Correct Answer: B
B
Explanation:
The terraform taint command marks a resource as tainted, which means it will be destroyed and recreated on the next apply. This way, you can replace the VM instance without affecting the database or other resources.
Reference = [Terraform Taint]
B
Explanation:
The terraform taint command marks a resource as tainted, which means it will be destroyed and recreated on the next apply. This way, you can replace the VM instance without affecting the database or other resources.
Reference = [Terraform Taint]