Practice Free Terraform Associate 004 Exam Online Questions
Question #41
Your root module contains a variable namednum_servers.
Which is the correct way to pass its value to a child module with an input namedservers?
- A . servers = num_servers
- B . servers = var(num_servers)
- C . servers = var.num_servers
- D . servers = ${var.num_servers}
Correct Answer: C
C
Explanation:
The correct syntax to pass a variable from the root module to a child module isservers = var.num_servers. Terraform uses dot notation to reference variables.
Reference: Terraform Variables
C
Explanation:
The correct syntax to pass a variable from the root module to a child module isservers = var.num_servers. Terraform uses dot notation to reference variables.
Reference: Terraform Variables
Question #42
What functionality do providers offer in Terraform? (Pick 3 correct responses)
- A . Interact with cloud provider APIs.
- B . Provision resources for on-premises infrastructure services.
- C . Group a collection of Terraform configuration files that map to a single state file.
- D . Provision resources for public cloud infrastructure services.
- E . Enforce security and compliance policies.
Correct Answer: A,B,D
A,B,D
Explanation:
A ( ✅ Correct)C Providers allow Terraform to interact with APIsof cloud/on-premises services.
B ( ✅ Correct)C Some Terraform providers can provision on-premises infrastructure, such as VMware, OpenStack, etc.
C ( ❌ Incorrect)C This describes Terraform Workspaces, not providers.
D ( ✅ Correct)C Terraform providers allow provisioning of public cloud resources(AWS, Azure, GCP, etc.).
E ( ❌ Incorrect)C Enforcing security and compliance policies is not a direct provider function, but it can be done using Sentinel or other policy-as-code tools.
Official Terraform Documentation
Reference: Terraform Providers
A,B,D
Explanation:
A ( ✅ Correct)C Providers allow Terraform to interact with APIsof cloud/on-premises services.
B ( ✅ Correct)C Some Terraform providers can provision on-premises infrastructure, such as VMware, OpenStack, etc.
C ( ❌ Incorrect)C This describes Terraform Workspaces, not providers.
D ( ✅ Correct)C Terraform providers allow provisioning of public cloud resources(AWS, Azure, GCP, etc.).
E ( ❌ Incorrect)C Enforcing security and compliance policies is not a direct provider function, but it can be done using Sentinel or other policy-as-code tools.
Official Terraform Documentation
Reference: Terraform Providers
Question #43
You can develop a custom provider to manage its resources using Terraform.
- A . True
- B . False
Correct Answer: A
A
Explanation:
You can develop a custom provider to manage its resources using Terraform, as Terraform is an extensible tool that allows you to write your own plugins in Go language. You can also publish your custom provider to the Terraform Registry or use it privately.
A
Explanation:
You can develop a custom provider to manage its resources using Terraform, as Terraform is an extensible tool that allows you to write your own plugins in Go language. You can also publish your custom provider to the Terraform Registry or use it privately.
Question #44
Terraform variables and outputs that set the description argument will store that description in the state file.
- A . True
- B . False
Correct Answer: B
B
Explanation:
The description argument for Terraform variables and outputs is purely for documentation purposes and isnotstored in the Terraform state file.
Terraform variables and outputs can have descriptions for readability and clarity in .tf files.
However, these descriptions are not retained in the Terraform state file.
The state file only stores actual values and references needed for resource management, not metadata such as descriptions.
Official Terraform Documentation
Reference: Terraform Variables – HashiCorp Documentation
Terraform Outputs – HashiCorp Documentation
B
Explanation:
The description argument for Terraform variables and outputs is purely for documentation purposes and isnotstored in the Terraform state file.
Terraform variables and outputs can have descriptions for readability and clarity in .tf files.
However, these descriptions are not retained in the Terraform state file.
The state file only stores actual values and references needed for resource management, not metadata such as descriptions.
Official Terraform Documentation
Reference: Terraform Variables – HashiCorp Documentation
Terraform Outputs – HashiCorp Documentation
Question #45
You are tasked with making a change to an infrastructure stack running in a public cloud using HCP Terraform/Terraform Cloud.
Which pattern follows IaC best practices?
- A . Make the change via the public cloud API endpoint.
- B . Submit a pull request and wait for an approved merge of the proposed changes.
- C . Clone the repository containing your infrastructure code and then run the code.
- D . Use the public cloud console to make the change after approval.
- E . Make the change programmatically via the cloud CLI.
Correct Answer: B
B
Explanation:
Rationale for Correct Answer (B):
IaC best practice is to manage infrastructure through version-controlled code. Changes should be reviewed and approved (via PRs), ensuring collaboration, traceability, and automation.
Analysis of Incorrect Options:
A, D, E: Making direct/manual changes bypasses IaC practices and causes drift.
C: Running code without PR review skips collaboration and approval. Key Concept:
Infrastructure as Code emphasizes version control + peer review + automation.
Reference: Terraform Exam Objective C Understand Infrastructure as Code (IaC) Concepts.
B
Explanation:
Rationale for Correct Answer (B):
IaC best practice is to manage infrastructure through version-controlled code. Changes should be reviewed and approved (via PRs), ensuring collaboration, traceability, and automation.
Analysis of Incorrect Options:
A, D, E: Making direct/manual changes bypasses IaC practices and causes drift.
C: Running code without PR review skips collaboration and approval. Key Concept:
Infrastructure as Code emphasizes version control + peer review + automation.
Reference: Terraform Exam Objective C Understand Infrastructure as Code (IaC) Concepts.
Question #46
What does Terraform not reference when running a terraform apply -refresh-only ?
- A . State file
- B . Credentials
- C . Cloud provider
- D . Terraform resource definitions in configuration files
Correct Answer: D
D
Explanation:
When running a terraform apply -refresh-only, Terraform does not reference the configuration files, but only the state file, credentials, and cloud provider. The purpose of this command is to update the state file with the current status of the real resources, without making any changes to them1.
D
Explanation:
When running a terraform apply -refresh-only, Terraform does not reference the configuration files, but only the state file, credentials, and cloud provider. The purpose of this command is to update the state file with the current status of the real resources, without making any changes to them1.
Question #47
How can a ticket-based system slow down infrastructure provisioning and limit the ability to scale? Choose two correct answers.
- A . End-users have to request infrastructure changes
- B . Ticket based systems generate a full audit trail of the request and fulfillment process
- C . Users can access catalog of approved resources from drop down list in a request form
- D . The more resources your organization needs, the more tickets your infrastructure team has to process
Correct Answer: A
A
Explanation:
These are some of the ways that a ticket-based system can slow down infrastructure provisioning and limit the ability to scale, as they introduce delays, bottlenecks, and manual interventions in the process of creating and modifying infrastructure.
A
Explanation:
These are some of the ways that a ticket-based system can slow down infrastructure provisioning and limit the ability to scale, as they introduce delays, bottlenecks, and manual interventions in the process of creating and modifying infrastructure.
Question #48
Only the user that generated a terraform plan may apply it.
- A . True
- B . False
Correct Answer: B
B
Explanation:
Rationale for Correct Answer (False):
Any user with access to the saved plan file (terraform plan -out=planfile) can run terraform apply planfile. Terraform does not enforce user-specific restrictions.
Analysis of Incorrect Option:
True: Incorrect ― Terraform doesn’t tie plan files to individual users.
Key Concept:
Plan files ensure predictability but are not bound to the identity of the user.
Reference: Terraform Exam Objective C Understand Terraform Basics and CLI.
B
Explanation:
Rationale for Correct Answer (False):
Any user with access to the saved plan file (terraform plan -out=planfile) can run terraform apply planfile. Terraform does not enforce user-specific restrictions.
Analysis of Incorrect Option:
True: Incorrect ― Terraform doesn’t tie plan files to individual users.
Key Concept:
Plan files ensure predictability but are not bound to the identity of the user.
Reference: Terraform Exam Objective C Understand Terraform Basics and CLI.
Question #49
When does Sentinel enforce policy logic during a Terraform Cloud run?
- A . Before the plan phase
- B . During the plan phase
- C . Before the apply phase
- D . After the apply phase
Correct Answer: C
C
Explanation:
Sentinel policies are checked after the plan stage of a Terraform run, but before it can be confirmed
or the terraform apply is executed3. This allows you to enforce rules on your infrastructure before it is created or modified.
C
Explanation:
Sentinel policies are checked after the plan stage of a Terraform run, but before it can be confirmed
or the terraform apply is executed3. This allows you to enforce rules on your infrastructure before it is created or modified.
Question #50
A developer accidentally launched a VM (virtual machine) outside of the Terraform workflow and ended up with two servers with the same name. They don’t know which VM Terraform manages but do have a list of all active VM IDs.
Which of the following methods could you use to discover which instance Terraform manages?
- A . Run terraform state list to find the names of all VMs, then run terraform state show for each of them to find which VM ID Terraform manages
- B . Update the code to include outputs for the ID of all VMs, then run terraform plan to view the outputs
- C . Run terraform taint/code on all the VMs to recreate them
- D . Use terraform refresh/code to find out which IDs are already part of state
Correct Answer: A
A
Explanation:
The terraform state list command lists all resources that are managed by Terraform in the current state file1. The terraform state show command shows the attributes of a single resource in the state file2. By using these two commands, you can compare the VM IDs in your list with the ones in the state file and identify which one is managed by Terraform.
A
Explanation:
The terraform state list command lists all resources that are managed by Terraform in the current state file1. The terraform state show command shows the attributes of a single resource in the state file2. By using these two commands, you can compare the VM IDs in your list with the ones in the state file and identify which one is managed by Terraform.