Terraform Certified Associate

=============================

Q-1
A backend in terraform determines how state is loaded & where the updates are
stored when _____ is executed

destroy
taint
refresh
apply
all of the above [X]
none

Q-2.
To which of the following does "terraform apply" makes changes after approval?
Choose two

cloud infrastructure [X]

terraform code
state file [X]
the execution plan

Q-3.
What information is automatically exposed for modules published to the public
terraform module registry?

optional inputs variables and default values

required input variables
outputs
all of above
none [X]

Q-4.
Which are examples of infrastructure as code? Choose two

versioned configuration files [X]

docker files [X]
change management database records
cloned virtual machines

Q-5.
Which argument is required when declaring a terraform variable

description
default
type
all of above
none [X]

Q-6.
Consider a resource block
resource "google_compute_instance" "main" {
name = "test"
}
What is the name assigned by terraform to reference this record?

main [X]
test
compute_instance
google
Q-7.
You want to know which paths terraform is loading providers referenced in your
terraform configuration (.tf) files. You need to enable debug messages to find
this out. Which of the following would achieve this?

set environment variable TF_VAR_log=TRACE

set environment variable TF_LOG_PATH
set environment variable TF_LOG=TRACE [X]
set verbose logging for each provider in your terraform configuration

Q-8.
You have come across a rare situation where you need to force a dependency
manually.
What resource meta-parameter you can specify to ensure that an explicit
dependency exists?

depends_on

Q-9.
What is terraform refresh used to detect?

terraform configuration code changes

empty state files
state file drift [X]
corrupt state files

Q-10.
What command should you run to display all workspaces for current configuration?

terraform workspace show

terraform workspace list [X]
terraform workspace
terraform show workspace

Q-11.
"terraform validate" validates the syntax of terraform files.

true [X]
false

Q-12.
While deploying virtual machine, the first launch "user_data" scripts fails due
to race condition with another resource deployed during same terraform run. What
is the least disruptive method to correct the issue?

restart virtual machine from the cloud portal

run "terraform apply" again
run "terraform destroy" then "terraform apply"
run "terraform taint" against the virtual machine & run "terraform apply"
[X]

Q-13.
You have a simple terraform configuration containing one virtual machine in
cloud provider. You run "terraform apply" and the VM is created successfully.

What will happen if you delete the VM using cloud console, and run "terraform
apply" again without changing terraform code?

terraform will not make any changes

terraform will recreate VM [X]
terraform will remove VM from state file
terraform will create another duplicate VM
Q-14.
Module variable assignments are inherited from the parent module and do not need
to be explicitly set

true
false [X]

Q-15.
What is the name of the default file where terraform stores the state?

terraform.tfstate

Q-16.
Which of the following is NOT a key principle of IaC?

self describing infrastructure

golden images [X]
idempotence
versioned infrastructure

Q-17.
You have deployed a new webapp with a public IP address on cloud. However, you
did not create any outputs for your code. What is the best method to quickly
find the IP address of the resource you deployed?

update code to include an output for the public IP address and run "terraform
output"
run "terraform state list" to find the name of resource and then run "terraform
state show" to find the attributes including public IP address [X]
in a new folder, use the "terraform_remote_state" data source to load in the
state file and then write an output for each resource thta you find the
state file
run "terraform destroy" and then "terraform apply" and look for the IP
address

Q-18.
Which of the following statements about terraform modules is NOT true?

modules can be called multiple times

module is a container for one or more resources [X]
modules can call other modules
modules must be publicily accessible and open source

Q-19.
"terraform init" initialize a sample "main.tf" file in current directory

true
false [X]

Q-20.
Your security team ran a scan against some terraform workspaces and found
secrets, keys and password stored in plain text in state files. How can you
prevent exposure of sensitive data stored in terraform state files?

edit your state file to scrub out the sensitive data

store the state in a encrypted backend [X]
delete the state file every time you run terraform
always run terraform with -secure flag
Q-21.
Third party plugins are automatically downloaded when you do "terraform init"

true
false [X]

Q-22.
You have just developed a new terraform configuration for two VM. You would like
to create the infrastructure for the first time. Which command should you
run first?

terraform apply
terraform start
terraform plan
terraform init [X]

Q-23.
What does running "terraform plan" do?

compares state file to your terraform code and determines if changes needed
compares your terraform code & local state file to the remote state file in
cloud provider & determines if any changes are needed
compares your terraform code to the cloud provider and determine if changes
need to be made
compares your state file to the cloud provider and determines if any changes
need to be made [X]

Q-24.
You are building a CI/CD pipeline and need to inject sensitive variables into
your terraform run. How to do it safely?

store sensitive variables as plain text in a source code repository

copy the sensitive variables into your terraform code
store the sensitive variables in "secure_vars.tf" file
pass variables to terraform with -var flag [X]

Q-25.
Terraform variable names are saved in state file

true
false [X]

Q-26.
A unique remote backend configuration is required for every workspace managed
through a remote backend

true [X]
false

Q-27.
Which of the following is available only in terraform enterprise or cloud
workspaces and not in terraform CLI?

secure variable storage [X]

using the workspace as data source
dry runs with "terraform apply"
support for multiple cloud providers
Q-28.
Terraform provisioners that requires authentication can use ____ block

secrets
credentials
ssh
connection [X]

Q-29.
Which of the following is the correct way to pass the value in the variable
num_servers into a module with the input servers?

servers = num_servers
servers = variable.num_servers
servers = var(num_servers)
servers = var.num_servers [X]

Q-30.
If a module declares a variable with a default, that variable must still be set
in the module declaration

true [X]
false

Q-31.
Terraform requires the Go runtime as a prerequisite for installation

true
false [X]

Q-32.
If you manually destroy infrastructure, when will the change be reflected in
terraform?

as soon as you manually update the state file

immediately
the next time terraform refresh is trigerred [X]
none of above

Q-33.
Terraform and Terraform providers must use the same major version number in
single configuration

true
false [X]

Q-34.
Which is not the benefit of remote state?

remote operations
easily share reuseable code modules [X]
working in a team
keeping unencrypted sensitive information off disk

Q-35.
Consider a ficticious resource block that has a single required argument "name"
resource "kubernetes_namespace" "example" {
name = "test"
}
What is the HCL syntax to reference the attribute "name" in the resource?

kubernetes_namespace.test.name
data.kubernetes_namespace.name
resource.kubernetes_namespace.example.name
kubernetes_namespace.example.name [X]
none of above

Q-36.
You never used terraform before. The shared team account already contains 15
virtual machines. You develop a terraform configuration for one VM, perform
"terraform apply" and see it was success. What should you do to delete the
newly-created VM with terraform?

terraform state file contains all 16 VM. Execute terraform destroy and select
newly created VM
delete the VM using cloud console and "terraform apply" to apply changes to
state file
terraform state file only contains the one new VM. Execute "terraform destroy"
[X]
delete the state file and execute "terraform apply"

Q-37.
HashiCorp Configuration Language supports user defined functions

true
false [X]

Q-38.
Where can a terraform provider not be loaded from?

plugin directory
provider plugin cache [X]
official HashiCorp distribution on release.hashicorp.com
source code

Q-39.
"terraform apply" will fail if you don't run "terraform plan" first

true
false [X]

Q-40.
Which is the downside of using dynamic blocks in terraform configuration?

causes terraform to run more slowly

cannot be used to loop through a list of values
makes code harder for others to read & understand [X]
requires the dynamic provider engine

Q-41.
Your risk management organization has mandated that any AWS S3 bucket must be
private and encrypted at rest. All cloud provisioning happens with Terraform
Enterprise. Whats the best way to enforce this security control automatically?

write a terraform policy

use vulnerability scanning tool to inspect all cloud storage buckets
create a S3 module with proper settings for bucket
write a sentinel policy [X]

Q-42.
Where does terraform local backend store its state?

in the "terraform.tfstate" file [X]

in the user's .terrraformrc file
in the /tmp/ directory
in the terraform.tfvars file
Q-43.
In terraform HCL an object type of "object({ name=string, age=number }) would
match
a value like the following:

{ name = John
age = "52"}

{ name = John
age = fifly two }

{ name = "John" [X]

age = 52 }

{ name = "John"
age = fifty two }

Q-44.
You have multiple team members collaborating on IaC using terraform, and want to
apply formatting standards for readibility. How can you format HCL code
according to standard terraform style convention?

run the "terraform fmt" command during the code linting phase of CI/CD [X]
designate one person in each team to review code
manually apply two spaces indentation and align equal sign "=" characters in
.tf file
write a shell script to transform files using python, awk

Q-45.
As a member of operations team, you need to run a script on virtual machine
created by terraform. which provisioner is best to use in your terraform code?

null-exec
local-exec
file
remote-exec [X]

Q-46.
Which of these options is the most secure place to store secrets for connecting
to a terraform backend?

defined in a connection configuration outside terraform

inside the backend block within the terraform configuration
defined as terraform variables with default values
none of above [X]

Q-47.
How is "terraform import" run?

as a part of "terraform refresh"

by an explicit call [X]
as a part of "terraform init"
as a part of "terraform plan"
all of above

Q-48.
Both terraform cloud and terraform enterprise support policy as code (sentinel)

true [X]
false
Q-49.
Only the user that generated the plan may apply it.

true
false [X]

Q-50.
When using a module block to reference a module stored on github like
git::https://example.com/vpc.git , how do you specify version 1.0.0

append "?ref=v1.0.0" argument to the source path

modules stored on github do not support versioning
nothing - modules on github always default to version 1.0.0
add "version = 1.0.0" parameter to module block [X]

Q-51.
Consider the terraform 0.12 code
resource "aws_instance" "web" {
for_each = {
"terraform": "value1",
"resource": "value2",
"indexing": "value3",
"example": "value4",

}
}

Which of the following refers to the indexing instance in the config?

aws_instance-web["indexing"]
aws_instance.web["indexing"] [X]
aws_instance["web"]["indexing"]
aws_instance.web{"example"}

Q-52.
You want to create some new infrastructure on cloud using terraform from
scratch. How can you iteratively develop terraform code for your infrastructure?

terraform plan to import the current infra to state file, make code changes and
apply “terraform apply" to update the infra
create infrastructure in cloud UI. run "terraform init" to generate terraform
code from the infrastructure created. use "terraform apply" to update
write terraform code, "terraform plan" tp load the code in state file. run
"terraform apply"
to create infrastructure write terraform code, "terraform plan" to view,
"terraform apply" to create [X]

Q-53.
You need to deploy resources into two different cloud regions in the same
terraform configuration. To do that, you declare multiple providers as follows:
provider "aws" {
region = "us-east-1"
}

provider "aws" {
alias = "west"
region = "us-west-2"

}
Which meta-argument do you need to configure to deploy resource in "us-west-2"
region?

alias = west
provider = west
provider = aws.west [X]
alias = aws.west

Q-54.
What benefits do terraform providers provide? Choose 3

provision resources for public cloud infra services [X]

simply API interactions
provision resources for on-premise infrastructure [X]
enforce security and compliance policies
group a collection of terraform configuratoin files that map to a single
state file [X]

Q-55.
You have been working on cloud account shared with team. You previously used
terraform to create a load balancer that listen on port 80. After some
application changes, you updated the terraform code to change to port 443.
You run "terraform plan" and see the plan shows changing port from 80 to 443
like you wanted. In meanwhile some team member manually changed the port to 443
using cloud console What will happen when you run "terraform apply"?

terraform will change port back to 80 in your code

terraform will change the load balancer port to 80 and then again change to
443
terraform will fail as state file is no longer accurate
terraform will not make any changes [X]

=====