Skillmix -

Terraform Associate Certification - Question Guide

✅
1.​ Can you refer to a local value as a Terraform output?
a.​ True
b.​ False

2.​ Does terraform.tfstate file always match your currently built infrastructure?

✅
a.​ True
b.​ False

3.​ In Terraform, which of the below is not a valid function?

a.​ base64encode
b.​ filebase64

✅
c.​ bcrpyt
d.​ encrypt

4.​ How can you refer to the third server according to the code snippet?

a.​ ✅
aws_instance.application[2]
b.​ aws_instance.application
c.​ aws_instance.application[3].name
d.​ aws_instance.application[3]

5.​ What is Terraform Sentinel?

a.​ It is a resource type
b.​ It is a command to inspect Terraform configuration scripts

✅
c.​ It is a provider available in Terraform public registry
d.​ It is a framework provided by HashiCorp to write policies
6.​ Your team lead wants you to debug the Terraform configuration script before applying. How can you
enable debugging in Terraform?
a.​ export TF_LOG

✅
b.​ export TF_TRACE
c.​ export TF_LOG=TRACE
d.​ terraform apply –debug

7.​ Is this statement true or false?

A list can have several values of the same type, whereas an object can have many values of different

✅
types.
a.​ True
b.​ False

8.​ How is the below output value saved inside the terraform.tfstate file?

a.​ ✅
In plain text
b.​ Base64 encoded
c.​ It does not get saved in the tfstate file since sensitive is set to true
d.​ None of the above

9.​ Alice wants to deploy her new infrastructure in two regions to support high availability. How can she
achieve this?
a.​ She needs to create two configuration scripts to achieve this

✅
b.​ Terraform does not allow multiple region deployments
c.​ Use two provider blocks with an alias
d.​ Use two provider blocks with the same name, and inside modules/resources, specify the
region name

10.​What does this command do? Choose TWO correct answers.

a.​ Provides an overview of all the provider requirements across all referenced modules ✅
b.​ Sets up all the local data necessary to run Terraform that is typically not committed to
version control
c.​ Install providers and plugins from the internet
 ✅
d.​ Prints out a tree of modules in the referenced configuration annotated with their provider
requirements

11.​Fill in the blanks.

Terraform tracks metadata such as resource dependencies in ___ state_________ file.

12.​What are the best practices for keeping secrets or sensitive values out of configuration files? Select

✅
TWO.
a.​ Use secrets
b.​ Use -var flag in Terraform CLI

✅
c.​ Use the sensitive attribute in the variable definition
d.​ Use environment variables

13.​Terraform provisioners are used to model specific actions on the local machine or a remote machine.
Select the INCORRECT statement.
a.​ The remote-exec provisioners require configuration to connect to the remote system using
SSH or WinRM

✅
b.​ All provisioners support the when and on_failure meta-arguments
c.​ You cannot have provisioners that are not directly associated with a specific resource
d.​ Most provisioners expect a nested connection block with details about how to connect

14.​Fill in the blanks.

Terraform’s default backend is ____ local_____.

15.​What is the correct syntax of a private registry module?

✅
a.​ <HOSTNAME>/<NAME>/<PROVIDER>
b.​ <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>
c.​ <NAMESPACE>/<PROVIDER>/<NAME>
d.​ <HOSTNAME>/<NAMESPACE>/<PROVIDER>/<NAME>

16.​Your teammate is new to Terraform, and he asks, “What is terraform refresh?”. What is the best way
to explain this?
a.​ It is a command that updates the state file of the infrastructure with metadata that matches
the physical resources they are tracking

✅
b.​ It will not modify the infrastructure, but it can modify the state file to update metadata
c.​ All of the above
d.​ None of the above

17.​Infrastructure as Code is a method to write and execute code to define, deploy, update, and destroy
infrastructure. Select ALL that apply.
 ✅
a.​ Users can easily scale up and down infrastructure based on Terraform configuration

✅
scripts

✅
b.​ IaC is idempotent
c.​ IaC provides reusability of the code
d.​ It has a built-in feature to check version control

✅
18.​Is Terraform cloud-agnostic?
a.​ True
b.​ False

19.​Suppose you delete one or more resources from a Terraform configuration file. What criteria does
Terraform consider when deciding which resources to destroy and in what order?
a.​ Terraform no longer manage these resources. We need to delete these resources from the
respective cloud management console manually
b.​ Since the configuration is no configuration available, Terraform cannot delete these
resources
c.​ Terraform automatically destroys the resources immediately when you delete them from the
configuration script
d.​ Terraform keeps track of metadata like resource dependencies and saves it to a state file.
When you delete a resource from a Terraform configuration, it can detect the existence of a

✅
mapping for a resource that is not in your configuration and schedule the destruction
accordingly

20.​Which of the following is not a fundamental principle of infrastructure as code?

✅
a.​ Versioned infrastructure
b.​ Golden images
c.​ Idempotence
d.​ Self-describing infrastructure

21.​Without relying on any external configuration store, the Remote state allows teams to share

✅
infrastructure resources in a read-only mode.
a.​ True
b.​ False

22.​Daniel is an SRE engineer at ABC company. The SRE team is planning to use Terraform to manage its
infrastructure. He creates three workspaces for Dev, QA, and Prod environments, and he names the
workspaces dev, qa, and prod, respectively. Select all statements that apply to the context. Choose

✅
THREE correct answers.
a.​ Each workspace has a separate state associated with it
b.​ Daniel has three workspaces named dev, qa, and prod
c.​ State from each workspace will point to the same resources
d.​ Each workspace will refer to one state file
 e.​ Daniel has four workspaces named dev, qa, prod, and default ✅
✅
f.​ Daniel can delete the dev and qa workspaces, but he cannot delete the default
workspace

23.​Fill in the blanks.

The TF_LOG environment variable enables detailed Terraform logs to appear on __ stderr_____.
24.​Terraform state contains a custom JSON format that records a mapping from the Terraform resources
in your configuration files to the representation of those resources in the real world. Select the
INCORRECT statement.
a.​ Terraform state tracks metadata such as resource dependencies, a pointer to the provider
configuration that was most recently used with the resource in situations where multiple
aliased providers are present
b.​ Terraform stores a cache of the attribute values for all resources in the state.

✅
c.​ Terraform stores the state in a file in the current working directory where Terraform was run
d.​ By default, Terraform uses the "s3" backend, which stores the state file on your local disk

25.​Which of the following terraform blocks will produce an error while executing?

a.​

b.​
 c.​ ✅✅✅

d.​

26.​What are the meta-arguments defined by Terraform itself and available for all provider blocks?
Select ALL that apply.

✅
a.​ region

✅
b.​ alias
c.​ version
d.​ source

✅
27.​What command do you need to run to initialize terraform providers?
a.​ terraform init
b.​ terraform providers
c.​ terraform fmt
d.​ terraform apply

28.​What does this command do?

✅
a.​ Destroys any configuration that has registry.terraform.io/ and /null in it
b.​ Replace a legacy provider with a properly namespaced provider
c.​ Initialize two new providers called registry.terraform.io/-/null and
registry.terraform.io/hashicorp/null
d.​ Replace a properly namespaced provider with a legacy provider

29.​What is the location of the user plugins directory?

 a.​ Windows​ %APPDATA%\terraform.d\plugins

✅
All other systems​ ~/.terraform/plugins
b.​ Windows​ %APPDATA%\terraform.d\plugins
All other systems​ ~/.terraform.d/plugins
c.​ Windows​ %APPDATA%\terraform\plugins
All other systems​ ~/.terraform.d/plugins
d.​ Windows​ %APPDATA%\terraform\plugins
All other systems​ ~/.terraform/plugins

30.​To publish a module available on the Terraform public registry, the following requirements must be

✅
met by a module. Choose THREE correct statements.
a.​ The module must be on GitHub and must be a public repo with x.y.z tags for releases

✅
b.​ The module must be on GitHub and must be a private repo with x.y.z tags for releases
c.​ The module must adhere to the standard module structure
d.​ <NAME> segment cannot contain any additional hyphens

✅
e.​ Module repositories must use this three-part name format:
terraform-<PROVIDER>-<NAME>
f.​ Module repositories must use this three-part name format: module-<PROVIDER>-<NAME>

31.​You have built a new workspace named PROD in the directory /home/terraform_scripts/application/
and initialized Terraform using the local backend by running the terraform init command. Where
does Terraform write its state data if you run terraform apply?

✅
a.​ /home/terraform_scripts/application/terraform.tfstate.d/terraform.tfstate
b.​ /home/terraform_scripts/application/terraform.tfstate.d/PROD/terraform.tfstate
c.​ /home/terraform_scripts/application/terraform.tfstate
d.​ /home/terraform_scripts/application/PROD/terraform.tfstate

32.​Is this statement true or false?

Terraform automatically self-cleans the plugin-cache directory.

✅
a.​ True
b.​ False

33.​What is the Terraform command to rewrite all Terraform configuration files into a canonical format.
a.​ terraform format
b.​ terraform fmt -write=true

✅
c.​ terraform validate -format
d.​ terraform fmt

34.​Examine the following Terraform configuration.

 In the AWS instance resource, what should you provide for the image_id argument?

✅
a.​ aws_ami.ubuntu
b.​ data.aws_ami.ubuntu.id
c.​ aws_ami.ubuntu.id
d.​ data.aws_ami.ubuntu

35.​You developed a module configuration and pushed it to your git repository. You realize that you did
all the changes in a branch called develop. The develop branch is currently accessible to some of
your colleagues, and they have made some changes to your module. You want to test the new

✅✅
module before merging it with the master branch. How can you achieve this?
a.​ Change the module source as sh

own below and

run the configuration

b.​ Change the module source as shown below and run the configuration

c.​ Change the module source as shown below and run the configuration
 d.​ Change the module source as shown below and run the configuration

36.​How do you inspect the current state of the infrastructure applied?

a.​ terraform state

✅
b.​ terraform plan
c.​ terraform show
d.​ terraform list

37.​Which of the following terraform remote-exec configuration blocks will produce an error while
executing?

a.​

b.​

c.​ ✅✅✅
 d.​

✅
38.​What flag should you use to observe the differences while formatting the configuration files?
a.​ terraform fmt -diff
b.​ terraform diff
c.​ terraform fmt
d.​ terraform show -diff

39.​Where should you look for logs if Terraform crashes?

✅
a.​ /var/log/syslog
b.​ <current-tf-dir>/crash.log
c.​ <current-tf-dir>/terraform.tfstate
d.​ /var/log/terraform/terraform.log

40.​Which option is preferred in Terraform configuration files to keep secrets? Select TWO correct

✅
answers.
a.​ Environment variables
b.​ -var flags

✅
c.​ Secure strings
d.​ Remote backend

41.​Is this statement true or false?

✅
A simple configuration consisting of a single directory with one or more .tf files is known as a module.
a.​ True
b.​ False

✅
42.​Select THREE correct statements out of the below about Terraform language.
a.​ Terraform is a declarative language
b.​ The ordering of blocks and the files they are organized into are significant in a Terraform
configuration
c.​ Arguments assign a value to a name. They appear outside blocks

✅
d.​ Terraform always consider explicit relationships between resources
e.​ A Terraform configuration can consist of multiple files and directories

✅
f.​ The primary purpose of the Terraform language is to declare resources, which represent
infrastructure objects

43.​Which of the following is not an optional meta-arguments when calling a Terraform module?
 a.​ version

✅
b.​ provider
c.​ source
d.​ All of the above

44.​What is the command to preview the behavior of the terraform destroy command?
a.​ terraform destroy -auto-approve
b.​ terraform apply

✅
c.​ terraform show
d.​ terraform plan -destroy

45.​Terraform can run on both Windows and Linux, although it requires a Windows operating system

✅
version.
a.​ True
b.​ False

46.​What is the best way to reflect the change in Terraform if you manually delete infrastructure?

✅
a.​ Run terraform import
b.​ Run terraform refresh
c.​ It will happen automatically
d.​ Update the state file manually

47.​Refer to the example Terraform configuration given below and select the appropriate answer. If you
run terraform apply three times, how many IP records will you see in the ip_address.txt file?

a.​ 0

✅
b.​ 3
c.​ 1
d.​ None of the above
48.​You are working on a module that generates VPCs, subnets, security groups, route tables, and NAT
gateways. Each of these resources contains a set of common tags. As a result, rather than repeating
the same tags in the setup, what strategy should you employ to make the configuration more

✅
readable and easily updatable in the future?
a.​ Local values
b.​ Dynamic blocks
c.​ Input variables
d.​ Data sources
e.​ Functions

49.​How to add a provider to Terraform v0.12 configuration?

a.​ Explicitly via a provider block
b.​ By adding a resource from that provider and Terraform will automatically download the

✅
provider when running terraform init
c.​ Both of these
d.​ None of these

✅
50.​Which of the following is the primitive type constraint in Terraform? Choose TWO correct answers.
a.​ String
b.​ Integer
c.​ List

✅
d.​ Set
e.​ Number

✅
51.​Connection blocks do not take a block label and can be nested within a resource or a provisioner.
a.​ True
b.​ False

52.​You run a local-exec provisioner in a null resource called null_resource.script and realize that you
need to rerun the script.
a.​ terraform validate null_resource.script
b.​ terraform m plan -target=null_resource.script

✅
c.​ terraform apply -target=null_resource.script
d.​ terraform taint null_resource.script

53.​Where in your Terraform configuration do you specify a state backend?

✅
a.​ Provider block
b.​ Terraform block
c.​ Resource block
d.​ Data source block

54.​Refer to the configuration block given below and answer the following questions.
 - How many users will it create?
- What are the names of the users created by this configuration?

a.​ 4, user_0, user_1, user_2, user_3

b.​ 4, user_1, user_2, user_3, user_4

✅
c.​ 3, user_1, user_2, user_3
d.​ 3, user_0, user_1, user_2

55.​By default, terraform init command upgrades an already-installed module

✅
a.​ True
b.​ False

56.​During which phase does Terraform read from data sources?

a.​ terraform apply

✅
b.​ terraform init
c.​ terraform plan
d.​ terraform refresh

57.​The ____________ command is used to show the attributes of a single resource in the Terraform

✅
state.
a.​ terraform state show
b.​ terraform state list
c.​ terraform show --verbose
d.​ terraform state view

58.​What will be the value of output selected_user?

a.​ Bob ✅
b.​ None of these
 c.​ Diane
d.​ Error: Index out of range

59.​What feature of Terraform allows convenient switching between multiple instances of a single
configuration within its backend?

✅
a.​ Providers
b.​ Named workspaces
c.​ Local backend
d.​ Sentinel

60.​Tony creates an EC2 instance using a Terraform configuration script. One of his senior engineer
colleagues sees that he created this instance using an unencrypted EBS volume and manually
encrypts it. What will happen when Tony runs terraform apply again?
a.​ It will revert manual changes
b.​ It will create another EC2 instance

✅
c.​ Terraform will update the state file and will not touch the EC2 instance
d.​ It will destroy and recreate the EC2 instance

61.​What is the terraform state command used for? Choose THREE correct answers.
a.​ Initialize the new changes

✅
b.​ Check backend utilization

✅
c.​ Modify and update the state

✅
d.​ Moves items in/out from the state file
e.​ Advance state management
f.​ Import manually created resources

62.​Select all accepted input from the options given below.

✅
a.​ “false”
b.​ Both of these
c.​ false
d.​ None of these

63.​The terraform import command cannot import resources into modules but can import directly into
the root of your state.

✅
a.​ True
b.​ False
64.​In which phase of a Terraform run Sentinel enforced user-defined policies against infrastructure?
a.​ During apply phase
b.​ During plan phase

✅
c.​ During initializing phase
d.​ Between the plan and apply phase

65.​Which command can be used to inspect a plan to ensure that the planned operations are expected?
a.​ terraform plan

✅
b.​ terraform inspect
c.​ terraform show
d.​ terraform state

66.​The Terraform language support user-defined functions and functions built into the language.

✅
a.​ True
b.​ False

67.​What information does the public Terraform Module Registry automatically expose about published
modules?
a.​ Required input variables
b.​ Output values
c.​ Optional input and output values

✅
d.​ Dependencies
e.​ All the above
f.​ None of the above

68.​What is the provider for this resource?

a.​ main
b.​ vpc

✅
c.​ test
d.​ aws

69.​Is this provisioner block correct?

 a.​ No. The provisioner's connection configuration needs to refer to that value via self, whereas

✅
referring directly to the module.aws_instance.instance_private_ip in that context is
forbidden
b.​ Yes. The provisioner will refer to the aws_instance module and retrieve the private IP and
initiate the connection
c.​ No. null_resource is not a valid block in Terraform
d.​ None of the above

70.​Fill in the blanks.

tainted_____.
If the creation-time provisioner fails, Terraform marks the resource as ____

71.​Which of the following can we use to make Terraform configuration dynamic and reusable?
a.​ Dynamic blocks

✅
b.​ Modules
c.​ Input variables
d.​ Functions

72.​What statement is incorrect about state locking? Select TWO.

✅
a.​ Terraform will lock your state for all operations that could write state

✅
b.​ State locking does not happen automatically on all operations that could write state
c.​ You will be notified with a message when it is happening
d.​ If state locking fails, Terraform will not continue
e.​ State-locking prevents others from acquiring the lock and potentially corrupting your state

✅
73.​A remote state allows your infrastructure to be decomposed into smaller components.
a.​ True
b.​ False

74.​Terraform automatically creates or updates the dependency lock file each time you run the terraform

✅
init command.
a.​ True
 b.​ False

75.​Peter needs to disable the colored output of the terraform plan command for automation in a CI
environment. However, other Terraform commands can have colored outputs. Is there a way to
change this default behavior without having to use the -no-color argument every time?
a.​ export TF_IN_AUTOMATION="-no-color"
b.​ export TF_IN_AUTOMATION=true

✅
c.​ export TF_CLI_ARGS="-no-color"
d.​ export TF_CLI_ARGS_plan="-no-color"

76.​Select all acceptable versions given in the options that meet the provided constraint. Choose TWO
correct answers.

✅
a.​ 0.8

✅
b.​ 0.7.6
c.​ 0.7.8
d.​ 1.0.0

77.​You clone a repository that contains terraform configuration scripts from GitHub. After downloading
the file, you run terraform init to initialize the project, but you end up with the error below. Select
TWO possible reasons why this happens.

a.​ The working directory has a lower Terraform version installed and cannot run 0.15 in it ✅
b.​ Run terraform -version to find the current version and change the required_version in
main.tf file
c.​ Run terraform init -upgrade to upgrade the Terraform core version to 0.15
d.​ Download the latest version from the terrform.io page and upgrade the TF core version to

✅
0.15 or higher
e.​ The working directory has a higher Terraform version installed and cannot run 0.15 in it

78.​Is this statement true or false?

Outputs are only rendered when Terraform applies your plan. Running terraform plan will not render

✅
outputs.
a.​ True
 b.​ False
79.​You have declared a variable called var.list, which is a list of objects with an attribute ID. Which

✅
options will produce a list of the IDs? (Choose TWO)
a.​ [ for o in var.list : o.id ]
b.​ [ var.list[*].id ]

✅
c.​ { for o in var.list : o => o.id }
d.​ var.list[*].id

✅
80.​The type of brackets around a for expression decide what type of result it produces.
a.​ True
b.​ False

81.​Which provisioner executes a process on a Terraform-created resource?

a.​ local-exec
b.​ file

✅
c.​ null-exec
d.​ remote-exec

82.​Setting the TF_LOG environment variable to DEBUG causes debug messages to be logged into Syslog.

✅
a.​ True
b.​ False

83.​Fill in the blanks.

The command used to initialize a module is _________ terraform init_________.

84.​Select THREE correct statements about the Terraform configuration file.
a.​ The location of the Terraform CLI configuration file can be specified using the
TF_CLI_CONFIG environment variable.

✅
b.​ It configures per-user settings for CLI behaviors, which apply across all Terraform working
directories.

✅
c.​ The location of the Terraform CLI configuration file can be specified using the
TF_CLI_CONFIG_FILE environment variable.

✅
d.​ It is named .terraformrconf or terraformrc.conf
e.​ It is named .terraformrc or terraform.rc
f.​ The configuration file does not use the same HCL syntax as .tf files

85.​You have defined a security group and an EC2 instance, as shown below.
 But when you run terraform plan, you encounter the error given below,

What would be the reason for this?

✅
a.​ You are trying to pass a list to an attribute that only accepts a string
b.​ The security group module does not have an output value called “sg_id”
c.​ The ec2 module does not have an output value called “sg_id”
d.​ The reference needs to be corrected as module.security_group.sg_id[0]

✅
86.​Within a terraform block, only constant values can be used.
a.​ True
b.​ False
87.​Select TWO enterprise-grade architectural features of Terraform Enterprise.
a.​ Sentinel

✅
b.​ Version control

✅
c.​ SAML single sign-on
d.​ Audit logging

88.​Is this statement true or false?

✅
Anyone can publish and share modules on the Terraform Registry.
a.​ True
b.​ False

89.​Which Terraform Enterprise feature allows users to create and confidentially share infrastructure
modules within an organization?

✅
a.​ Sentinel
b.​ Private module registry
c.​ Public module registry
d.​ Private GitHub repository

90.​Which of the following statements are valid for the below given Terraform configuration? Select
TWO.

a.​ Terraform will create the elastic IP before creating the EC2 instance due to the interpolation
expression that passes the ID of the EC2 instance to the Elastic IP address

✅
b.​ The reference to aws_instance.ec2_instance.id creates an implicit dependency on the
aws_instance named ec2_instance
c.​ The reference to aws_instance.ec2_instance.id creates an explicit dependency on the
aws_instance named ec2_instance
d.​ This configuration will error out because the depends_on meta-argument is missing in the
Elastic IP resource block
 ✅
e.​ Terraform will create the EC2 instance before creating the Elastic IP due to the interpolation
expression that passes the ID of the EC2 instance to the Elastic IP address

91.​If you remove resources from the Terraform state, resources will be physically destroyed from the
real-world infrastructure.

✅
a.​ True
b.​ False

92.​What does this command do?

a.​ It imports an AWS instance into the first instance of the aws_instance resource named ec2
configured with count
b.​ It imports an AWS instance into the aws_instance resource named “example” into a module
named ec2
c.​ This is not a valid command

✅
d.​ It imports an AWS instance into the "example" instance of the aws_instance resource named
ec2 configured with for_each

✅
93.​Terraform forces every state modification command to write a backup file.
a.​ True
b.​ False

94.​What is the command used to list all existing workspaces?

a.​ terraform show workspaces

✅
b.​ terraform list --workspaces
c.​ terraform workspace list
d.​ terraform workspace show

95.​What is the primary responsibility of providers in Terraform?

✅
a.​ For the execution of commands and scripts
b.​ For understanding API interactions and exposing resources
c.​ To store metadata about Terraform-managed infrastructure
d.​ None of the above

96.​The state is not a necessary requirement for Terraform to function.

✅
a.​ True
b.​ False

97.​What is correct about the below data source block?

 a.​ This is not a valid configuration in Terraform
b.​ This is a valid configuration. But this will error out when applying
c.​ This is a valid configuration. The data source block has the required_provider configuration
inside it

✅
d.​ This is a valid configuration. The data source block uses the provider meta-argument to
specify a provider using an alias name

✅
98.​When using a remote state, the state is only ever held in memory when used by Terraform.
a.​ True
b.​ False

99.​When you use local modules, you do not have to do the command init or get every time there is a
change in the local module. Is this statement true? Explain why?
a.​ Yes. Terraform will refer directly to the source directory when installing a local module. But
you need to follow up with terraform refresh to update the modules in the .terraform
directory.
b.​ Yes. Terraform will refer directly to the source directory when installing a local module.
Because of this, Terraform will automatically notice changes to local modules without having

✅
to re-run terraform init or terraform get.
c.​ No. You must execute terraform init every time

✅
100.​ Not all providers and resources support Terraform import.
a.​ True
b.​ False

101.​ What is not a benefit of IaC?

a.​ Bring up servers with one script and scale up and down based on the load with the same
script

✅
b.​ Reusability of the code
c.​ Unpredictable behavior
d.​ Faster speed and consistency

✅
102.​ When does terraform apply reflect changes in the cloud environment?
a.​ However long it takes the resource provider to fulfill the request
b.​ Immediately
c.​ After updating the state file
d.​ None of the above
 ✅
103.​ What benefits do published modules via Terraform registry have? Select FOUR.

✅
a.​ Support versioning
b.​ Has examples and READMEs

✅
c.​ Supports any code repository

✅
d.​ Allow browsing version histories
e.​ Automatically generated documentation

✅
104.​ Which of the following represents a feature of Terraform Cloud that is NOT free to other users?
a.​ Team management and governance
b.​ Private module registry
c.​ Workspace management
d.​ VCS integration

105.​ Defining version meta-arguments while sourcing modules from a Terraform registry is
mandatory.

✅
a.​ True
b.​ False

106.​ When running a terraform plan, how can you save it so that it can be applied later?

✅
a.​ You cannot save a plan
b.​ By using the -out parameter
c.​ By using the -file parameter
d.​ It happens automatically

107.​ By default, where does Terraform store changes after applying a configuration?
a.​ terraform.tfstate.d sub-directory under the current directory
b.​ terraform.tfstates file under the current directory

✅
c.​ terraform.tfstate sub-directory under the current directory
d.​ terraform.tfstate file under the current directory

108.​ The terraform refresh command reconciles the state Terraform knows via its _______ with the
real-world infrastructure.

✅
a.​ .tf files
b.​ State file
c.​ Provider
d.​ Configuration scripts

109.​ Which of the following terraform commands run refresh first, prior to any other work, unless
explicitly disabled? Choose THREE correct answers.

✅
a.​ terraform init

✅
b.​ terraform plan

✅
c.​ terraform apply
d.​ terraform destroy
e.​ terraform validate
 ✅
110.​ The state file is essential to Terraform and performs these functions. (Select THREE).
a.​ Map resources defined in the configuration with real-world resources

✅
b.​ Help rewrite all Terraform configuration files into a canonical format
c.​ Track metadata about resources such as dependencies and dependency order
d.​ Interact with remote systems

✅
e.​ Cache resource attributes to improve performance when managing very large
infrastructures

111.​ All input variables of the root-module are available to the child-module by default.

✅
a.​ True
b.​ False

112.​ You want to use an archive stored in S3 as a module source. Should the archive on S3 always
have to be public to be able to be used by Terraform?

✅
a.​ Yes
b.​ No

113.​ When a module's source is a version control repository or archive file, the module itself may be
in a subdirectory relative to the package's root. What below is not a correct syntax for representing a
subdirectory?
a.​ git::https://example.com/network.git//modules/vpc
b.​ s3::https://s3-eu-west-1.amazonaws.com/examplecorp-terraform-modules/network.zip//m

✅
odules/vpc
c.​ https://example.com/network-module.zip/modules/vpc
d.​ hashicorp/consul/aws//modules/consul-cluster

114.​ Terraform detects if a URL has a common file extension associated with an archive file format.
What below is not an extension recognized by Terraform?

✅
a.​ zip
b.​ tar
c.​ tar.gz
d.​ tar.xz

115.​ The source argument in a module block tells Terraform where to find the source code for the
desired child module. Select the module block that contains an invalid source.
 a.​

b.​ ✅

c.​

d.​

✅
116.​ What programming language will you need to contribute to the Terraform Open-Source Project?
a.​ Go
b.​ Bash
c.​ Python
d.​ Java

117.​ Declaring a variable without any associated value or associated type will cause an error at run
time, as the variable is not defined.

✅
a.​ True
b.​ False

118.​ How can you modify the resource given below to prevent Terraform from failing on the
provisioner failure?
a.​

b.​ ✅✅

c.​
 d.​

✅
119.​ The default workspace can never be deleted.
a.​ True
b.​ False

120.​ Out of all features listed below, select all the paid features. Choose THREE correct answers.

✅
a.​ Encrypted remote state
b.​ Sentinel policy as code management
c.​ Remote runs

✅
d.​ Secure variable storage
e.​ Cost estimation

✅
f.​ Private module registry
g.​ Role/team management

121.​ If the Terraform backend does not have state lock enabled by default, we can use -lock flag to
automatically enable state locking on all operations that could write state.

✅
a.​ True
b.​ False

122.​ source meta-argument is not required for a local child module.

✅
a.​ True
b.​ False

123.​ Is it necessary to manually write a resource configuration block for the resource created outside
terraform before running terraform import?
a.​ No. Terraform import generates configuration automatically
b.​ Yes. The current implementation of Terraform import can only import resources into the

✅
state. It does not generate configuration. A future version of Terraform will also generate
configuration

124.​ A user accidentally deleted the remote backend from Terraform configuration. How will it impact
existing resources and state files?
a.​ Since the .terraform folder still has the old configuration, it will point to the old configuration
b.​ Since the old state is not visible to Terraform, the next terraform apply will ignore all existing
resources and recreate them again
 c.​ It will detect backend changes and throw an error. You need to reinitialize Terraform again,

✅
and it will prompt you to migrate the existing remote state to the local backend so that it can
still manage resources managed by the remote state
d.​ Since the old state is not visible to Terraform, the next terraform apply will delete all existing
resources and recreate them again

125.​ A module can access all the variables of the parent module.

✅
a.​ True
b.​ False

126.​ Which of the following statements are correct about the Terraform state file format? Choose

✅
THREE correct answers.

✅
a.​ The format of the state files is just JSON; direct file editing of the state is discouraged

✅
b.​ The JSON format makes it easy to write tools around the state
c.​ You should only modify the state file by hand in the case of a Terraform bug
d.​ The YAML format makes it easy to write tools around the state
e.​ The format of the state files is just YAML; direct file editing of the state is discouraged

127.​ Are workspaces in Terraform Cloud and Terraform CLI the same?

✅
a.​ Yes
b.​ No

128.​ You have a Terraform configuration like the one below. You have also defined two files containing
different values for the project variable named terraform.tfvars and variables.auto.tfvars. You also
pass -var=”project=dragonfruit” when you run terraform plan. What will be the value of the project
variable?

a.​ apple
 b.​ banana

✅
c.​ cashew
d.​ dragonfruit

129.​ Due to some problem, you end up locking the Terraform state. Now, your team members cannot
run the terraform apply command to make any infrastructure changes. What will you do to fix this?

✅
a.​ Use state-unlock to unlock the state manually
b.​ Use force-unlock to unlock the state manually
c.​ Use --ignore-lock flag with terraform apply
d.​ Use --state-unlock flag with terraform apply

✅
130.​ In Terraform 0.12 terraform init cannot automatically download third-party providers.
a.​ True
b.​ False

131.​ You've used Terraform to deploy a virtual machine and a database. You want to replace this
virtual machine instance with an identical one without affecting the database. What is the best way
to achieve this using Terraform?

✅
a.​ Use the Terraform taint command targeting the VMs, then run Terraform plan and Terraform
apply
b.​ Delete the Terraform VM resources from your Terraform code, then run Terraform plan and
terraform apply
c.​ Use the terraform apply command targeting the VM resources only
d.​ Use the terraform state rm command to remove the VM from the state file

132.​ What is the easiest way for Terraform to read and write secrets from the HashiCorp Vault?
a.​ API access using the AppRole auth method

✅
b.​ Integration with a CI tool like Jenkins
c.​ Vault provider
d.​ CLI access from the same machine running Terraform

133.​ Tom creates 3 workspaces: dev, qa, prod. What command will he run to switch to the prod
workspace from the dev workspace.
a.​ terraform workspace dev
b.​ terraform workspace -switch dev

✅
c.​ terraform workspace switch dev
d.​ terraform workspace select dev

134.​ A new junior Terraform engineer on your team creates a new configuration and pushes it to the
team's git repo. This new code causes the whole configuration to fail the routine security audit. To
avoid such a scenario in the future, the team lead asks you to implement an effective measure to
 ensure that junior engineers do not commit non-security-compliant configuration code to the team's
GitHub repo in the future. What will you do to execute this task?
a.​ Since your team is using HashiCorp Terraform Enterprise Edition, enable Sentinel, and write

✅
Policy-As-Code rules that will check for non-compliant resource provisioning and
prevent/report them
b.​ Create a git master branch, and implement PR. Every change needs to be reviewed by you
before being merged into the master branch
c.​ Use Terraform OSS Sentinel Lite version, which will save cost since there is no charge for OSS,
but it can still check for most non-compliant rules using Policy-As-Code
d.​ Create a design /security document (in PDF) and share it with the team, and ask them to
always follow that document, and never deviate from it

135.​ Fill in the gap.

A module that is called by another configuration is referred to as a child module

136.​ Terraform can load a provider from all the following sources except
a.​ Provider plugin cache
b.​ Official HashiCorp distribution on releases

✅
c.​ Plugins directory
d.​ Provider source code
137.​ Which of the following is a use case for Terraform modules?
a.​ A module is used to organize similar configurations logically
b.​ A module is used to organize complex configurations for easy understanding and
maintenance

✅
c.​ A module is used to make a configuration reusable and ensure consistency
d.​ All of the above
138.​ Which of the following arguments is required when declaring a Terraform variable?
a.​ default
b.​ type

✅
c.​ description
d.​ None of the above
139.​ terraform init -upgrade is the correct command to use the latest versions of plugins in your

✅
Terraform configuration
a.​ True
b.​ False
140.​ Fill in the gap.

_____ workspaces______ is the Terraform feature that enables the creation of similar
infrastructure in different environments using the same configuration code.

141.​ Which of the following is not a valid string function in Terraform?

a.​ title
 ✅
b.​ chomp
c.​ concat
d.​ substr
142.​ You want to know which paths Terraform is loading the providers in your configuration file from.
What would you do to achieve this?

✅
a.​ Monitor the CLI after running terraform apply
b.​ Enable debugging by setting the TF_LOG envronment variable to TRACE
c.​ Enable debugging by setting the TF_LOG_PATH environment variable
d.​ Set verbose logging for each provider in your Terraform configuration
143.​ A Terraform local value cannot reference another local value

✅
a.​ True
b.​ False
144.​ A provider configuration block is required in every Terraform configuration

✅
a.​ True
b.​ False

✅
145.​ Terraform cloud can be managed from the CLI using an API token
a.​ True
b.​ False
146.​ The configuration code below creates a _______ backend

✅
a.​ local
b.​ remote
c.​ AWS
d.​ All of the above
147.​ One of the following is not true about Terraform provisioners

✅
a.​ A provisioner will only run once in a configuration
b.​ A provisioner code block can stand on its own
c.​ If an infrastructure has been created before you add the provisioner block, the provisioner
will not execute
d.​ You can run multiple provisioners in the same configuration file
148.​ Which of the following are required arguments for Terraform provisioner? Select all that apply

✅
a.​ content

✅
b.​ destination

✅
c.​ connection
d.​ command
 ✅
149.​ By default, when a Terraform provisioner fails, what happens to the configuration?
a.​ The terraform apply process also fails
b.​ The terraform apply process continues
c.​ The configuration is partially applied
d.​ None of the above
150.​ local-exec and remote-exec are the only two types of provisioners

✅
a.​ True
b.​ False
151.​ Terraform Cloud’s run triggers allow you to link workspaces so that a successful apply in a source

✅
workspace will queue a run in the workspace linked to it.
a.​ True
b.​ False
152.​ Which of the following is true about Terraform registry
a.​ It requires that you include a release tag in the format x.y.z
b.​ To publish a module on Terraform Registry, you must upload it to GitHub, and the repository
must be public.
c.​ The module's GitHub repository must include a simple, one-sentence description of the

✅
module.
d.​ All of the above
153.​ What is the workflow for deploying new infrastructure with Terraform?
a.​ terraform plan to import the current infrastructure to the state file, make code changes, and
terraform apply to update the infrastructure
b.​ Write a Terraform configuration; run terraform show to view proposed changes, and
terraform apply to create new infrastructure
c.​ terraform import to import the current infrastructure to the state file, make code changes,
and terraform apply to update the infrastructure

✅
d.​ Write a Terraform configuration, run terraform init, run terraform plan to view planned
infrastructure changes, and terraform apply to create new infrastructure
154.​ Which of the following is not true of Terraform providers?
a.​ Providers can be written by individuals
b.​ Providers can be maintained by a community of users
c.​ Some providers are maintained by HashiCorp
d.​ Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform

✅
providers
e.​ none of above
155.​ Why would you use the terraform taint command?

✅
a.​ When you want to force Terraform to destroy a resource on the next apply
b.​ When you want to force Terraform to destroy and recreate a resource on the next apply
c.​ When you want Terraform to ignore a resource on the next apply
d.​ When you want Terraform to destroy all the infrastructure in your workspace
156.​ When should you use the force-unlock command?
a.​ You see a status message that you cannot acquire the lock

✅
b.​ You have a high-priority change
c.​ Automatic unlocking failed
 d.​ Your terraform apply failed due to a state lock
157.​ Which of the following is available only in Terraform Enterprise or Cloud workspaces and not in

✅
Terraform CLI?
a.​ Secure variable storage
b.​ Support for multiple cloud providers
c.​ Dry runs with terraform plan
d.​ Using the workspace as a data source
158.​ How would you reference the "name" value of the second instance of this fictitious resource
below?

a.​ aws_instance.instance[1]

✅
b.​ element(aws_instance.instance, 2)
c.​ aws_instance.instance[1].name
d.​ aws_instance.instance[2].name
159.​ When running the command terraform taint against a managed resource you want to force
recreation upon, Terraform will immediately destroy and recreate the resource.

✅
a.​ True
b.​ False
160.​ In contrast to Terraform Open Source, when working with Terraform Enterprise and Cloud

✅
Workspaces, you could think about them as completely separate working directories.
a.​ True
b.​ False
161.​ You write a new Terraform configuration and immediately run terraform apply it in the CLI using
the local backend. Why will the apply fail?

✅
a.​ Terraform needs you to format your code according to best practices first
b.​ Terraform needs to install the necessary plugins first
c.​ The Terraform CLI needs you to log into Terraform cloud first
d.​ Terraform requires you to manually run terraform plan first
162.​ terraform validate reports syntax check errors from which of the following scenarios?
a.​ Code contains tabs indentation instead of spaces
b.​ There is a missing value for a variable

✅
c.​ The state files does not match the current infrastructure
d.​ None of the above
163.​ Your team has decided to use terraform in your company and you have existing infrastructure.
How do you migrate your existing resources to terraform and start using it?
a.​ Run terraform init, and it will automatically sync with your existing infrastructure

✅
b.​ Run terraform import, then write a configuration code that matches the existing
infrastructure
 c.​ Run terraform refresh to update the state file with existing infrastructure
d.​ It's not possible to do that in Terraform
164.​ A fellow developer on your team is asking for some help refactoring their Terraform code. As
part of their application's architecture, they will tear down an existing deployment managed by
Terraform and deploy a new one. However, there is a server resource named
aws_instance.ubuntu[1], which they would like to keep to perform some additional analysis.

What command should be used to tell Terraform to no longer manage the resource?

✅
a.​ terraform apply rm aws_instance.ubuntu[1]
b.​ terraform state rm aws_instance.ubuntu[1]
c.​ terraform plan rm aws_instance.ubuntu[1]
d.​ terraform delete aws_instance.ubuntu[1]
165.​ Terraform can only manage resource dependencies if you set them explicitly with the
depends_on argument.

✅
a.​ True
b.​ False
166.​ You have a simple Terraform configuration containing one virtual machine (VM) in a cloud
provider. You run terraform apply and the VM is created successfully.

What will happen if you delete the VM using the cloud provider console and run terraform apply
again without changing any Terraform code?

a.​ Terraform will remove the VM from the state file

b.​ Terraform will report an error

✅
c.​ Terraform will not make any changes
d.​ Terraform will recreate the VM
167.​ What is terraform refresh intended to detect?
a.​ Terraform configuration code changes

✅
b.​ Empty state files
c.​ State file drift
d.​ Corrupt state files
168.​ Which command is used to launch Terraform console?
a.​ terraform apply -auto-approve

✅
b.​ terraform plan
c.​ terraform console
d.​ terraform consul
169.​ What is the default number of concurrent operations supported by the terraform apply
command?
a.​ 9

✅
b.​ 25
c.​ 10
d.​ 1
170.​ To unlock a Terraform configuration state file, you run terraform state-unlock command

✅
a.​ True
b.​ False
171.​ Which of the following is not a Terraform module source type?

✅
a.​ GitHub
b.​ SSH
c.​ S3 bucket
d.​ Terraform Registry
172.​ Terraform state files are required for Terraform configuration to function. Which of the following
is not a function of a state file?
a.​ Performance

✅
b.​ Mapping configuration code to real-world infrastructure
c.​ Security
d.​ Syncing
173.​ A junior engineer on your team created an EC2 configuration with some defined variables. You
are not sure if he added a default value to a variable called description in the configuration. If he did,
you want to leave it at that. But if not, you want to add the default value "Web server setup".

How can you do this in your Terraform code?

a.​ description = if (var.description == “null”) then { “No description set up” } else {

✅
var.description }
b.​ description = var.description == “null” ? “No description set up” : var.description
c.​ description = if var.description == “null” then “No description set up” else var.description
d.​ description = var.description == “null” : “No description set up” ? var.description
174.​ You can fetch a Terraform module using a URL endpoint if the extension is the following, except
a.​ tar.gz
b.​ zip

✅
c.​ tar.xz
d.​ tar.bin
175.​ Which of the following is the most verbose Terraform log level?
a.​ ERROR

✅
b.​ WARN
c.​ TRACE
d.​ DEBUG
176.​ Which of the following are the supported connection types in remote-exec provisioner? Select

✅
all that apply
a.​ ssh
b.​ url

✅
c.​ rdp
d.​ winrm

✅
177.​ The following are tags that can be used with the terraform apply command, except
a.​ -taint
b.​ -input=false
c.​ -no-color
d.​ -auto-approve
178.​ When you run terraform plan, Terraform scans your configuration code and automatically
appends any missing argument.
 ✅
a.​ True
b.​ False
179.​ What type of variable has the highest priority?

✅
a.​ Variables in terraform.tfvars file
b.​ Variables defined with -var or var-file on the command line
c.​ Environment variables
d.​ Terraform variables do not have an order of priority
180.​ One remote backend always maps to a single remote workspace

✅
a.​ True
b.​ False