In the example below, the depends_on argument creates what type of dependency?

  1. resource “aws_instance” “example” {
  2. ami = “ami-2757f631”
  3. instance_type = “t2.micro”
  4. depends_on = [aws_s3_bucket.company_data]
  5. }
  • (Correct)

Explanation

Explicit dependencies in Terraform are dependencies that are explicitly declared in the Terraform configuration. These dependencies are used to control the order in which Terraform creates, updates, and destroys resources.

In Terraform, you can declare explicit dependencies using the depends_on argument in a resource block. The depends_on argument takes a list of resource names and specifies that the resource block in which it is declared depends on those resources.

For example, consider a scenario where you have a virtual machine (VM) that depends on a virtual network (VNET) and a subnet. You can declare these dependencies using the depends_on argument as follows:

  1. resource “azurerm_virtual_network” “vnet” {
  2. name = “example-vnet”
  3. address_space = [“10.0.0.0/16”]
  4. }
  5.  
  6. resource “azurerm_subnet” “subnet” {
  7. name = “example-subnet”
  8. virtual_network_name = azurerm_virtual_network.vnet.name
  9. address_prefix = “10.0.1.0/24”
  10. }
  11.  
  12. resource “azurerm_network_interface” “nic” {
  13. name = “example-nic”
  14. location = azurerm_virtual_network.vnet.location
  15. subnet_id = azurerm_subnet.subnet.id
  16. depends_on = [
  17. azurerm_subnet.subnet,
  18. azurerm_virtual_network.vnet
  19. ]
  20. }

In this example, the azurerm_network_interface resource depends on both the azurerm_subnet and the azurerm_virtual_network resources, so Terraform will create those resources first, and then create the azurerm_network_interface resource.

By declaring explicit dependencies, you can ensure that Terraform creates resources in the correct order, so that dependent resources are available before other resources that depend on them. This helps prevent errors or unexpected behavior when creating or modifying infrastructure, and makes it easier to manage and understand the relationship between resources.

Overall, the use of explicit dependencies is a critical aspect of Terraform, as it helps ensure that resources are created and managed in the correct order and makes it easier to manage and understand the relationship between resources.

https://learn.hashicorp.com/tutorials/terraform/dependencies

Question 2:

What feature of Terraform Cloud allows you to publish and maintain a set of custom modules which can be used within your organization?

  • (Correct)

Explanation

You can use modules from a private registry, like the one provided by Terraform Cloud. Private registry modules have source strings of the form <HOSTNAME>/<NAMESPACE>/<NAME>/<PROVIDER>. This is the same format as the public registry, but with an added hostname prefix.

https://www.datocms-assets.com/2885/1602500234-terraform-full-feature-pricing-tablev2-1.pdf

Question 3:

What environment variable can be set to enable detailed logging for Terraform?

  • (Correct)

Explanation

Terraform has detailed logs that can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.

You can set TF_LOG to one of the log levels TRACEDEBUGINFOWARN or ERROR to change the verbosity of the logs. TRACE is the most verbose and it is the default if TF_LOG is set to something other than a log level name.

https://developer.hashicorp.com/terraform/internals/debugging

Question 4: Correct

What Terraform command will launch the Interactive console to evaluate and experiment with expressions?

  • (Correct)

Explanation

The terraform console command in Terraform is a command-line interface (CLI) tool that allows you to interactively evaluate expressions in Terraform. The terraform console command opens a REPL (Read-Eval-Print Loop) environment, where you can type Terraform expressions and see the results immediately. This can be useful for testing and debugging Terraform configurations and understanding how Terraform evaluates expressions.

Here are a few examples of how the terraform console command can be helpful:

  1. Testing expressions: You can use the terraform console command to test Terraform expressions and see the results immediately. For example, you can test arithmetic operations, string concatenation, and other Terraform expressions to ensure that they are evaluated correctly.
  2. Debugging configurations: If you have a complex Terraform configuration and you’re not sure why it’s not working as expected, you can use the terraform console command to debug the configuration by testing expressions and variables to see their values.
  3. Understanding Terraform behavior: If you’re new to Terraform and you want to understand how it evaluates expressions and variables, you can use the terraform console command to explore Terraform’s behavior and see how different expressions are evaluated.

To use the terraform console command, simply type terraform console in your terminal, and Terraform will open a REPL environment. You can then type Terraform expressions and see the results immediately. You can exit the REPL environment by typing exit or quit.

It’s worth noting that the terraform console command operates in the context of a specific Terraform configuration, so you should run the command from within the directory that contains your Terraform configuration files.

https://developer.hashicorp.com/terraform/cli/commands/console

Question 5:

In the following code snippet, the block type is identified by which string?

  1. resource “aws_instance” “db” {
  2. ami = “ami-123456”
  3. instance_type = “t2.micro”
  4. }
  • (Correct)

Explanation

In Terraform, resource blocks define the resources you want to create, update, or manage as part of your infrastructure. Other type of block types in Terraform include providerterraformoutputdata, and resource.

The format of a resource block configuration is as follows:

  1. resource “TYPE” “NAME” {
  2. [CONFIGURATION_KEY = CONFIGURATION_VALUE]
  3. }

where:

  • TYPE is the type of resource you want to create, such as an AWS EC2 instance, an Azure storage account, or a Google Cloud Platform compute instance.
  • NAME is a unique identifier for the resource, which you can use in other parts of your Terraform configuration to refer to this resource.
  • CONFIGURATION_KEY is a key that corresponds to a specific attribute of the resource type.
  • CONFIGURATION_VALUE is the value for the attribute specified by CONFIGURATION_KEY.

For example, here is a simple resource block that creates an Amazon Web Services (AWS) EC2 instance:

  1. resource “aws_instance” “example” {
  2. ami = “ami-0323c3dd2da7fb37d”
  3. instance_type = “t2.micro”
  4. }

In this example, the resource block creates an EC2 instance with the specified Amazon Machine Image (AMI) and instance type.

It is important to note that each resource type will have its own set of required and optional attributes, and you must specify the required attributes for each resource type in your Terraform configuration. Some common attributes for AWS EC2 instances include the AMI ID, instance type, and security group.

By defining resources in Terraform, you can manage your infrastructure as code and track changes to your infrastructure over time, making it easier to version control, automate, and collaborate on your infrastructure.

https://developer.hashicorp.com/terraform/language/resources

Question 6:

You are developing a new Terraform module to demonstrate features of the most popular HashiCorp products. You need to spin up an AWS instance for each tool, so you create the resource block as shown below using the for_each meta-argument.

  1. resource “aws_instance” “bryan-demo” {
  2. # …
  3. for_each = {
  4. “terraform”: “infrastructure”,
  5. “vault”: “security”,
  6. “consul”: “connectivity”,
  7. “nomad”: “scheduler”,
  8. }
  9. }

After the deployment, you view the state using the terraform state list command. What resource address would be displayed for the instance related to vault?

  • (Correct)

Explanation

In Terraform, when you use the for_each argument in a resource block, Terraform generates multiple instances of that resource, each with a unique address. The address of each instance is determined by the keys of the for_each map, and it is used to identify and manage each instance of the resource.

For example, consider the following resource block in the question:

  1. resource “aws_instance” “bryan-demo” {
  2. # …
  3. for_each = {
  4. “terraform”: “infrastructure”,
  5. “vault”: “security”,
  6. “consul”: “connectivity”,
  7. “nomad”: “scheduler”,
  8. }
  9. }

In this example, Terraform will create four instances of the aws_instance resource, one for each key in the for_each map. The addresses of these instances will be aws_instance.bryan-demo["terraform"] , aws_instance.bryan-demo["vault"],aws_instance.bryan-demo["consul"], and aws_instance.bryan-demo["nomad"].

When you reference the properties of these instances in your Terraform code, you can use the address and property reference syntax to access the properties of each instance. For example, you can access the ID of the first instance using aws_instance.bryan-demo["vault"].id.

Using the for_each argument in a resource block is a powerful way to manage multiple instances of a resource, and it provides a convenient way to reuse the same resource configuration for multiple instances with different properties.

https://developer.hashicorp.com/terraform/cli/v1.1.x/state/resource-addressing

Question 7: Correct

True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.

  • (Correct)

Explanation

True. Each Terraform workspace uses its own state file to manage the infrastructure associated with that workspace. This allows Terraform to manage multiple sets of infrastructure independently and avoid conflicts. Each Terraform workspace has its own Terraform state file that keeps track of the resources and their attributes, so changes made in one workspace will not affect the infrastructure managed by other workspaces.

In fact, having different state files provides the benefits of workspaces, where you can separate the management of infrastructure resources so you can make changes to specific resources without impacting resources in others….

https://developer.hashicorp.com/terraform/language/state/workspaces#workspace-internals

Question 8: Incorrect

Which of the following is a valid variable name in Terraform?

  • (Correct)

Explanation

In Terraform, variable names must follow a set of naming conventions to be considered valid. Here are some examples of invalid variable names:

  • Names that start with a number: 1_invalid_variable_name
  • Names that contain spaces or special characters (other than underscores): invalid variable name
  • Names that contain only numbers: 12345
  • Names that are the same as Terraform reserved words, such as varmoduledatacount, etc.

It is recommended to use only lowercase letters, numbers, and underscores in variable names and to start variable names with a lowercase letter to ensure they are valid. Additionally, variable names should be descriptive and meaningful to help make your Terraform code more readable and maintainable.

https://developer.hashicorp.com/terraform/tutorials/configuration-language/count

https://developer.hashicorp.com/terraform/language/values/variables#declaring-an-input-variable

Question 9: Inco

Which code snippet would allow you to retrieve information about existing resources and use that information within your Terraform configuration?

    1. resource “aws_instance” “web” {
    2. ami = “ami-a1b2c3d4”
    3. instance_type = “t2.micro”
    4. }
    (Incorrect)
    1. locals {
    2. service_name = “forum”
    3. owner = “Community Team”
    4. }
    1. data “aws_ami” “aws_instance” {
    2. most_recent = true
    3.  
    4. owners = [“self”]
    5. tags = {
    6. Name = “app-server”
    7. Tested = “true”
    8. }
    9. }
    (Correct)
    1. module “deploy-servers” {
    2. source = “./app-cluster”
    3.  
    4. servers = 5
    5. }
    1. provider “google” {
    2. project = “acme-app”
    3. region = “us-central1”
    4. }

Explanation

In Terraform, data blocks are used to retrieve data from external sources, such as APIs or databases, and make that data available to your Terraform configuration. With data blocks, you can use information from external sources to drive your infrastructure as code, making it more dynamic and flexible.

For example, you can use a data block to retrieve a list of Amazon Machine Images (AMIs) from AWS, and then use that data to select the appropriate AMI for a virtual machine you are provisioning:

  1. data “aws_ami” “example” {
  2. most_recent = true
  3.  
  4. filter {
  5. name = “name”
  6. values = [“amzn2-ami-hvm-2.0.*-x86_64-gp2”]
  7. }
  8.  
  9. filter {
  10. name = “virtualization-type”
  11. values = [“hvm”]
  12. }
  13. }
  14.  
  15. resource “aws_instance” “example” {
  16. ami = data.aws_ami.example.id
  17. instance_type = “t2.micro”
  18. }

In this example, the data block retrieves the most recent Amazon Linux 2 HVM AMI, and the aws_instance resource uses the selected AMI to create a virtual machine.

Data blocks can be used to retrieve information from a wide range of sources, such as databases, APIs, and cloud providers. This information can then be used to conditionally create, update, or delete resources, making your Terraform configurations more flexible and adaptable to changing requirements.

https://developer.hashicorp.com/terraform/language/data-sources

Question 10:

Why might a user opt to include the following snippet in their configuration file?

  1. terraform {
  2. required_version = “>= 1.3.8”
  3. }
  • (Correct)

Explanation

The required_version parameter in a terraform block is used to specify the minimum version of Terraform that is required to run the configuration. This parameter is optional, but it can be useful for ensuring that a Terraform configuration is only run with a version of Terraform that is known to be compatible.

For example, if your Terraform configuration uses features that were introduced in Terraform 1.3.8, you could include the following terraform block in your configuration to ensure that Terraform 1.3.8 or later is used:

  1. terraform {
  2. required_version = “>= 1.3.8”
  3. }

When you run Terraform, it will check the version of Terraform that is being used against the required_version parameter and it will raise an error if the version is lower than the required version.

This can be especially useful in larger organizations or projects where multiple people are working on the same Terraform code, as it helps to ensure that everyone is using the same version of Terraform and reduces the risk of encountering unexpected behavior or bugs due to differences in Terraform versions.

https://developer.hashicorp.com/terraform/language/settings#specifying-a-required-terraform-version

Question 11: Incorrect

A user creates three workspaces from the command line: proddev, and test. Which of the following commands will the user run to switch to the dev workspace?

  • (Correct)

Explanation

The command used to switch to the dev workspace in Terraform is terraform workspace select dev.

Terraform workspaces allow you to manage multiple sets of infrastructure resources that share the same configuration. To switch to a specific workspace in Terraform, you use the terraform workspace select command followed by the name of the workspace you want to switch to. In this case, the name of the workspace is “dev”.

After running this command, Terraform will switch to the dev workspace, and all subsequent Terraform commands will apply to the resources in that workspace. If the dev workspace does not yet exist, Terraform will NOT create it for you.

Here’s an example of using the terraform workspace select command to switch to the dev workspace:

  1. $ terraform workspace select dev
  2. Switched to workspace “dev”.

https://developer.hashicorp.com/terraform/cli/commands/workspace/select

Question 12:

Environment variables can be used to set the value of input variables. The environment variables must be in the format "____"_<variablename>.

Select the correct prefix string from the following list.

  • (Correct)

Explanation

Terraform allows you to use environment variables to set values in your Terraform configuration. This can be useful for specifying values specific to the environment in which Terraform is running or providing values that can be easily changed without modifying the Terraform configuration.

To use a variable in Terraform, you need to define the variable using the following syntax in your Terraform configuration:

  1. variable “instructor_name” {
  2. type = string
  3. }

You can then set the value of the environment variable when you run Terraform by exporting the variable in your shell before running any Terraform commands:

  1. export TF_VAR_instructor_name=“bryan”
  2. $ terraform apply

https://developer.hashicorp.com/terraform/cli/config/environment-variables

Question 13: Correct

Terraform Cloud is more powerful when you integrate it with your version control system (VCS) provider. Select all the supported VCS providers from the answers below. (select four)

  • (Correct)
  • (Correct)
  • (Correct)
  • (Correct)
Question 14: Correct

True or False? The following code is an example of an implicit dependency in Terraform

  1. resource “aws_instance” “web” {
  2. ami = “ami-0c55b159cbfafe1f0”
  3. instance_type = “t2.micro”
  4. }
  5.  
  6. resource “aws_ebs_volume” “data” {
  7. availability_zone = “us-west-2a”
  8. size = 1
  9.  
  10. tags = {
  11. Name = “data-volume”
  12. }
  13. }
  14.  
  15. resource “aws_volume_attachment” “attach_data_volume” {
  16. device_name = “/dev/xvdf”
  17. volume_id = aws_ebs_volume.data.id
  18. instance_id = aws_instance.web.id
  19. }
  • (Correct)

Explanation

Terraform implicit dependencies refer to the dependencies between resources in a Terraform configuration but are not explicitly defined in the configuration. Terraform uses a graph to track these implicit dependencies and ensures that resources are created, updated, and deleted in the correct order.

For example, suppose you have a Terraform configuration that creates a virtual machine and a disk. In that case, Terraform will implicitly depend on the disk being created before the virtual machine because the virtual machine needs the disk to function. Terraform will automatically create the disk first and then create the virtual machine.

Sometimes, Terraform may miss an implicit dependency, resulting in an error when you run terraform apply. In these cases, you can use the depends_on argument to explicitly declare the dependency between resources. For example:

  1. resource “aws_instance” “example” {
  2. ami = “ami-0c55b159cbfafe1f0”
  3. instance_type = “t2.micro”
  4.  
  5. depends_on = [
  6. aws_ebs_volume.example
  7. ]
  8. }
  9.  
  10. resource “aws_ebs_volume” “example” {
  11. availability_zone = “us-west-2a”
  12. size = 1
  13. }

In this example, the aws_instance resource depends on the aws_ebs_volume resource, and Terraform will create the aws_ebs_volume resource first and then the aws_instance resource.

In general, Terraform implicit dependencies are handled automatically, but sometimes it may be necessary to use the depends_on argument to ensure that resources are created in the correct order.

https://developer.hashicorp.com/terraform/tutorials/certification-associate-tutorials-003/dependencies

Question 15: Incorrect

True or False? When using the Terraform provider for Vault, the tight integration between these HashiCorp tools provides the ability to mask secrets in the state file.

  • (Correct)

Explanation

False. By default, Terraform does not provide the ability to mask secrets in the Terraform plan and state files regardless of what provider you are using. While Terraform and Vault are both developed by HashiCorp and have a tight integration, masking secrets in Terraform plans and state files requires additional steps to securely manage sensitive information.

One common approach is to use environment variables or Terraform input variables to store sensitive information, and then use Terraform’s data sources to retrieve the information from the environment or input variables, rather than hardcoding the information into the Terraform configuration. This helps to ensure that sensitive information is not stored in plain text in the Terraform plan or state files.

https://learn.hashicorp.com/tutorials/terraform/secrets-vault

Question 16: Incorrect

From the code below, identify the implicit dependency:

  1. resource “aws_eip” “public_ip” {
  2. vpc = true
  3. instance = aws_instance.web_server.id
  4. }
  5.  
  6. resource “aws_instance” “web_server” {
  7. ami = “ami-2757f631”
  8. instance_type = “t2.micro”
  9. depends_on = [aws_s3_bucket.company_data]
  10. }
  • (Correct)

Explanation

Implicit dependencies are not explicitly declared in the configuration but are automatically detected by Terraform based on the relationships between resources. Implicit dependencies allow Terraform to automatically determine the correct order in which resources should be created, updated, or deleted, ensuring that resources are created in the right order, and dependencies are satisfied.

For example, if you have a resource that depends on another resource, Terraform will automatically detect this relationship and create the dependent resource after the resource it depends on has been created. This allows Terraform to manage complex infrastructure deployments in an efficient and predictable way.

The EC2 instance labeled web_server is the implicit dependency as the aws_eip cannot be created until the aws_instance labeled web_server has been provisioned and the id is available.

Note that aws_s3_bucket.company_data is an explicit dependency for the aws_instance.web_server

https://learn.hashicorp.com/tutorials/terraform/dependencies

Question 17: Incorrect

You are writing Terraform to deploy resources, and have included provider blocks as shown below:

  1. provider “aws” {
  2. region = “us-east-1”
  3. }
  4.  
  5. provider “aws” {
  6. region = “us-west-1”
  7. }

When you validate the Terraform configuration, you get the following error:

  1. Error: Duplicate provider configuration
  2.  
  3. on main.tf line 5:
  4. 5: provider “aws” {
  5.  
  6. A default provider configuration for “aws” was already given at
  7. main.tf:1,115. If multiple configurations are required, set the xxxx
  8. argument for alternative configurations.

What additional parameter is required to use multiple provider blocks of the same type, but with distinct configurations, such as cloud regions, namespaces, or other desired settings?

  • (Correct)
  • (Incorrect)

Explanation

An alias meta-argument is used when using the same provider with different configurations for different resources. This feature allows you to include multiple provider blocks that refer to different configurations. In this example, you would need something like this:

  1. provider “aws” {
  2. region = “us-east-1”
  3. }
  4.  
  5. provider “aws” {
  6. region = “us-west-1”
  7. alias = “west”
  8. }

When writing Terraform code to deploy resources, the resources that you want to deploy to the “west” region would need to specify the alias within the resource block. This instructs Terraform to use the configuration specified in that provider block. So in this case, the resource would be deployed to “us-west-2” region and not the “us-east-1” region. this configuration is common when using multiple cloud regions or namespaces in applications like Consul, Vault, or Nomad.

https://developer.hashicorp.com/terraform/language/providers/configuration#alias-multiple-provider-instances

Question 18:

When you add a new module to a configuration, Terraform must download it before it can be used. What two commands can be used to download and update modules? (select two)

  • (Correct)
  • (Incorrect)
  • (Correct)

Explanation

The two Terraform commands used to download and update modules are:

  1. terraform init: This command downloads and updates the required modules for the Terraform configuration. It also sets up the backend for state storage if specified in the configuration.
  2. terraform get: This command is used to download and update modules for a Terraform configuration. It can be used to update specific modules by specifying the module name and version number, or it can be used to update all modules by simply running the command without any arguments.

It’s important to note that terraform init is typically run automatically when running other Terraform commands, so you may not need to run terraform get separately. However, if you need to update specific modules, running terraform get can be useful.

https://learn.hashicorp.com/tutorials/terraform/module-create?in=terraform/modules#install-the-local-module

Question 19: Incorrect

What do the declarations, such as namecidr, and azs, in the following Terraform code represent and what purpose do they serve?

  1. module “vpc” {
  2. source = “terraform-aws-modules/vpc/aws”
  3. version = “2.21.0”
  4.  
  5. name = var.vpc_name
  6. cidr = var.vpc_cidr
  7.  
  8. azs = var.vpc_azs
  9. private_subnets = var.vpc_private_subnets
  10. public_subnets = var.vpc_public_subnets
  11.  
  12. enable_nat_gateway = var.vpc_enable_nat_gateway
  13.  
  14. tags = var.vpc_tags
  15. }
  • (Incorrect)
  • (Correct)

Explanation

To pass values to a Terraform module when calling the module in your code, you use input variables. Input variables are a way to pass values into a Terraform module from the calling code. They allow the module to be flexible and reusable, as the same module can be used with different input values in different contexts.

In this example, the values for the namecidr, and azs inputs are passed to the module as values of variables. The variables are defined in the calling code in the calling module using the variable block.

To pass the values to the module, you can specify them in a number of ways, such as:

  • Using command-line flags when running Terraform
  • Storing the values in a Terraform .tfvars file and passing that file to Terraform when running it
  • Using environment variables

For more information on Terraform modules and input variables, I recommend checking out the Terraform documentation: https://www.terraform.io/docs/modules/index.html

https://learn.hashicorp.com/tutorials/terraform/module-use#set-values-for-module-input-variables

Question 20: Correct

In Terraform, most resource dependencies are handled automatically. Which of the following statements best describes how Terraform resource dependencies are handled?

  • (Correct)

Explanation

Terraform resource dependencies control how resources are created, updated, and destroyed. When Terraform creates or modifies resources, it must be aware of any dependencies that exist between those resources. By declaring these dependencies, Terraform can ensure that resources are created in the correct order so that dependent resources are available before other resources that depend on them.

To declare a resource dependency, you can use the depends_on argument in a resource block. The depends_on argument takes a list of resource names and specifies that the resource block in which it is declared depends on those resources.

https://developer.hashicorp.com/terraform/language/resources

Question 21: Correct

Terraform is distributed as a single binary and available for many different platforms. Select all Operating Systems that Terraform is available for. (select five)

  • (Correct)
  • (Correct)
  • (Correct)
  • (Correct)
  • (Correct)

Explanation

Terraform is a cross-platform tool and can be installed on several operating systems, including:

  1. Windows: Terraform can be installed on Windows operating systems using the Windows installer.
  2. macOS: Terraform can be installed on macOS using the macOS installer or using Homebrew.
  3. Linux: Terraform can be installed on Linux operating systems using the binary distribution or through package management systems, such as apt or yum.
  4. Unix: Terraform can be installed on Unix-like operating systems using the binary distribution.

There is no Terraform binary for AIX. Terraform is available for macOS, FreeBSD, OpenBSD, Linux, Solaris, and Windows.

https://www.terraform.io/downloads.html

Question 22: Incorrect

When writing Terraform code, how many spaces between each nesting level does HashiCorp recommends that you use?

  • (Correct)

Explanation

HashiCorp, the creator of Terraform, recommends using two spaces for indentation when writing Terraform code. This is a convention that helps to improve readability and consistency across Terraform configurations.

For example, when defining a resource in Terraform, you would use two spaces to indent each level of the resource definition, as in the following example:

  1. resource “aws_instance” “example” {
  2. ami = “ami-0c55b159cbfafe1f0”
  3. instance_type = “t2.micro”
  4.  
  5. tags = {
  6. Name = “example-instance”
  7. }
  8. }

While this is the recommended convention, it is not a strict requirement and Terraform will still function correctly even if you use a different number of spaces or a different type of indentation. However, using two spaces for indentation is a widely adopted convention in the Terraform community and is recommended by HashiCorp to improve the readability and maintainability of your Terraform configurations.

Check this link for more information

Question 23: Incorrect

Provider dependencies are created in several different ways. Select the valid provider dependencies from the following list: (select three)

  • (Correct)
  • (Correct)
  • (Correct)

Explanation

The existence of a provider plugin found locally in the working directory does not itself create a provider dependency. The plugin can exist without any reference to it in the Terraform configuration.

https://developer.hashicorp.com/terraform/language/providers/requirements

https://developer.hashicorp.com/terraform/cli/commands/providers

Question 24:

You are using a Terraform Cloud workspace linked to a GitHub repo to manage production workloads in your environment. After approving a merge request, what default action can you expect to be triggered on the workspace?

  • (Correct)

Explanation

After approving a merge request that modifies Terraform configurations in a GitHub repository linked to a Terraform Cloud workspace, the default action that can be expected to run automatically is a “speculative plan” operation.

When you merge a pull request or push changes to the main branch (or any branch you have configured as the trigger for the workspace), Terraform Cloud typically triggers a plan operation. During this plan phase, Terraform examines the proposed changes to your infrastructure and displays a list of actions it would take if applied. It’s a way to preview the changes before actually making them.

The plan output shows what resources Terraform would create, modify, or delete, which allows you to review and validate the expected changes. After reviewing the plan, you can then manually apply the changes to your infrastructure through the Terraform Cloud workspace.

Note: You can absolutely configure a Terraform workspace to automatically apply the changes to the code, although that is generally not recommended, nor is it the default action.

Wrong Answers:

– TFC does not automatically run a speculative plan and apply the changes unless you specifically configure the workspace to do so. This is not the default action that would be triggered when you commit new code to the repo

– TFC does not run external tests, such as terratest and terraform validate on your code when you commit it to a repo

– TFC, or Terraform in general, does not destroy managed infrastructure when executing a plan and apply. It will only modify the resources needed to ensure the managed restructure now matches the desired state.

https://developer.hashicorp.com/terraform/cloud-docs/run/remote-operations

Question 25: Incorrect

Henry has been working on automating his Azure infrastructure for a new application using Terraform. His application runs successfully, but he has added a new resource to create a DNS record using the new Infoblox provider. He has added the new resource but gets an error when he runs a terraform plan.

What should Henry do first before running a plan and apply?

  • (Correct)

Explanation

In this scenario, Henry has introduced a new provider. Therefore, Terraform needs to download the plugin to support the new resource he has added. Running terraform init will download the Infoblox plugin. Once that is complete, a plan and apply can be executed as needed.

You would need to rerun terraform init after modifying your code for the following reasons:

  1. Adding a new provider: If you’ve added a new provider to your code, you’ll need to run terraform init to download the provider’s binary and configure it.
  2. Updating the provider configuration: If you’ve updated the configuration of an existing provider, you’ll need to run terraform init to apply the changes.
  3. Updating the version of a provider: If you’ve updated the version of a provider, you’ll need to run terraform init to download the updated version of the provider’s binary.
  4. Adding or removing a module: If you’ve added or removed a module from your code, you’ll need to run terraform init to download the required modules and dependencies.

In short, terraform init is used to initialize a Terraform working directory, and you’ll need to rerun it whenever you make changes to your code that affect the providers, modules, or versions you’re using.

https://developer.hashicorp.com/terraform/cli/commands/init

Question 26: Incorrect

True or False? Rather than use a state file, Terraform can inspect cloud resources on every run to validate that the real-world resources match the desired state.

  • (Correct)

Explanation

State is a necessary requirement for Terraform to function. And in the scenarios where Terraform may be able to get away without state, doing so would require shifting massive amounts of complexity from one place (state) to another place (the replacement concept).

To support mapping configuration to resources in the real world, Terraform uses its own state structure. Terraform can guarantee one-to-one mapping when it creates objects and records their identities in the state. Terraform state also serves as a performance improvement – rather than having to scan every single resource to determine the current state of each resource.

https://developer.hashicorp.com/terraform/language/state/purpose

Question 27: Correct

True or False? By default, the terraform destroy command will prompt the user for confirmation before proceeding.

  • (Correct)

Explanation

True. By default, Terraform will prompt for confirmation before proceeding with the terraform destroy command. This prompt allows you to verify that you really want to destroy the infrastructure that Terraform is managing before it actually does so.

Terraform destroy will always prompt for confirmation before executing unless passed the -auto-approve flag.

  1. $ terraform destroy
  2. Do you really want to destroy all resources?
  3. Terraform will destroy all your managed infrastructure, as shown above.
  4. There is no undo. Only ‘yes’ will be accepted to confirm.
  5.  
  6. Enter a value: yes

https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-destroy

Question 28: Correct

After many years of using Terraform Open Source (OSS), you decide to migrate to Terraform Cloud. After the initial configuration, you create a workspace and migrate your existing state and configuration. What Terraform version would the new workspace be configured to use after the migration?

  • (Correct)

Explanation

When you create a new workspace, Terraform Cloud automatically selects the most recent version of Terraform available. If you migrate an existing project from the CLI to Terraform Cloud, Terraform Cloud configures the workspace to use the same version as the Terraform binary you used when migrating. Terraform Cloud lets you change the version a workspace uses on the workspace’s settings page to control how and when your projects use newer versions of Terraform.

It’s worth noting that Terraform Cloud also provides the ability to upgrade your Terraform version in a controlled manner. This allows you to upgrade your Terraform version in a safe and predictable way, without affecting your existing infrastructure or state.

https://developer.hashicorp.com/terraform/tutorials/cloud/cloud-versions

Question 29: Correct

Understanding how indexes work is essential when working with different variable types and resource blocks that use count or for_each. Therefore, what is the output value of the following code snippet?

  1. variable “candy_list” {
  2. type = list(string)
  3. default = [“snickers”, “kitkat”, “reeces”, “m&ms”]
  4. }
  5.  
  6. output “give_me_candy” {
  7. value = element(var.candy_list, 2)
  8. }
  • (Correct)

Explanation

In this example, the candy_list variable is a list of strings, and the output block retrieves the third element in the list (at index 2) and outputs it as the value of give_me_candy.

Remember that an index starts at [0], and then counts up. Therefore, the following represents the index value as shown in the variable above:

  • [0] = snickers
  • [1] = kitkat
  • [2] = reeces
  • [3] = m&ms

https://developer.hashicorp.com/terraform/language/functions/index_function

https://developer.hashicorp.com/terraform/language/functions/element

Question 30: Correct

While Terraform is generally written using the HashiCorp Configuration Language (HCL). What other syntax can Terraform be expressed in?

  • (Correct)

Explanation

Terraform can be expressed using two syntaxes: HashiCorp Configuration Language (HCL), which is the primary syntax for Terraform, and JSON.

The HCL syntax is designed to be human-readable and easy to write, and it provides many features designed explicitly for Terraform, such as interpolation, variables, and modules.

The JSON syntax is a machine-readable alternative to HCL, and it is typically used when importing existing infrastructure into Terraform or when integrating Terraform with other tools that expect data in JSON format.

While Terraform will automatically detect the syntax of a file based on its extension, you can also specify the syntax explicitly by including a terraform stanza in the file, as follows:

  1. # HCL syntax Example
  2. # terraform { }
  3.  
  4.  
  5. # JSON syntax Exmample
  6. {
  7. “terraform”: {}
  8. }

Note that while JSON is supported as a syntax, it is not recommended to use it for writing Terraform configurations from scratch, as the HCL syntax is more user-friendly and provides better support for Terraform’s specific features.

https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md

https://developer.hashicorp.com/terraform/language/syntax/json

Question 31: Incorrect

Anyone can publish and share modules on the Terraform Public Module Registry, and meeting the requirements for publishing a module is extremely easy.

What are some of the requirements that must be met in order to publish a module on the Terraform Public Module Registry? (select three)

  • (Correct)
  • (Correct)
  • (Correct)

Explanation

The list below contains all the requirements for publishing a module. Meeting the requirements for publishing a module is extremely easy. The list may appear long only to ensure we’re detailed, but adhering to the requirements should happen naturally.

  • GitHub. The module must be on GitHub and must be a public repo. This is only a requirement for the public registry. If you’re using a private registry, you may ignore this requirement
  • Named terraform-<PROVIDER>-<NAME>. Module repositories must use this three-part name format, where <NAME> reflects the type of infrastructure the module manages and <PROVIDER> is the main provider where it creates that infrastructure. The <NAME> segment can contain additional hyphens. Examples: terraform-google-vault or terraform-aws-ec2-instance.
  • Repository description. The GitHub repository description is used to populate the short description of the module. This should be a simple one-sentence description of the module.
  • Standard module structure. The module must adhere to the standard module structure. This allows the registry to inspect your module and generate documentation, track resource usage, parse submodules and examples, and more.
  • x.y.z tags for releases. The registry uses tags to identify module versions. Release tag names must be a semantic version, which can optionally be prefixed with a v. For example, v1.0.4 and 0.9.2. To publish a module initially, at least one release tag must be present. Tags that don’t look like version numbers are ignored.

https://developer.hashicorp.com/terraform/registry/modules/publish#requirements

Question 32: Correct

Sara has her entire application automated using Terraform, but she needs to start automating more infrastructure components, such as creating a new subnet, DNS record, and load balancer. Sara wants to create these new resources using modules so she easily reuse the code. However, Sara is having problems getting the subnet_id from the subnet module to pass to the load balancer module.

modules/subnet.tf:

  1. resource “aws_subnet” “bryan” {
  2. vpc_id = aws_vpc.krausen.id
  3. cidr_block = “10.0.1.0/24”
  4.  
  5. tags = {
  6. Name = “Krausen Subnet”
  7. }
  8. }

What could fix this problem?

  • (Correct)

Explanation

Modules also have output values, which are defined within the module with the output keyword. You can access them by referring to module.<MODULE NAME>.<OUTPUT NAME>. Like input variables, module outputs are listed under the outputs tab in the Terraform registry.

Module outputs are usually either passed to other parts of your configuration, or defined as outputs in your root module.

https://learn.hashicorp.com/tutorials/terraform/module-use#define-root-output-values

Question 33:

Where does Terraform Open Source (OSS) store the local state for workspaces?

  • (Correct)

Explanation

Terraform Open Source (OSS) stores the local state for workspaces in a file on disk. For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d/<workspace_name>. Here’s a screenshot of a Terraform run that was created using a workspace called training. You can see that Terraform created the terraform.tfstate.d directory, and then a directory with the namespace name underneath it.

Under each directory, you’ll find the state file, which is name terraform.tfstate

https://developer.hashicorp.com/terraform/cli/workspaces#workspace-internals

Question 34: Incorrect

Which of the following variable declarations is going to result in an error?

variable “example” {

  1. description = “This is a test”
  2. type = map
  3. default = {“one” = 1, “two” = 2, “Three” = “3”}
  4. }(Incorrect)
    1. variable “example” {
    2. type = object({})
    3. }
    1. variable “example” {
    2.   description = “This is a variable description”
    3.   type = list(string)
    4. default = {}
    5. }
    (Correct)

Explanation

This variable declaration for a type list is incorrect because a list expects square brackets [ ] and not curly braces. All of the others are correct variable declarations.

From the official HashiCorp documentation found here:

Lists/tuples are represented by a pair of square brackets containing a comma-separated sequence of values, like ["a", 15, true].

Question 35:

A user runs terraform init on their RHEL-based server, and per the output, two provider plugins are downloaded:

  1. $ terraform init
  2.  
  3. Initializing the backend
  4.  
  5. Initializing provider plugins
  6. Checking for available provider plugins
  7. Downloading plugin for provider “aws” (hashicorp/aws) 2.44.0...
  8. Downloading plugin for provider “random” (hashicorp/random) 2.2.1...
  9.  
  10. Terraform has been successfully initialized!

Where are these plugins downloaded and stored on the server?

  • (Correct)

Explanation

By default, terraform init downloads plugins into a subdirectory of the working directory, .terraform/providers so that each working directory is self-contained.

See the example below, where I ran a terraform init and you can see the resulting directory (highlighted in the red box) and then the actual provider that was downloaded (highlighted by the green arrow)

https://developer.hashicorp.com/terraform/plugin#installing-plugins

Question 36: Incorrect

A user has created three workspaces using the command line – proddev, and test. The user wants to create a fourth workspace named stage.

Which command will the user execute to accomplish this task?

  • (Correct)

Explanation

The user can execute the following command to create a fourth workspace named stage:

  1. $ terraform workspace new stage

This command will create a new Terraform workspace named stage. The user can then switch to the new workspace using the terraform workspace select command and use it to manage resources in the new environment.

https://developer.hashicorp.com/terraform/cli/commands/workspace/new

Question 37: Correct

True or False? The terraform plan -refresh-only command is used to create a plan whose goal is only to update the Terraform state to match any changes made to remote objects outside of Terraform.

  • (Correct)

Explanation

The terraform plan -refresh-only command is used in Terraform to update the state of your infrastructure in memory without making any actual changes to the infrastructure. The -refresh-only flag tells Terraform to only update its understanding of the current state of the infrastructure and not to make any changes.

When you run terraform plan -refresh-only, Terraform will query the current state of your infrastructure and update its internal state to reflect what it finds. This can be useful if you want to ensure that Terraform has the most up-to-date information about your infrastructure before generating a plan, without actually making any changes.

It is important to note that while the terraform plan -refresh-only command updates Terraform’s internal state, it does not modify the Terraform state file on disk. The Terraform state file is only updated when Terraform actually makes changes to the infrastructure.

Note that this command replaced the deprecated command terraform refresh

https://developer.hashicorp.com/terraform/cli/commands/plan#planning-modes

https://developer.hashicorp.com/terraform/cli/commands/refresh

Question 38: Incorrect

What Terraform command can be used to remove the lock on the state for the current configuration?

  • (Correct)

Explanation

The terraform force-unlock command can be used to remove the lock on the Terraform state for the current configuration. Another option is to use the “terraform state rm” command followed by the “terraform state push” command to forcibly overwrite the state on the remote backend, effectively removing the lock. It’s important to note that these commands should be used with caution, as they can potentially cause conflicts and data loss if not used properly.

Be very careful forcing an unlock, as it could cause data corruption and problems with your state file.

https://developer.hashicorp.com/terraform/cli/commands/force-unlock

Question 39: Correct

Harry has deployed resources on Azure using Terraform. However, he has discovered that his co-workers Ron and Ginny have manually created a few resources using the Azure console. Since it is company policy to manage production workloads using IaC, how can Harry bring these resources under Terraform management without negatively impacting the availability of the deployed resources?

  • (Correct)

Explanation

To manage the resources created manually by Ron and Ginny in Terraform without negatively impacting the availability of the deployed resources, Harry can follow the steps below:

  1. Import the existing resources: Harry can use the terraform import command to import the existing resources into Terraform. The terraform import command allows you to import existing infrastructure into Terraform, creating a Terraform state file for the resources.
  2. Modify the Terraform configuration: After importing the resources, Harry can modify the Terraform configuration to reflect the desired state of the resources. This will allow him to manage the resources using Terraform just like any other Terraform-managed resource
  3. Test the changes: Before applying the changes, Harry can use the terraform plan command to preview the changes that will be made to the resources. This will allow him to verify that the changes will not negatively impact the availability of the resources.
  4. Apply the changes: If the changes are correct, Harry can use the terraform apply command to apply the changes to the resources.

By following these steps, Harry can start managing the manually created resources in Terraform while ensuring that the availability of the deployed resources is not impacted.

The terraform import command is used to import existing resources into Terraform. This allows you to take resources that you’ve created by some other means and bring them under Terraform management.

Note that terraform import DOES NOT generate configuration, it only modifies state. You’ll still need to write a configuration block for the resource for which it will be mapped using the terraform import command.

https://developer.hashicorp.com/terraform/cli/commands/import

Question 40: Incorrect

Which Terraform command will check and report errors within modules, attribute names, and value types to ensure they are syntactically valid and internally consistent?

  • (Correct)

Explanation

The terraform validate command is used to check and report errors within modules, attribute names, and value types to ensure they are syntactically valid and internally consistent. This command performs basic validation of the Terraform configuration files in the current directory, checking for issues such as missing required attributes, invalid attribute values, and incorrect structure of the Terraform code.

For example, if you run terraform validate and there are syntax errors in your Terraform code, Terraform will display an error message indicating the line number and description of the issue. If no errors are found, the command will return with no output.

It’s recommended to run terraform validate before running terraform apply, to ensure that your Terraform code is valid and will not produce unexpected results.

https://developer.hashicorp.com/terraform/cli/commands/validate

Question 41:

Which of the following statements represents the most accurate statement about the Terraform language:

  • (Correct)

Explanation

Terraform is written in HashiCorp Configuration Language (HCL). However, Terraform also supports a syntax that is JSON compatible (https://developer.hashicorp.com/terraform/language/syntax/json).

Terraform is primarily designed on immutable infrastructure principles https://www.hashicorp.com/resources/what-is-mutable-vs-immutable-infrastructure

Terraform is also a declarative language, where you simply declare the desired state, and Terraform ensures that real-world resources match the desired state as written. An imperative approach is different, where the tool uses a step-by-step workflow to create the desired state.

Incorrect Answers:

Terraform is not a configuration management tool – https://developer.hashicorp.com/terraform/intro/vs/chef-puppet

Question 42:

In order to reduce the time it takes to provision resources, Terraform uses parallelism. By default, how many resources will Terraform provision concurrently during a terraform apply?

Explanation

By default, Terraform will provision resources concurrently with a maximum of 10 concurrent resource operations. This setting is controlled by the parallelism configuration option in Terraform, which can be set globally in the Terraform configuration file or on a per-module basis.

The parallelism setting determines the number of resource operations that Terraform will run in parallel, so increasing the parallelism setting will result in Terraform provisioning resources more quickly, but can also increase the risk of rate-limiting or other errors from the API.

You can adjust the parallelism setting in your Terraform configuration file by adding the following code:

  1. terraform {
  2. parallelism = 20
  3. }

This setting sets the maximum number of concurrent resource operations to 10. You can adjust this number to meet your specific needs and constraints.

https://developer.hashicorp.com/terraform/internals/graph#walking-the-graph

Question 43: Correct

You are using Terraform to deploy some cloud resources and have developed the following code. However, you receive an error when trying to provision the resource. Which of the following answer fixes the syntax of the  Terraform code?

  1. resource “aws_security_group” “vault_elb” {
  2. name = “${var.name_prefix}-vault-elb”
  3. description = Vault ELB
  4. vpc_id = var.vpc_id
  5. }
    1. resource “aws_security_group” “vault_elb” {
    2. name = “${var.name_prefix}-vault-elb”
    3. description = var_Vault ELB
    4. vpc_id = var.vpc_id
    5. }
    1. resource “aws_security_group” “vault_elb” {
    2. name = “${var.name_prefix}-vault-elb”
    3. description = “Vault ELB”
    4. vpc_id = var.vpc_id
    5. }
    (Correct)
    1. resource “aws_security_group” “vault_elb” {
    2. name = “${var.name_prefix}-vault-elb”
    3. description = “${Vault ELB}”
    4. vpc_id = var.vpc_id
    5. }
    1. resource “aws_security_group” “vault_elb” {
    2. name = “${var.name_prefix}-vault-elb”
    3. description = [Vault ELB]
    4. vpc_id = var.vpc_id
    5. }

Explanation

When assigning a value to an argument in Terraform, there are a few requirements that must be met:

  1. Data type: The value must be of the correct data type for the argument. Terraform supports several data types, including strings, numbers, booleans, lists, and maps.
  2. Value constraints: Some arguments may have specific value constraints that must be met. For example, an argument may only accept values within a certain range or values from a specific set of values.

When assigning a value to an argument expecting a string, it must be enclosed in quotes (“…”) unless it is being generated programmatically.

https://developer.hashicorp.com/terraform/language/syntax/configuration#arguments-and-blocks

Question 44:

What tasks can the terraform state command be used for in Terraform?

  • (Correct)

Explanation

The terraform state command and its subcommands can be used for various tasks related to the Terraform state. Some of the tasks that can be performed using the terraform state command are:

  1. Inspecting the Terraform state: The terraform state show subcommand can be used to display the current state of a Terraform configuration. This can be useful for verifying the current state of resources managed by Terraform.
  2. Updating the Terraform state: The terraform state mv and terraform state rm subcommands can be used to move and remove resources from the Terraform state, respectively.
  3. Pulling and pushing the Terraform state: The terraform state pull and terraform state push subcommands can be used to retrieve and upload the Terraform state from and to a remote backend, respectively. This is useful when multiple users or systems are working with the same Terraform configuration.
  4. Importing resources into Terraform: The terraform state import subcommand can be used to import existing resources into the Terraform state. This allows Terraform to manage resources that were created outside of Terraform.

By using the terraform state command and its subcommands, users can manage and manipulate the Terraform state in various ways, helping to ensure that their Terraform configurations are in the desired state.

https://developer.hashicorp.com/terraform/cli/commands/state/list

https://developer.hashicorp.com/terraform/cli/state

Question 45: Correct

Freddy and his co-worker Jason are deploying resources in GCP using Terraform for their team. After resources have been deployed, they must destroy the cloud-based resources to save on costs. However, two other team members, Michael and Chucky, are using a Cloud SQL instance for testing and request to keep it running.

How can Freddy and Jason destroy all other resources without negatively impacting the database?

  • (Correct)

Explanation

To destroy all Terraform-managed resources except for a single resource, you can use the terraform state command to remove the state for the resources you want to preserve. This effectively tells Terraform that those resources no longer exist, so it will not attempt to destroy them when you run terraform destroy.

Here’s an example of how you could do this:

  1. Identify the resource you want to preserve. In this example, let’s assume you want to preserve a resource named prod_db.
  2. Run terraform state list to see a list of all Terraform-managed resources.
  3. Run terraform state rm for each resource you want to keep, like the prod_db. For example:
    1. terraform state rm google_sql_database_instance.prod_db
    2. terraform state rm aws_instance.another_instance
  4. Run terraform destroy to destroy all remaining resources. Terraform will not attempt to destroy the resource you preserved in step 3 because Terraform no longer manages it.

Note that this approach can be dangerous and is not recommended if you have multiple Terraform workspaces or if you are using a remote state backend, as it can cause inconsistencies in your state file. In those cases, it is usually better to use a separate Terraform workspace for the resources you want to preserve or to utilize Terraform’s built-in resource-targeting functionality to destroy only specific resources.

All other options would be too time-consuming or will cause an outage to the database.

https://developer.hashicorp.com/terraform/cli/commands/state/rm

Question 46: Incorrect

You are performing a code review of a colleague’s Terraform code and see the following code. Where is this module stored?

  1. module “vault-aws-tgw” {
  2. source = “terraform-vault-aws-tgw/hcp”
  3. version = “1.0.0”
  4. client_id = “4djlsn29sdnjk2btk”
  5. hvn_id = “a4c9357ead4de”
  6. route_table_id = “rtb-a221958bc5892eade331”
  7. }
  • (Correct)

Explanation

You can use the Terraform Public Module Registry by referencing the modules you want to use in your Terraform code and including them as part of your configuration.

To reference a module from the Terraform Public Module Registry, you can use the module block in your Terraform code. For example, if you want to use a VPC module from the registry, you would add the following code to your Terraform configuration:

  1. module “vpc” {
  2. source = “terraform-aws-modules/vpc”
  3. version = “2.34.0”
  4.  
  5. # Add any required variables and configuration here
  6. }

The source attribute specifies the module source, which is the repository on the Terraform Public Module Registry. The version attribute specifies the version of the module you want to use.

You can also pass values for variables in the module by them within the module block. For example:

  1. module “vpc” {
  2. source = “terraform-aws-modules/vpc”
  3. version = “2.34.0”
  4.  
  5. name = “my-vpc”
  6. cidr = “10.0.0.0/16”
  7. azs = [“us-west-2a”, “us-west-2b”, “us-west-2c”]
  8. }

Once you’ve specified the module in your Terraform code, you can use it as you would any other resource. For example, you could reference the VPC ID created by the VPC module with the following code:

  1. output “vpc_id” {
  2. value = module.vpc.vpc_id
  3. }

You can find more information on using modules from the Terraform Public Module Registry in the Terraform documentation: https://www.terraform.io/docs/configuration/modules.html

Question 47: Correct

Why might users want to utilize Sentinel or OPA with Terraform Cloud in their infrastructure workflow? (select four)

  • (Correct)
  • (Correct)
  • (Correct)
  • (Correct)

Explanation

Using Sentinel and OPA with Terraform Cloud provides several benefits that enhance the overall management and security of your infrastructure. Using Sentinel with Terraform Cloud provides a powerful mechanism to enforce policies, increase security, and maintain compliance in your infrastructure deployments. It gives you greater control and confidence in managing your cloud resources while promoting best practices and reducing the risk of misconfiguration. Here are some specific reasons and examples on why you would use Sentinel with Terraform Cloud:

  1. Policy Enforcement: Sentinel and OPA enable you to define and enforce policies that govern the configurations and changes made to your infrastructure. You can create custom policies tailored to your organization’s needs, ensuring compliance with regulatory requirements, security best practices, and internal standards.
  2. Automated Governance: With Sentinel and OPA, you can implement automated governance and compliance checks in your Terraform workflows. This means that every time changes are proposed or applied, Sentinel or OPA evaluates those changes against the defined policies, automatically preventing non-compliant configurations from being deployed.
  3. Enhanced Security: By incorporating Sentinel or OPA into your Terraform Cloud environment, you can bolster your infrastructure security. Sentinel can flag and block any potentially risky configurations, helping to minimize security vulnerabilities and ensuring that only approved, secure changes are allowed.
  4. Version-controlled Policies: Sentinel and OPA policies are defined as code, which means they can be stored in version control alongside your Terraform configurations. This allows your policies to be managed, reviewed, and updated through the same version control system, improving collaboration and maintaining a history of policy changes.
  5. Custom Approval Workflows: You can create customized approval workflows based on policy conditions using Sentinel or OPA. This means that changes to the infrastructure can be automatically approved or flagged for manual review, depending on the defined policies, ensuring tighter control over infrastructure modifications.
  6. Preventing Costly Mistakes: Sentinel and OPA policies can help catch potential mistakes or misconfigurations before they impact your infrastructure. By running policy checks in real-time, you can identify issues early on and avoid costly downtime or unexpected behavior caused by incorrect configurations.
  7. Consistency and Best Practices: Utilizing Sentinel/OPA allows you to enforce consistent naming conventions, tagging standards, and other best practices across your infrastructure. This consistency leads to improved manageability and makes it easier for teams to collaborate effectively.
  8. Auditing and Compliance Reporting: With Sentinel’s logging and reporting capabilities, you can track policy decisions and changes made to your infrastructure over time. This audit trail is valuable for compliance purposes and can be used to demonstrate adherence to regulatory requirements.

Wrong Answer:

– Using Sentinel or OPA would NOT allow you to bypass version control. In fact, with TFC, your workspace would likely be configured to ONLY manage changes to your environment using code that is committed to a linked code repository.

https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement

Question 48: Incorrect

When multiple arguments with single-line values appear on consecutive lines at the same nesting level, HashiCorp recommends that you:

    1. ami = “abc123”
    2. instance_type = “t2.micro”(Correct)
    1. name = “www.example.com”
    2. records = [aws_eip.lb.public_ip]
    3. type = “A”
    4. ttl = “300”
    5. zone_id = aws_route53_zone.primary.zone_id
    1. ami = var.aws_ami
    2. instance_type = var.instance_size
    3. subnet_id = “subnet-0bb1c79de3EXAMPLE”
    4. tags = {
    5. Name = “HelloWorld”
    6. }
    1. type = “A”
    2.  
    3. ttl = “300”
    4.  
    5. zone_id = aws_route53_zone.primary.zone_id

Explanation

HashiCorp style conventions suggest that you align the equals sign for consecutive arguments for easing readability for configurations:

  1. ami = “abc123”
  2. instance_type = “t2.micro”
  3. subnet_id = “subnet-a6b9cc2d59cc”

Notice how the equal (=) signs are aligned, even though the arguments are of different lengths.

https://developer.hashicorp.com/terraform/language/syntax/style

Question 49: Incorrect

When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)

  1. terraform {
  2. required_providers {
  3. aws = “~> 1.2.0”
  4. }
  5. }
  • (Correct)
  • (Correct)

Explanation

In a required_version parameter in Terraform, the tilde (~) symbol followed by the greater than symbol (>) specifies a “compatible with” version constraint.

For example, if your Terraform configuration specifies required_version = "~> 1.12.0", Terraform will accept any version of Terraform 1.12 that is greater than or equal to version 1.12.0 and less than 1.13.0. In other words, Terraform will accept any version of Terraform 1.12 that is considered compatible with version 1.12.0.

This type of version constraint is useful when your Terraform configuration uses features that are available in a specific version of Terraform, but you also want to allow for later versions of Terraform that are compatible with that version. This allows you to specify a minimum required version of Terraform, while also allowing for later versions that are compatible with your configuration.

Note that version constraints specified using the tilde and greater than symbols are specific to Terraform, and they are not a standard part of the Semantic Versioning specification.

https://developer.hashicorp.com/terraform/language/modules/syntax#version

https://developer.hashicorp.com/terraform/language/expressions/version-constraints#version-constraint-syntax

Question 50: Incorrect

Oscar is modifying his Terraform configuration file but isn’t 100% sure it’s correct. He is afraid that changes made could negatively affect production workloads.

How can Oscar validate the changes that will be made without impacting existing workloads?

  • (Correct)

Explanation

The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.

This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or the state.

https://developer.hashicorp.com/terraform/cli/commands/plan

Question 51: Correct

Which are some of the benefits of using Infrastructure as Code in an organization? (select three)

  • (Correct)
  • (Correct)
  • (Correct)

Explanation

Infrastructure as Code has many benefits. For starters, IaC allows you to create a blueprint of your data center as code that can be versionedshared, and reused. Because IaC is code, it can (and should) be stored and managed in a code repository, such as GitHub, GitLab, or Bitbucket.  Changes can be proposed or submitted via Pull Requests (PRs), which can help ensure a proper workflow, enable an approval process, and follow a typical development lifecycle.

One of the primary reasons that Terraform (or other IaC tools) are becoming more popular is because they are mostly platform agnostic. You can use Terraform to provision and manage resources on various platforms, SaaS products, and even local infrastructure.

IaC is generally easy to read (and develop). Terraform is written in HashiCorp Configuration Language (HCL), while others may use YAML or solution-specific languages (like Microsoft ARM). But generally, IaC code is easy to read and understand

Incorrect Answer:

IaC is written using a declarative approach (not imperative), which allows users to simply focus on what the eventual target configuration should be, and the tool manages the process of how that happens. This often speeds things up because resources can be created/managed in parallel when there aren’t any implicit or explicit dependencies.

https://developer.hashicorp.com/terraform/tutorials/aws-get-started/infrastructure-as-code

https://www.terraform.io/use-cases/infrastructure-as-code

Question 52: Incorrect

What is the correct syntax for defining a list of strings for a variable in Terraform?

    1. variable “resource_tags” {
    2. description = “Tags to set for all resources”
    3. type = <removed>
    4. default = {
    5. project = “exam-prep”,
    6. environment = “prod”
    7. instructor = “krausen”
    8. }
    9. }
    1. variable “aws_region” {
    2. description = “AWS region”
    3. type = <removed>
    4. default = “us-west-1”
    5. }
    1. variable “public_subnet_cidr_blocks” {
    2. type = <removed>
    3. default = [
    4. “10.0.1.0/24”,
    5. “10.0.1.0/24”,
    6. “10.0.1.0/24”,
    7. “10.0.1.0/24”,
    8. ]
    9. }
    (Correct)
    1. variable “public_subnets” {
    2. description = “The number of public subnets for VPC”
    3. type = <removed>
    4. default = 2
    5. }
    (Incorrect)

Explanation

In Terraform, you can use a list of strings variable to store multiple string values and reference those values in your Terraform configuration. Here’s how you can use a list of strings variable in Terraform:

  1. Define the variable: To define a list of strings variable in Terraform, you need to specify the type as list(string). Here’s an example:
  1. variable “example_list” {
  2. type = list(string)
  3. }
  1. Assign values to the variable: You can assign values to a list of strings variable in your Terraform configuration, for example:
  1. variable “example_list” {
  2. type = list(string)
  3. default = [“string1”, “string2”, “string3”]
  4. }

In this example, the example_list variable is defined as a list of strings and its default value is set to a list of three strings.

https://developer.hashicorp.com/terraform/tutorials/configuration-language/variables#list-public-and-private-subnets

https://developer.hashicorp.com/terraform/language/expressions/types#list

Question 53: Incorrect

You are adding a new variable to your configuration. Which of the following is NOT a valid variable type in Terraform?

  • (Correct)

Explanation

The Terraform language uses the following types for its values: stringnumberboollist (or tuple), map (or object). There are no other supported variable types in Terraform, therefore, float is incorrect in this question.

Don’t forget that variable types are included in a variable block, but they are NOT required since Terraform interprets the type from a default value or value provided by other means (ENV, CLI flag, etc)

  1. variable “practice-exam” {
  2. description = “bryan’s terraform associate practice exams”
  3. type = string
  4. default = “highly-rated”
  5. }

https://developer.hashicorp.com/terraform/language/expressions/types

Question 54: Correct

Emma is a Terraform expert, and she has automated all the things with Terraform. A virtual machine was provisioned during a recent deployment, but a local script did not work correctly. As a result, the virtual machine needs to be destroyed and recreated.

How can Emma quickly have Terraform recreate the one resource without having to destroy everything that was created?

  • (Correct)

Explanation

The terraform apply -replace command manually marks a Terraform-managed resource for replacement, forcing it to be destroyed and recreated on the apply execution.

You could also use terraform destroy -target <virtual machine> and destroy only the virtual machine and then run a terraform apply again.

IMPORTANT – PLEASE READ

This command replaces terraform taint, which was the command that would be used up until 0.15.x. You may still see terraform taint on the actual exam until it is updated.

https://developer.hashicorp.com/terraform/cli/commands/taint

https://developer.hashicorp.com/terraform/cli/commands/plan#replace-address

Question 55: Correct

True or False? Using the latest versions of Terraform, terraform init cannot automatically download community providers.

  • (Correct)

Explanation

False. With the latest versions of Terraform, terraform init can automatically download community providers. More specifically, this feature was added with Terraform 0.13. Before 0.13, terraform init would NOT download community providers.

Terraform includes a built-in provider registry that allows you to easily install and manage the providers you need for your Terraform configuration. When you run terraform init, Terraform will check your configuration for any required providers and download them automatically if they are not already installed on your system. This includes both official Terraform providers and community-maintained providers.

To use a community-maintained provider in your Terraform configuration, you need to specify the provider in your configuration using the provider block and include the provider’s source repository in your configuration. Terraform will download and install the provider automatically when you run terraform init, provided that the provider is available in the Terraform provider registry.

https://www.hashicorp.com/blog/automatic-installation-of-third-party-providers-with-terraform-0-13

Question 56: Incorrect

A “backend” in Terraform determines how state is loaded and how an operation such as apply is executed. Which of the following is not a supported backend type?

  • (Correct)

Explanation

GitHub is not a supported backend type.

The Terraform backend is responsible for storing the state of your Terraform infrastructure and ensuring that state is consistent across all team members. Terraform state is used to store information about the resources that Terraform has created, and is used by Terraform to determine what actions are necessary when you run Terraform commands like apply or plan.

Terraform provides several backend options, including:

  • local backend: The default backend, which stores Terraform state on the local filesystem. This backend is suitable for small, single-user deployments, but can become a bottleneck as the size of your infrastructure grows or as multiple users start managing the infrastructure.
  • remote backend: This backend stores Terraform state in a remote location, such as an S3 bucket, a Consul server, or a Terraform Enterprise instance. The remote backend allows multiple users to share the same state and reduces the risk of state corruption due to disk failures or other issues.
  • consul backend: This backend stores Terraform state in a Consul cluster. Consul provides a highly available and durable storage solution for Terraform state, and also provides features like locking and versioning that are important for collaboration.
  • s3 backend: This backend stores Terraform state in an S3 bucket. S3 provides a highly available and durable storage solution for Terraform state, and is a popular option for storing Terraform state for large infrastructure deployments.

When choosing a backend, you should consider the needs of your infrastructure, including the size of your deployment, the number of users who will be managing the infrastructure, and the level of collaboration that will be required. It’s also important to consider the cost and performance characteristics of each backend, as some backends may be more expensive or may require more setup and maintenance than others.

https://developer.hashicorp.com/terraform/language/settings/backends/configuration

Question 57: Incorrect

You and a colleague are working on updating some Terraform configurations within your organization. You need to follow a new naming standard for the local name within your resource blocks. However, you don’t want Terraform to replace the object after changing your configuration files.

As an example, you want to change data-bucket to now be prod-encrypted-data-s3-bucket in the following resource block:

  1. resource “aws_s3_bucket” “data-bucket” {
  2. bucket = “corp-production-data-bucket”
  3.  
  4. tags = {
  5. Name = “corp-production-data-bucket”
  6. Environment = “prod”
  7. }
  8. }

After updating the resource block, what command would you run to update the local name while ensuring Terraform does not replace the existing resource?

  • (Correct)

Explanation

You can use terraform state mv when you wish to retain an existing remote object but track it as a different resource instance address in Terraform, such as if you have renamed a resource block or you have moved it into a different module in your configuration.

In this case, Terraform would not touch the actual resource that is deployed, but it would simply attach the existing object to the new address in Terraform.

WRONG ANSWERS:

  • terraform apply - replace – this would cause Terraform to replace the resource
  • terraform apply - refresh-only – this command is used to reconcile any changes to the real-world resources and update state to reflect those changes. It would not help us solve our problem
  • terraform state rm – This command is used to remove a resource from state entirely while leaving the real-world resource intact. The bucket would still exist but it wouldn’t help us with renaming our resource in our configuration file.

https://developer.hashicorp.com/terraform/cli/commands/state/mv#usage

A specific example relating to this question