Terraform Exam 218 Questions with Verified Answers
Question #1
The terraform.tfstate file always matches your currently built infrastructure.
A.
... [Show More] True
B. False - CORRECT ANSWER 答案: B
https://www.terraform.io/docs/language/state/index.html
Question #2
One remote backend configuration always maps to a single remote workspace.
A. True
B. False - CORRECT ANSWER 答案: B
Question #3
How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?
A. It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
B. It doesn't show the output of a terraform apply locally
C. It is only available to paying customers
D. All of the above - CORRECT ANSWER 答案: A
解析:
If you and your team are using Terraform to manage meaningful infrastructure, we recommend using the remote backend with Terraform Cloud
or Terraform
Enterprise.
https://www.terraform.io/docs/language/settings/backends/index.html
Question #4
What is the workflow for deploying new infrastructure with Terraform?
A. terraform plan to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
B. Write a Terraform configuration, run terraform show to view proposed changes, and terraform apply to create new infrastructure.
C. terraform import to import the current infrastructure to the state file, make code changes, and terraform apply to update the infrastructure.
D. Write a Terraform configuration, run terraform init, run terraform plan to view planned infrastructure changes, and terraform apply to create new infrastructure. - CORRECT ANSWER 答案: D
Question #5
A provider configuration block is required in every Terraform configuration.
Example:
Provider "provider_name" {
.....}
A. True
B. False - CORRECT ANSWER 答案: B
Question #6
You run a local-exec provisioner in a null resource called null_resource.run_script and realize that you need to rerun the script.
Which of the following commands would you use first?
A. terraform taint null_resource.run_script
B. terraform apply -target=null_resource.run_script
C. terraform validate null_resource.run_script
D. terraform plan -target=null_resource.run_script - CORRECT ANSWER 答案: A
Question #7
Which provisioner invokes a process on the resource created by Terraform?
A. remote-exec
B. null-exec
C. local-exec
D. file - CORRECT ANSWER 答案: A
解析:
The remote-exec provisioner invokes a script on a remote resource after it is created.
https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html
Question #8
Which of the following is not true of Terraform providers?
A. Providers can be written by individuals
B. Providers can be maintained by a community of users
C. Some providers are maintained by HashiCorp
D. Major cloud vendors and non-cloud vendors can write, maintain, or collaborate on Terraform providers
E. None of the above - CORRECT ANSWER 答案: E
Question #9
What command does Terraform require the first time you run it within a configuration directory?
A. terraform import
B. terraform init
C. terraform plan
D. terraform workspace - CORRECT ANSWER 答案: B
解析:terraform init command is used to initialize a working directory containing Terraform configuration files.
https://www.terraform.io/docs/cli/commands/init.html
Question #10
You have deployed a new webapp with a public IP address on a cloud provider. However, you did not create any outputs for your code.
What is the best method to quickly find the IP address of the resource you deployed?
A. Run terraform output ip_address to view the result
B. In a new folder, use the terraform_remote_state data source to load in the state file, then write an output for each resource that you find the state file
C. Run terraform state list to find the name of the resource, then terraform state show to find the attributes including public IP address
D. Run terraform destroy then terraform apply and look for the IP address in stdout - CORRECT ANSWER 答案: C
Question #11
Which of the following is not a key principle of infrastructure as code?
A. Versioned infrastructure
B. Golden images
C. Idempotence
D. Self-describing infrastructure - CORRECT ANSWER 答案: D
解析:
https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-
Question #12
Terraform variables and outputs that set the "description" argument will store that description in the state file.
A. True
B. False - CORRECT ANSWER 答案: B
Question #13
What is the provider for this fictitious resource?
Resource "aws_vpc" "main" {
Name = "test"
}
A. vpc
B. main
C. aws
D. test - CORRECT ANSWER 答案: C
解析:
https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html
Question #14
If you manually destroy infrastructure, what is the best practice reflecting this change in Terraform?
A. Run terraform refresh
B. It will happen automatically
C. Manually update the state fire
D. Run terraform import - CORRECT ANSWER 答案: A
Question #15
What is not processed when running a terraform refresh?
A. State file
B. configuration file
C. Credentials
D. Cloud provider - CORRECT ANSWER 答案: B
Question #16
What information does the public Terraform Module Registry automatically expose about published modules?
A. Required input variables
B. Optional inputs variables and default values
C. Outputs
D. All of the above
E. None of the above - CORRECT ANSWER 答案: D
Question #17
If a module uses a local values, you can expose that value with a terraform output.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
Output values are like function return values.
https://www.terraform.io/docs/language/values/locals.html
https://www.terraform.io/docs/language/values/outputs.html
Question #18
You should store secret data in the same version control repository as your Terraform configuration.
A. True
B. False - CORRECT ANSWER 答案: B
解析:
https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1
Question #19
Which of the following is not a valid string function in Terraform?
A. split
B. join
C. slice
D. chomp - CORRECT ANSWER 答案: C
Question #20
You have provisioned some virtual machines (VMs) on Google Cloud Platform (GCP) using the gcloud command line tool. However, you are standardizing with Terraform and want to manage these VMs using Terraform instead.
What are the two things you must do to achieve this? (Choose two.)
A. Provision new VMs using Terraform with the same VM names
B. Use the terraform import command for the existing VMs
C. Write Terraform configuration for the existing VMs
D. Run the terraform import-gcp command - CORRECT ANSWER 答案: BC
Question #21
You have recently started a new job at a retailer as an engineer. As part of this new role, you have been tasked with evaluating multiple outages that occurred during peak shopping time during the holiday season. Your investigation found that the team is manually deploying new compute instances and configuring each compute instance manually. This has led to inconsistent configuration between each compute instance.
How would you solve this using infrastructure as code?
A. Implement a ticketing workflow that makes engineers submit a ticket before manually provisioning and configuring a resource
B. Implement a checklist that engineers can follow when configuring compute instances
C. Replace the compute instance type with a larger version to reduce the number of required deployments
D. Implement a provisioning pipeline that deploys infrastructure configurations committed to your version control system - CORRECT ANSWER 答案: D
Question #22
terraform init initializes a sample main.tf file in the current directory.
A. True
B. False - CORRECT ANSWER 答案: B
Question #23
Which two steps are required to provision new infrastructure in the Terraform workflow? (Choose two.)
A. Destroy
B. Apply
C. Import
D. Init
E. Validate - CORRECT ANSWER 答案: BD
解析:
https://www.terraform.io/guides/core-workflow.html
Question #24
Why would you use the terraform taint command?
A. When you want to force Terraform to destroy a resource on the next apply
B. When you want to force Terraform to destroy and recreate a resource on the next apply
C. When you want Terraform to ignore a resource on the next apply
D. When you want Terraform to destroy all the infrastructure in your workspace - CORRECT ANSWER 答案: B
解析:
The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next
apply.
https://www.terraform.io/docs/cli/commands/taint.html
Question #25
Terraform requires the Go runtime as a prerequisite for installation.
A. True
B. False - CORRECT ANSWER 答案: B
解析:
https://www.terraform.io/docs/extend/guides/v1-upgrade-guide.html
Question #26
When should you use the force-unlock command?
A. You see a status message that you cannot acquire the lock
B. You have a high priority change
C. Automatic unlocking failed
D. You apply failed due to a state lock - CORRECT ANSWER 答案: C
解析:
Manually unlock the state for the defined configuration.
https://www.terraform.io/docs/cli/commands/force-unlock.html
Question #27
Terraform can import modules from a number of sources `" which of the following is not a valid source?
A. FTP server
B. GitHub repository
C. Local path
D. Terraform Module Registry - CORRECT ANSWER 答案: A
Question #28
Which of the following is available only in Terraform Enterprise or Cloud workspaces and not in Terraform CLI?
A. Secure variable storage
B. Support for multiple cloud providers
C. Dry runs with terraform plan
D. Using the workspace as a data source - CORRECT ANSWER 答案: D
Question #29
terraform validate validates the syntax of Terraform files.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
The terraform validate command validates the syntax and arguments of the Terraform configuration files.
https://www.terraform.io/docs/cli/code/index.html
Question #30
You have used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your
Terraform configuration. To be safe, you would like to first see all the infrastructure that will be deleted by Terraform.
Which command should you use to show all of the resources that will be deleted? (Choose two.)
A. Run terraform plan -destroy.
B. This is not possible. You can only show resources that will be created.
C. Run terraform state rm *.
D. Run terraform destroy and it will first output all the resources that will be deleted before prompting for approval. - CORRECT ANSWER 答案: AD
Question #31
Which of the following is the correct way to pass the value in the variable num_servers into a module with the input servers?
A. servers = num_servers
B. servers = variable.num_servers
C. servers = var(num_servers)
D. servers = var.num_servers - CORRECT ANSWER 答案: D
Question #32
A Terraform provisioner must be nested inside a resource configuration block.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
Most provisioners require access to the remote resource via SSH or WinRM, and expect a nested connection block with details about how to connect.
https://www.terraform.io/docs/language/resources/provisioners/connection.html
Question #33
Terraform can run on Windows or Linux, but it requires a Server version of the Windows operating system.
A. True
B. False - CORRECT ANSWER 答案: B
Question #34
What does the default "local" Terraform backend store?
A. tfplan files
B. Terraform binary
C. Provider plugins
D. State file - CORRECT ANSWER 答案: D
解析:
The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.
https://www.terraform.io/docs/language/settings/backends/local.html
Question #35
You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for readability.
How can you format Terraform HCL (HashiCorp configuration Language) code according to standard Terraform style convention?
A. Run the terraform fmt command during the code linting phase of your CI/CD process
B. Designate one person in each team to review and format everyone's code
C. Manually apply two spaces indentation and align equal sign "=" characters in every Terraform file (*.tf)
D. Write a shell script to transform Terraform files using tools such as AWK, Python, and sed - CORRECT ANSWER 答案: A
Question #36
What value does the Terraform Cloud/Terraform Enterprise private module registry provide over the public Terraform Module Registry?
A. The ability to share modules with public Terraform users and members of Terraform Enterprise Organizations
B. The ability to tag modules by version or release
C. The ability to restrict modules to members of Terraform Cloud or Enterprise organizations
D. The ability to share modules publicly with any user of Terraform - CORRECT ANSWER 答案: C
Question #37
Which task does terraform init not perform?
A. Sources all providers present in the configuration and ensures they are downloaded and available locally
B. Connects to the backend
C. Sources any modules and copies the configuration locally
D. Validates all required variables are present - CORRECT ANSWER 答案: D
解析:
https://www.terraform.io/docs/cli/commands/init.html
Question #38
You have declared a variable called var.list which is a list of objects that all have an attribute id.
Which options will produce a list of the IDs? (Choose two.)
A. { for o in var.list : o => o.id }
B. var.list.*.id
C. [ var.list[*].id ]
D. [ for o in var.list : o.id ] - CORRECT ANSWER 答案: BD
Question #39
Which argument(s) is (are) required when declaring a Terraform variable?
A. type
B. default
C. description
D. All of the above
E. None of the above - CORRECT ANSWER 答案: E
Question #40
When using a module block to reference a module stored on the public Terraform Module Registry such as:
Module "consul"{
Source = "hashicorp/consul/aws"
}
How do you specify version 1.0.0?
A. Modules stored on the public Terraform Module Registry do not support versioning
B. Append ?ref=v1.0.0 argument to the source path
C. Add version = "1.0.0" attribute to module block
D. Nothing ג€" modules stored on the public Terraform Module Registry always default to version 1.0.0 - CORRECT ANSWER 答案: C
Question #41
What features does the hosted service Terraform Cloud provide? (Choose two.)
A. Automated infrastructure deployment visualization
B. Automatic backups
C. Remote state storage
D. A web-based user interface (UI) - CORRECT ANSWER 答案: CD
Question #42
Where does the Terraform local backend store its state?
A. In the /tmp directory
B. In the terraform file
C. In the terraform.tfstate file
D. In the user's terraform.state file - CORRECT ANSWER c. In the terraform.tfstate file
The Terraform local backend stores its state in a file named terraform.tfstate by default.
Question #43
Which option can not be used to keep secrets out of Terraform configuration files?
A. A Terraform provider
B. Environment variables
C. A -var flag
D. secure string - CORRECT ANSWER 答案: D
Question #44
What is one disadvantage of using dynamic blocks in Terraform?
A. They cannot be used to loop through a list of values
B. Dynamic blocks can construct repeatable nested blocks
C. They make configuration harder to read and understand
D. Terraform will run more slowly - CORRECT ANSWER 答案: C
Question #45
Only the user that generated a plan may apply it.
A. True
B. False - CORRECT ANSWER 答案: B
Question #46
Examine the following Terraform configuration, which uses the data source for an AWS AMI.
What value should you enter for the ami argument in the AWS instance resource?
Data "aws_ami" "ubuntu" {
...
}
Resource "aws_instance" "web"{
Ami = _____________
Instance_type = "t2.micro"
Tags ={
Name = "helloWorld"
}
}
A. aws_ami.ubuntu
B. data.aws_ami.ubuntu
C. data.aws_ami.ubuntu.id
D. aws_ami.ubuntu.id - CORRECT ANSWER 答案: C
解析:resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
Question #48
You have never used Terraform before and would like to test it out using a shared team account for a cloud provider. The shared team account already contains 15 virtual machines (VM). You develop a Terraform configuration containing one VM, perform terraform apply, and see that your VM was created successfully.
What should you do to delete the newly-created VM with Terraform?
A. The Terraform state file contains all 16 VMs in the team account. Execute terraform destroy and select the newly-created VM.
B. The Terraform state file only contains the one new VM. Execute terraform destroy.
C. Delete the Terraform state file and execute Terraform apply.
D. Delete the VM using the cloud provider console and terraform apply to apply the changes to the Terraform state file. - CORRECT ANSWER 答案: B
Question #49
What is the name assigned by Terraform to reference this resource?
Resource "azurerm_resource_group" "dev" {
Name = "test"
Location = "westus"
}
A. dev
B. azurerm_resource_group
C. azurerm
D. test - CORRECT ANSWER 答案: A
Question #50
Setting the TF_LOG environment variable to DEBUG causes debug messages to be logged into syslog.
A. True
B. False - CORRECT ANSWER 答案: B
Question #51
Where in your Terraform configuration do you specify a state backend?
A. The terraform block
B. The resource block
C. The provider block
D. The datasource block - CORRECT ANSWER 答案: A
解析:
Backends are configured with a nested backend block within the top-level terraform block.
https://www.terraform.io/docs/language/settings/backends/configuration.html
Question #52
In Terraform 0.13 and above, outside of the required_providers block, Terraform configurations always refer to providers by their local names.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
Outside of the required_providers block, Terraform configurations always refer to providers by their local names.
https://www.terraform.io/docs/language/providers/requirements.html
Question #53
What command should you run to display all workspaces for the current configuration?
A. terraform workspace
B. terraform workspace show
C. terraform workspace list
D. terraform show workspace - CORRECT ANSWER 答案: C
解析:
terraform workspace list
The command will list all existing workspaces.
https://www.terraform.io/docs/cli/commands/workspace/list.html
Question #54
Terraform providers are always installed from the Internet.
A. True
B. False - CORRECT ANSWER 答案: B
解析:
Terraform configurations must declare which providers they require, so that Terraform can install and use them.
https://www.terraform.io/docs/language/providers/configuration.html
Question #55
Which of these is the best practice to protect sensitive values in state files?
A. Blockchain
B. Secure Sockets Layer (SSL)
C. Enhanced remote backends
D. Signed Terraform providers - CORRECT ANSWER 答案: C
解析:
Use of remote backends and especially the availability of Terraform Cloud, there are now a variety of backends that will encrypt state at rest
and will not store the state in cleartext on machines running.
https://www.terraform.io/docs/extend/best-practices/sensitive-state.html
Question #56
When does terraform apply reflect changes in the cloud environment?
A. Immediately
B. However long it takes the resource provider to fulfill the request
C. After updating the state file
D. Based on the value provided to the -refresh command line argument
E. None of the above - CORRECT ANSWER 答案: B
Question #57
How would you reference the "name" value of the second instance of this fictitious resource?
Resource "aws_instance" "web"{
Count = 2
Name = "terraform-${count.index}"
}
A. element(aws_instance.web, 2)
B. aws_instance.web[1].name
C. aws_instance.web[1]
D. aws_instance.web[2].name
E. aws_instance.web.*.name - CORRECT ANSWER 答案: B
Question #58
A Terraform provider is not responsible for:
A. Understanding API interactions with some service
B. Provisioning infrastructure in multiple clouds
C. Exposing resources and data sources based on an API
D. Managing actions to take based on resource differences - CORRECT ANSWER 答案: D
Question #59
Terraform provisioners can be added to any resource block.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
https://www.terraform.io/docs/language/resources/provisioners/syntax.html
Question #60
What is terraform refresh intended to detect?
A. Terraform configuration code changes
B. Empty state files
C. State file drift
D. Corrupt state files - CORRECT ANSWER 答案: C
解析:
https://www.hashicorp.com/blog/detecting-and-managing-drift-with-terraform
Question #63
A Terraform local value can reference other Terraform local values.
A. True
B. False - CORRECT ANSWER 答案: A
解析:
https://www.terraform.io/docs/configuration-0-11/locals.html
Question #64
Which of the following is not a valid Terraform collection type?
A. list
B. map
C. tree
D. set - CORRECT ANSWER 答案: C
解析:
https://www.terraform.io/docs/language/expressions/type-constraints.html
Question #65
When running the command terraform taint against a managed resource you want to force recreation upon, Terraform will immediately destroy and recreate the resource.
A. True
B. False - CORRECT ANSWER 答案: B
解析:
https://www.devopsschool.com/blog/terraform-taint-and-untaint-explained-with-example-programs-and-tutorials/
Question #66
All standard backend types support state storage, locking, and remote operations like plan, apply and destroy.
A. True
B. False - CORRECT ANSWER 答案: B
Question #67
How can terraform plan aid in the development process?
A. Validates your expectations against the execution plan without permanently modifying state
B. Initializes your working directory containing your Terraform configuration files
C. Formats your Terraform configuration files
D. Reconciles Terraform's state against deployed resources and permanently modifi es state using the current status of deployed resources - CORRECT ANSWER 答案: A
解析:
https://github.com/hashicorp/terraform/issues/19235
Question #68
You would like to reuse the same Terraform configuration for your development and production environments with a different state file for each.
Which command would you use?
A. terraform import
B. terraform workspace
C. terraform state
D. terraform init - CORRECT ANSWER 答案: B
Question #69
What is the name assigned by Terraform to reference this resource?
Mainresource "google_compute_instance" "main"{
Name = "test"
}
A. compute_instance
B. main
C. google
D. teat - CORRECT ANSWER 答案: B
Question #70
You're building a CI/CD (continuous integration/ continuous delivery) pipeline and need to inject sensitive variables into your Terraform run.
How can you do this safely?
A. Pass variables to Terraform with a ג€"var flag
B. Copy the sensitive variables into your Terraform code
C. Store the sensitive variables in a secure_vars.tf file
D. Store the sensitive variables as plain text in a source code repository - CORRECT ANSWER 答案: A
Question #71
Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state files.
How can you protect sensitive data stored in Terraform state files?
A. Delete the state file every time you run Terraform
B. Store the state in an encrypted backend
C. Edit your state file to scrub out the sensitive data
D. Always store your secrets in a secrets.tfvars file. - CORRECT ANSWER 答案: B
解析:
https://www.terraform.io/docs/language/state/sensitive-data.html
Question #72
In contrast to Terraform Open Source, when working with Terraform Enterprise and Cloud Workspaces, conceptually you could think about them as completely separate working directories.
A. True
B. False - CORRECT ANSWER 答案: A
Question #73
You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (*.tf files). You need to enable debug messages to find this out.
Which of the following would achieve this?
A. Set the environment variable TF_LOG=TRACE
B. Set verbose logging for each provider in your Terraform configuration
C. Set the environment variable TF_VAR_log=TRACE
D. Set the environment variable TF_LOG_PATH - CORRECT ANSWER 答案: A
解析:
https://www.terraform.io/docs/cli/config/environment-variables.html
Question #74
How is terraform import run?
A. As a part of terraform init
B. As a part of terraform plan
C. As a part of terraform refresh
D. By an explicit call
E. All of the above - CORRECT ANSWER 答案: D [Show Less]