A provider configuration block is required in every Terraform configuration.
Example:
A resource block is shown in the Exhibit space of this page. What is the Terraform resource name of the resource block?
Which of the following command would be use to access all of the attributes and details of a resource managed by Terraform?
When you use a remote backend that needs authentication, HashiCorp recommends that you:
What type of information can be found on the Terraform Registry when using published modules?
What is the provider for the resource shown in the Exhibit?
resource "aws_vpc" "main" {
name = "test"
}
You have developed a new cloud-based service that uses proprietary APIs and want to use Terraform to create, manage, and delete users from the service. How can Terraform interact with the service?
What feature stops multiple users from operating on the Terraform state at the same time?
A senior admin accidentally deleted some of your cloud instances. What will Terraform do when you run terraform apply?
Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Cloud automatically and proactively enforce this security control?
What type of information can be found on the Terraform Registry when using published modules?
How would you output returned values from a child module in the Terraform CLI output?
You are working on some new application features and you want to spin up a copy of your production deployment to perform some quick tests. In order to avoid having to configure a new state backend, what open source Terraform feature would allow you create multiple states but still be associated with your current code?
A Terraform output that sets the "sensitive" argument to true will not store that value in the state file.
You modified your Terraform configuration and run Terraform plan to review the changes. Simultaneously, your teammate manually modified the infrastructure component you are working on. Since you already ran terraform plan locally, the execution plan for terraform apply will be the same.
terraform apply is failing with the following error. What next step should you take to determine the root cause of the problem?
Error:
yaml
CopyEdit
Error loading state: AccessDenied: Access Denied
status code: 403, request id: 288766CE5CCA24A0, host id: web.example.com
You're building a CI/CD (continuous integration/continuous delivery) pipeline and need to inject sensitive variables into your Terraform run. How can you do this safely?
One cloud block always maps to a single HCP Terraform/Terraform Cloud workspace.
You have deployed a new webapp with a public IP address on a cloud provider. However, you did not create any outputs for your code. What is the best method to quickly find the IP address of the resource you deployed?
In a Terraform Cloud workspace linked to a version control repository, speculative plan runs start automatically when you merge or commit changes to version control.
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example.
Git::https://example.com/vpc.git)?
Which of the following does terraform apply change after you approve the execution plan? (Choose two.)
What is the Terraform style convention for indenting a nesting level compared to the one above it?
The Terraform binary version and provider versions must match each other in a single configuration.
You add a new provider to your configuration and immediately run terraform apply in the CD using the local backend. Why does the apply fail?
As a developer, you want to ensure your plugins are up to date with the latest versions. Which Terraform command should you use?
What Terraform command always causes a state file to be updated with changes that might have been made outside of Terraform?
Terraform configuration (including any module references) can contain only one Terraform provider type.
What information does the public Terraform Module Registry automatically expose about published modules?
You use a cloud provider account that is shared with other team members. You previously used Terraform to create a load balancer that listens on port 80. After application changes, you updated the Terraform code to change the port to 443.
You run terraform plan and see that the execution plan shows the port changing from 80 to 443 like you intended and step away to grab some coffee.
In the meantime, another team member manually changes the load balancer port to 443 through the cloud provider console before you get back to your desk.
What will happen when you run terraform apply upon returning to your desk?
You decide to move a Terraform state file to Amazon S3 from another location. You write the code below into a file called backend.tf.
Which command will migrate your current state file to the new S3 remote backend?
You have provisioned some virtual machines (VMs) on Google Cloud Platform (GCP) using the gcloud command line tool. However, you are standardizing with Terraform and want to manage these VMs using Terraform instead. What are the two things you must do to achieve this? Choose two correct answers.
Which command must you first run before performing further Terraform operations in a working directory?
You ate creating a Terraform configuration which needs to make use of multiple providers, one for AWS and one for Datadog. Which of the following provider blocks would allow you to do this?
A)
B)
C)
D)
If you manually destroy infrastructure, what is the best practice reflecting this change in Terraform?
Which of the following isnotan advantage of using Infrastructure as Code (IaC) operations?
Which of these are features of HCP Terraform/Terraform Cloud? Pick the 2 correct responses below.
Your root module contains a variable namednum_servers. Which is the correct way to pass its value to a child module with an input namedservers?
Which command(s) adds existing resources in a public cloud into Terraform state?
A module block is shown in the Exhibit space of this page. When you use a module block to reference a module from the Terraform Registry such as the one in the example, how do you specify version 1.0.0 of the module?
Terraform can only manage resource dependencies if you set them explicitly with the depends_on argument.
Which of these ate secure options for storing secrets for connecting to a Terraform remote backend? Choose two correct answers.
Terraform variables and outputs that set the description argument will store that description in the state file.
All standard backend types support state locking, and remote operations like plan, apply, and destroy.
You are using a networking module in your Terraform configuration with the name label my-network. In your main configuration you have the following code:
When you run terraform validate, you get the following error:
What must you do to successfully retrieve this value from your networking module?
terraform validate confirms that your infrastructure matches the Terraform state file.
You created infrastructure outside the Terraform workflow that you now want to manage using Terraform. Which command brings the infrastructure into Terraform state?
How does the Terraform cloud integration differ from other state backends such as S3, Consul,etc?
You want to define a single input variable to capture configuration values for a server. The values must represent memory as a number, and the server name as a string.
Which variable type could you use for this input?
You can access state stored with the local backend by using terraform_remote_state data source.
Which of these actions are forbidden when the Terraform state file is locked? (Pick the 3 correct responses)
Your DevOps team is currently using the local backend for your Terraform configuration. You would like to move to a remote backend to store the state file in a central location. Which of the following backends would not work?
You can reference a resource created with for_each using a Splat ( *) expression.
You want to know from which paths Terraform is loading providers referenced in your Terraform configuration (* files). You need to enable additional logging messages to find this out. Which of the following would achieve this?
How can a ticket-based system slow down infrastructure provisioning and limit the ability to scale? Choose two correct answers.
Which method for sharing Terraform modules fulfills the following criteria:
Keeps the module configurations confidential within your organization.
Supports Terraform's semantic version constraints.
Provides a browsable directory of your modules.
How do you specify a module’s version when publishing it to the public terraform Module Registry?
When you include a module block in your configuration that references a module from the Terraform Registry, the "version" attribute is required.
You add a new resource to an existing Terraform configuration, but do not update the version constraint in the configuration. The existing and new resources use the same provider. The working contains a .terraform.lock, hc1 file.
How will Terraform choose which version of the provider to use?
terraform apply will fail if you have not run terraform plan first to update the plan output.
You use a cloud provider account that is shared with other team members. You previously used Terraform to create a load balancer that listens on port 80. After application changes, you updated the Terraform code to change the port to 443.
You run terraform plan and see that the execution plan shows the port changing from 80 to 443 like you intended and step away to grab some coffee.
In the meantime, another team member manually changes the load balancer port to 443 through the cloud provider console before you get back to your desk.
What will happen when you run terraform apply upon returning to your desk?
You must use different Terraform commands depending on the cloud provider you use.
You have deployed a new webapp with a public IP address on a cloud provider. However, you did not create any outputs for your code. What is the best method to quickly find the IP address of the resource you deployed?
Your security team scanned some Terraform workspaces and found secrets stored in plaintext in state files. How can you protect that data?