HashiCorp Terraform-Associate-003 Exam Practice Test Instant Access

Question 1

You want to use API tokens and other secrets within your team's Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick the 3 correct responses)

AIn an HCP Terraform/Terraform Cloud variable, with the sensitive option checked.

BIn HashiCorp Vault.

CIn a terraform.tfvars file, securely managed and shared with your team.

DIn a terraform.tfvars file, checked into your version control system.

EIn a plaintext document on a shared drive.

Answer : A, B, C

Sensitive values such as API tokens should be stored in a secure way, either in Terraform Cloud variables marked as sensitive or in HashiCorp Vault. Storing secrets in version control systems or plaintext files is not recommended.

References:

Terraform Cloud Environment Variables

Question 2

You used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your Terraform configuration. To be safe, you would like to first see all the infrastructure that Terraform will delete.

Which command should you use to show all the resources that will be deleted? (Pick the 2 correct responses)

ARun terraform destroy. This will output all the resources that will be deleted before prompting for approval.

BRun terraform show -destroy.

CRun terraform state rm *.

Answer : A, B

Running terraform destroy will show all resources that will be deleted before prompting for approval. You can also run terraform plan -destroy to simulate the destruction without actually applying it, which is useful for reviewing the planned changes.

References:

Terraform Destroy

Question 3

Which of these are benefits of using Sentinel with HCP Terraform/Terraform Cloud? (Pick the 3 correct responses)

AYou can enforce a list of approved AWS AMIs.

BSentinel Policies can be written in HashiCorp Configuration Language (HCL).

CYou can check out and check in cloud access keys.

DPolicy-as-code can enforce security best practices.

Answer : A, C, D

Sentinel is a policy-as-code framework that integrates with Terraform Cloud to enforce security, compliance, and governance rules. You can enforce rules such as approved AMIs and ensure security best practices. Policies are written in the Sentinel language, not HCL.

References:

Sentinel Policies

Question 4

Which of these statements about HCP Terraform/Terraform Cloud workspaces is false?

AThey can securely store cloud credentials.

BThey have role-based access controls.

CPlans and applies can be triggered via version control system integrations.

DYou must use the CLI to switch between workspaces.

Answer : D

In Terraform Cloud, you can switch between workspaces using both the web UI and CLI. The statement that you 'must use the CLI' is false. Workspaces can securely store cloud credentials, offer role-based access control, and integrate with VCS to trigger plan and apply operations.

References:

Terraform Cloud Workspaces

Question 5

Which of these actions are forbidden when the Terraform state file is locked? (Pick the 3 correct responses)

Aterraform apply

Bterraform state list

Cterraform destroy

Dterraform fmt

Answer : A, B, C

When the state file is locked, operations that modify or depend on the state (like terraform apply, terraform destroy, and terraform state list) are blocked. terraform fmt only formats the configuration files and does not interact with the state, so it is allowed.

References:

Terraform State Locking

Question 6

Where in your Terraform configuration do you specify a state backend?

AThe resource block

BThe data source block

CThe terraform block

DThe provider block

Answer : C

In Terraform, the backend configuration, which includes details about where and how state is stored, is specified within the terraform block of your configuration. This block is the correct place to define the backend type and its configuration parameters, such as the location of the state file for a local backend or the bucket details for a remote backend like S3.

References = This practice is outlined in Terraform's core documentation, which provides examples and guidelines on how to configure various aspects of Terraform's behavior, including state backends .

Question 7

In a Terraform Cloud workspace linked to a version control repository, speculative plan runs start automatically when you merge or commit changes to version control.

ATrue

BFalse

Answer : B

In Terraform Cloud, speculative plan runs are not automatically started when changes are merged or committed to the version control repository linked to a workspace. Instead, speculative plans are typically triggered as part of proposed changes in merge requests or pull requests to give an indication of what would happen if the changes were applied, without making any real changes to the infrastructure. Actual plan and apply operations in Terraform Cloud workspaces are usually triggered by specific events or configurations defined within the Terraform Cloud workspace settings.

References = This behavior is part of how Terraform Cloud integrates with version control systems and is documented in Terraform Cloud's usage guidelines and best practices, especially in the context of VCS-driven workflows.

HashiCorp Terraform-Associate-003 HashiCorp Certified: Terraform Associate (003) Exam Practice Test