HashiCorp Terraform-Associate-003 Exam Practice Test Instant Access

Question 1

You want to use API tokens and other secrets within your team's Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick the 3 correct responses)

AIn an HCP Terraform/Terraform Cloud variable, with the sensitive option checked.

BIn HashiCorp Vault.

CIn a terraform.tfvars file, securely managed and shared with your team.

DIn a terraform.tfvars file, checked into your version control system.

EIn a plaintext document on a shared drive.

Answer : A, B, C

Sensitive values such as API tokens should be stored in a secure way, either in Terraform Cloud variables marked as sensitive or in HashiCorp Vault. Storing secrets in version control systems or plaintext files is not recommended.

References:

Terraform Cloud Environment Variables

Question 2

Terraform configuration can only call modules from the public registry.

ATrue

BFalse

Answer : B

Terraform can call modules from various sources including the public Terraform Registry, private registries, local file paths, or version control systems like GitHub.

References:

Terraform Modules

Question 3

You used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your Terraform configuration. To be safe, you would like to first see all the infrastructure that Terraform will delete.

Which command should you use to show all the resources that will be deleted? (Pick the 2 correct responses)

ARun terraform destroy. This will output all the resources that will be deleted before prompting for approval.

BRun terraform show -destroy.

CRun terraform state rm *.

Answer : A, B

Running terraform destroy will show all resources that will be deleted before prompting for approval. You can also run terraform plan -destroy to simulate the destruction without actually applying it, which is useful for reviewing the planned changes.

References:

Terraform Destroy

Question 4

Which of these are benefits of using Sentinel with HCP Terraform/Terraform Cloud? (Pick the 3 correct responses)

AYou can enforce a list of approved AWS AMIs.

BSentinel Policies can be written in HashiCorp Configuration Language (HCL).

CYou can check out and check in cloud access keys.

DPolicy-as-code can enforce security best practices.

Answer : A, C, D

Sentinel is a policy-as-code framework that integrates with Terraform Cloud to enforce security, compliance, and governance rules. You can enforce rules such as approved AMIs and ensure security best practices. Policies are written in the Sentinel language, not HCL.

References:

Sentinel Policies

Question 5

Which of these statements about HCP Terraform/Terraform Cloud workspaces is false?

AThey can securely store cloud credentials.

BThey have role-based access controls.

CPlans and applies can be triggered via version control system integrations.

DYou must use the CLI to switch between workspaces.

Answer : D

In Terraform Cloud, you can switch between workspaces using both the web UI and CLI. The statement that you 'must use the CLI' is false. Workspaces can securely store cloud credentials, offer role-based access control, and integrate with VCS to trigger plan and apply operations.

References:

Terraform Cloud Workspaces

Question 6

Which of the following arguments are required when declaring a Terraform output?

Avalue

Bdescription

Cdefault

Dsensitive

Answer : A

When declaring a Terraform output, the value argument is required. Outputs are a way to extract information from Terraform-managed infrastructure, and the value argument specifies what data will be outputted. While other arguments like description and sensitive can provide additional context or security around the output, value is the only mandatory argument needed to define an output.

References = The requirement of the value argument for outputs is specified in Terraform's official documentation, which provides guidelines on defining and using outputs in Terraform configurations.

Question 7

You're writing a Terraform configuration that needs to read input from a local file called id_rsa.pub . Which built-in Terraform function can you use to import the file's contents as a string?

Afile('id_rsa.pub')

BtemplaTefil('id_rsa.pub')

Cfilebase64('id_rsa.pub')

Dfileset<'id_rsa.pub')

Answer : A

To import the contents of a local file as a string in Terraform, you can use the built-in file function. By specifying file('id_rsa.pub'), Terraform reads the contents of the id_rsa.pub file and uses it as a string within your Terraform configuration. This function is particularly useful for scenarios where you need to include file data directly into your configuration, such as including an SSH public key for provisioning cloud instances.

References = This information is a standard part of Terraform's functionality with built-in functions, as outlined in Terraform's official documentation and commonly used in various Terraform configurations.

HashiCorp Terraform-Associate-003 HashiCorp Certified: Terraform Associate (003) Exam Practice Test