First Flashcards Preview

P211A000N02F > First > Flashcards

Flashcards in First Deck (60)
Loading flashcards...

Your company is currently running terraform for development of web application using AWS services. One of your teammates wants to modify the type of the instances currently used to “t2.large”and is asked to change the default set values.

What changes does he have to make to get it working?

A. Issue Terraform plan instance.type”.t2.large” and it deploys the instance

B. Modify the tf.variables with the instance type and issue terraform apply

C. Create a new file my.tfvars and add the type of the instance and issue terraform plan and apply

D. Modify the terraform.tfvars with the instance type and issue terraform plan and then terraform
apply to deploy the instances

D. Modify the terraform.tfvars with the instance type and issue terraform plan and then terraform apply to deploy the instances

Option A is incorrect because the syntax is wrong using cli command to change the instance type is terraform plan -var=”instancetype=t2.large” in the above option it is mentioned as “Instance.type”.t2.large and terraform plan doesn’t deploy the instance

Option B is incorrect though recommended practice is to rather than changing the default values terraform.tfvars variables to be modified, there is no tf.variables in terraform. Always it is good practice to check before apply so terraform plan to check the instance type and then terraform apply for changes

Option C is incorrect as terraform recommended type is terraform.tfvars for anyother tf.vars file types use cli terraform plan -var-file=”my.tfvars”



You are part of a security team that noticed current terraform code outputs the password of database after you issue terraform apply. You have been asked to make sure password is not in the output.

How do you approach this?

A. Encrypt the plain text values to show output as random values

B. Password is encrypted in database

C. Use Sensitive Parameter

D. Use terraform plan -var-file= “password=no” to hide output values

C. Use Sensitive Parameter

Use a sensitive parameter it does not show output value at terraform apply, plan however if you have
access the state files password can be seen in plain-text format



One of your colleagues is new to terraform and wants to add a new workspace new-hire.

What command will he execute?

A. terraform workspace –new –new-hire

B. terraform workspace new new-hire

C. terraform workspace init new-hire

D. terraform workspace new-hire

B. terraform workspace new new-hire

Terraform workspace new is the right syntax to be used whenever you want to create a new workspace

Example :
$terraform workspace new new-hire
Created and switched to workspace "new-hire"


You are planning to install terraform on client machines and are asked to evaluate which OS versions are supported. Please choose the correct option.

A. Windows

B. Amazon Linux

C. FreeBSD

D. Unix

E. MacOS

F. All the above

F. All the above

All given options are correct. Amazon Linux is just another flavor of Linux. Terraform works perfectly well on it.



John is a newbie to terraform and he wants to enable details logs.

What variables does he need to define?

A. TF_help


C. TF_Debug

D. TF_var_log


Terraform does provide detailed logging and helps to find the errors in the flow

By using TF_LOG enabled you can set to TRACE, INFO, WARN or ERROR, DEBUG Levels


You have made changes to your tfvar files and would like to know contents of the state file.

What command is used to check?

A. Terraform state

B. Terraform current

C. Terraform show

D. Terraform inspect

C. Terraform show

Terraform show command provides output from state or plain file in a readable format

This is used to verify the current state contents and inspect the plan to make sure everything is right.

There is terraform show – json to show outputs in json format


Your company uses git and asked you to commit all the terraform code to git and advised you to be careful with sensitive information during commit.

What file should you NOT include in the commit ?

A. Terraform.tfs


C. Terraform.tfdata

D. Terraform.tfstate

D. Terraform.tfstate

Usually terraform.tfvars and terraform.tfstate files contain sensitive data like password, access keys and db password. It is best to avoid these files from committing.


Your company currently has infrastructure running in Azure and planning to use terraform.
You have been asked to plan, implement, and make sure existing infrastructure is migrated properly.
You used terraform import but notice that import is not successful.

What are the things to be taken care of before import?

A. Make sure existing resources are in shutdown state so that during import there are no issues

B. Make sure resources of the existing infrastructure are updated in the configuration file right

C. Add all the resource details to state files

D. Run terraform show and refresh to see updated state files and then terraform import

B. Make sure resources of the existing infrastructure are updated in the configuration file right

Terraform currently supports imports of a resource into state file but not with configuration file. It is recommended to manually add the resource configuration before terraform import.


You have been asked to make terraform code more dynamic with minimum use of static values.

What options from below you will use?

A. Variables

B. Local values

C. input variable

D. Modules

C. input variable

Input variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module's own source code, and allowing modules to be shared between different configurations.

When you declare variables in the root module of your configuration, you can set their values using CLI options and environment variables. When you declare them in child modules, the calling module should pass values in the module block.

If you're familiar with traditional programming languages, it can be useful to compare Terraform modules to function definitions:

Input variables are like function arguments

Output values are like function return values.

Local values are like a function's temporary local variables.



Which is not a variable defined in terraform?

A. tfvar

B. depends_on

C. instance_aws

D. var1

B. depends_on

Use the depends_on meta-argument to handle hidden resource or module dependencies that Terraform can't automatically infer.


You have accidentally put lock on a configuration file - what command would you use to remove the lock and make it available?

A. terraform filename-unlock

B. delete the file and create a new state file

C. terraform force-unlock

D. -unlock

C. terraform force-unlock

force unlock command helps to manually unlock the state configuration. It doesn’t change the infrastructure.


Whenever you issue “terraform init” where are all the configurations saved?

A. terraform. tfstate stores all the current configuration

B. .terraform/home is the home directory for terraform.init

C. .terraform/plugins directory for terraform.init

D. where all the init configurations are saved to

C. .terraform/plugins directory for terraform.init


Whenever terraform is initialized all the plugin related files are stored and downloaded under .terraform/plugins


Your colleague is running into issues with terraform and when looking at errors it looks like he incorrectly set the environment variables.

What will you look into for debugging?

A. TF_set


C. TF_.var

D. TF_var_Filename


All the environment variables to configured must be in the format of TF_VAR_name

Examples are TF_VAR_region=us-east-1


You want to evaluate an expression in terraform before applying it.

Which command will you use from below?

A. Graph

B. Validate

C. Console

D. Push

C. Console

Terraform console command is used to evaluate expressions in terraform

Issue terraform console and try to execute the supported expressions


Which database has its own provider?


B. Mongo

C. Dynamo

D. influx



Which option will you use to run a provisioners which are not associated with any resources?

A. local-exec

B. “_”:null-resource right

C. salt-masterless

D. remote-exec

B. “_”:null-resource right

To run provisioners which are not associated with any resources you would need to use null_resource . like other resources using null_resource configurations can be added


Which language is supported by terraform configuration?

A. xml

B. javascript


D. Plaintext


Terraform usually supports files ending in .tf format but they also support files in tf.json format



You have the following configuration, but notice an error saying duplicate provider configuration.
What command from below you will use to make sure multiple configurations are allowed?

Provider “aws” {
Region = us-west-2”
Provider “aws” {
Region = “eu-central-1”
Provider “aws” {
Region = ap-north-2”

A. Alias

B. Label

C. Module

D. Resource for each provider

A. Alias

By using alias command we can configure different configurations to same provider pointing to different resources



What is the provider version of Google Cloud being used in Terraform? (select two)

Google = “~> 1.9.0”

A. 1.9.1

B. 1.0.0

C. 1.8.0

D. 1.9.2

A. 1.9.1
D. 1.9.2

Terraform is looking for any update above 1.9.0, which can 1.9.1 and 1.9.2

According to the Terraform doc, the operator ~> means only the minor (rightmost version increase) updates are accepted. Therefore, ~> 1.9.0 means the related module / provider requirement accepts 1.9.1 or 1.9.2, but not 1.10.0, and absolutely not 1.0.0 or 1.8.0



Which of the below are supported backend types in terraform? (select three)

A. consul

B. gcs

C. manta

D. bitbucket

A. consul
B. gcs
C. manta

Enhanced backends:
- local
- remote

Standard backends:
- artifactory
- azurerm
- consul
- cos
- etcd
- etcdv3
- gcs
- kubernetes
- manta
- oss
- pg
- s3
- swift


Terraform plan looks at the code and modifies if there are any missing arguments etc before apply

A. True

B. False

B. False

Terraform plan looks at code and identifies if there are any syntax errors or missing arguments and errors and user has to fix these before issuing next terraform plan


Do terraform workspaces help in adding/allowing multiple state files for a single configuration?

A. Yes

B. No

A. Yes

Terraform workspaces allows configuring multiple state files and associating with a single configuration file


Resources in terraform can have same names and terraform automatically assigns them in order of precedence.

A. True

B. False

B. False

Terraform resources should have unique names you cannot have same name for resources


You have created a virtual machine manually on azure and would like to use terraform import to import it.

Does terraform import work in this scenario?

A. Yes

B. No

A. Yes

Import :
terraform import azurerm_virtual_machine.example /subscriptions/00000000-0000-0000-0000-


If you apply sensitive flag for database password upon terraform apply and plan, will the password be shown in plain text in logs?

A. Yes

B. No

B. No

If sensitive flag is applied with terraform apply and plan then output are not shown.

However if you have access to state files output still shows as plaintext.


Is terraform state rm the only way to delete all the resources in terraform?

A. Yes

B. No

B. No

1. There is no "terraform rm" only "terraform state rm"

2. The documentation for "terraform state rm" shows that it does not delete resources. It deletes resources in the terraform state. Those are two different things.
The documentation even explicitly says "For example, if you remove an AWS instance from the state, the instance will continue running"
3. Terraform state rm is used for individual resources so while it might be possible to use it to delete every individual resource, it is not meant to.

Terraform destroy is the only one that deletes resources.


Will your team be able to make changes to the statefile once you've run 'terraform plan'?

A. Yes

B. No

B. No

Terraform doesn’t restricts only one user to perform apply, plan at the same time.


Should current state and desired state should be in same state all the time?

A. Yes

B. No

B. No

It is not mandatory for both states to be in same however best practices recommend they should be in sync to avoid infrastructure issues in production


Will the auto-approve option with terraform destroy require confirmation from user before destroying the resources?

A. Yes

B. No

B. No

Destroying your infrastructure is a rare event in production environments. But if you're using Terraform to spin up multiple environments such as development, testing, and staging, then destroying is often a useful action.

Resources can be destroyed using the terraform destroy command, which is similar to terraform apply but it behaves as if all of the resources have been removed from the configuration.


When you add a new provider, do you always need to issue terraform init?

A. Yes

B. No

A. Yes

Whenever you add a new provider it is always required to issue a terraform init so that it will download the latest provider or specified version and initialization files to .terraform folder.