Third Flashcards Preview

P211A000N02F > Third > Flashcards

Flashcards in Third Deck (60)
Loading flashcards...
1

You have created a variable whizlabs with a type "string" - what are the values it accepts?

variable “whizlabs" {
type = string
}

A. 100
B. “100”
C. whizlabs
D. both A and B

D. both A and B

https://www.terraform.io/docs/configuration-0-11/variables.html

2

You have noticed lot of commit errors due to versioning and noticed that your remote team is still using 0.11 instead of 0.12.

How do you make sure all of them are updated?

A. Call for a meeting with remote team and ask to rewrite the code in 0.12 and merge it
B. Ask the remote team to use required_version function and use it >=0.12 whenever they write code right
C. Make sure code works both in 0.11 and 0.12 and make changes as necessary
D. Ask the remote team to manually make changes to support 0.12

B. Ask the remote team to use required_version function and use it >=0.12 whenever they write code right

3

You have provisioned your infrastructure in backend and are planning to make changes to it.

Your colleague mentioned there is no need to add all the configurations as some can be omitted from configuration.

What is this type of configuration called?

A. First time configuration
B. Partial configuration
C. Air gapped configuration
D. Remote configuration

B. Partial configuration

https://www.terraform.io/docs/backends/config.html#partial-configuration

4

Not all of the backend types support locking - which types support locking? (select three)

A. artifcatory
B. consul
C. DynamoDB
D. azurerm

B. consul
C. DynamoDB
D. azurerm

5

Which of the below are supported types of configurations on terraform? (select two)

A. HCL
B. XML
C. JSON
D. GO

A. HCL
C. JSON

6

What is the correct syntax from below to configure environment variables?

A. TF_VAR
B. TF_ENV_VAR
C. TF_VAR_
D. TF_ENV_

C. TF_VAR_

7

You have configured 10 instances from a single configuration. By using which configuration can you switch back and forth between them?

A. workspaces
B. local values
C. backend
D. remote_exec

A. workspaces

8

Terraform supports different backend types - which of the below is the default backend type supported by terraform?

A. remote backend
B. local
C. Consul
D. vault
E. s3

B. local

9

Your colleague made some changes to terraform workspace whiztest and would like to check on the state file but is unable to find it.

Choose the option from below where it will be saved.

A. .terraform.d
B. terraform.tfstate.d
C. tfstate.var
D. terraform

B. terraform.tfstate.d

Terrafrom usually stores all the workspace in directory terraform.tfstate.d

10

You have recently joined a new terraform company, and you have been instructed to teach developers on terraforming basics.
What is the workflow you will suggest to them?

A. Learn terraform write code and push to git and start deploying the infrastructure
B. create a terraform state with all the requirements and do terraform apply every time you deploy
C. write a code, do terraform plan and then terraform apply to properly deploy the infrastructure
D. Learn as you go, deploy get your hands on terraform

C. write a code, do terraform plan and then terraform apply to properly deploy the infrastructure

11

Which of the following is not a native Infrastructure as tool (IaC)?

A. Cloudformation
B. Azure Resource Manager
C. Terraform
D. Puppet

D. Puppet

Option A is INCORRECT because cloud formation is IaC tool by AWS.

Option B is INCORRECT because Azure resource manager is IaC tool by Azure.

Option C is INCORRECT because terraform is IaC tool by HashiCorp

Option D is CORRECT because puppet is configuration management tool not a native IaC tool

Cloudformation, Azure Resource Manager, Terraform are native IaC tool, they were built to serve the purpose of IaC. Meanwhile Chef, Puppet, Ansible, and SaltStack can also serve the purpose but they were basically configuration management tools, which means they are designed to install and manage software on existing servers.

https://www.terraform.io/intro/vs/index.html

https://aws.amazon.com/cloudformation/

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

12

Infrastructure lifecycle consists of Day 0 and Day 1 activities where:
Day 0 refers to provisioning and configures your initial infrastructure.
Day 1 refers to OS and application configurations you apply after you’ve initially built your infrastructure.

Choose from the below which IaC can support:

A. IaC can only support Day 0 activities.
B. IaC can support both Day 0 and Day 1 activities.
C. IaC can only support Day 1 activities.
D. IaC cannot support Day 0 and Day 1 activities.

B. IaC can support both Day 0 and Day 1 activities.

IaC can be applied throughout the lifecycle, both on the initial build, as well as throughout the life of the infrastructure. Commonly, these are referred to as Day 0 and Day 1 activities.

https://www.hashicorp.com/blog/infrastructure-as-code-in-a-private-or-public-cloud

13

Terraform allows to define multiple providers resources in a single terraform configuration file.

A. True
B. False

A. True

Terraform allows to define multi cloud infrastructure resources in single file. But we need to define and initialize the all cloud providers to provision those resources.

https://www.terraform.io/intro/use-cases.html#multi-cloud-deployment

14

What are the benefits of using Terraform compared to other infrastructure management tools with respect to multi-cloud scenario? (select three)

A. Terraform is cloud agnostic
B. Terraform can handle cross-cloud dependencies
C. Terraform simplifies management and orchestration, helping operators build large-scale multi-cloud infrastructures.
D. We can define all cloud providers in a single provider block.
E. Terraform cannot handle cross-cloud dependencies and should be handled manually.

A. Terraform is cloud agnostic
B. Terraform can handle cross-cloud dependencies
C. Terraform simplifies management and orchestration, helping operators build large-scale multi-cloud infrastructures.

Option A is CORRECT because terraform is cloud agnostic so it can support multiple cloud providers and also on-prem

Option B is CORRECT because Terraform can handle cross-cloud dependencies easily.

Option C is CORRECT because Terraform simplifies management and orchestration of multi-cloud infrastructure.

Option D is INCORRECT because we cannot define all providers in a single block , each has to be defined in separate blocks.

Option E is INCORRECT because Terraform can easily handle cross-cloud dependencies using its variable concept.

Terraform is cloud-agnostic and allows a single configuration to be used to manage multiple providers, and to even handle cross-cloud dependencies. This simplifies management and orchestration, helping operators build large-scale multi-cloud infrastructures.

https://www.terraform.io/intro/use-cases.html#multi-cloud-deployment

15

Terraform talks to remote systems for provisioning using API calls - what command is used to call?

A. terraform resources
B. terraform state
C. terraform plugin
D. terraform REST API

C. terraform plugin

Option A is INCORRECT because terraform resources cannot talk to remote systems.

Option B is INCORRECT because state just contains mappings of provisioned resources

Option C is CORRECT because Terraform plugin contains all the necessary code to talk to remote systems using API interaction

Option D is INCORRECT because terraform plugin is used to talk to backend using API , API alone cannot talk to remote systems

Terraform relies on plugins called "providers" to interact with remote systems. Terraform talks to remote systems using API calls.

https://www.terraform.io/docs/configuration/providers.html

16

To use multi-region for AWS provider, the following snippet of code is written. When terraform init is run against this code snippet, the following error is thrown:

Duplicate provider configuration.

How can this error be resolved?

provider "aws" {
region = "us-east-1"
}
# For another region
provider "aws" {
region = "us-west-2"
}

A. By adding alias variable, alias = “west “ in one of the provider block and referencing to this provider in resource block as provider =aws.west
B. By adding the alias variable, alias = “west “ in one of the provider blocks and referencing to this provider in the resource block asprovider = alias.west.alias
C. By defining provider block as provider2 “aws”{ region = "us-east-2" }
D. We cannot have same provider but we can have 2 different providers.

A. By adding alias variable, alias = “west “ in one of the provider block and referencing to this provider in resource block as provider =aws.west

Option A is CORRECT because we can reference multiple providers with one of the block having alias variable, and we reference this in resource block as aws. .

Option B is INCORRECT because we can reference multiple providers with one of the block having alias variable, and we reference this in resource block as aws. and not alias.

Option C is INCORRECT because we cannot define provider2 as block in Terraform

Option D is INCORRECT because we can reference to same providers with alias variable.

If we want to deploy resources in 2 different regions for same provider then in one of the provider block we use alias variable as alias="somename"

In resource block we need to add a provider block like provider = "aws." so ("aws.somename")

https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-configurations

17

When using constraint expressions to signify a version of a provider, which of the following are valid provider versions that satisfy the expression found in the following code snippet: (select two)

terraform {
required_providers {
aws = "~> 2.3.0"
} }

A. 2.4.1
B. 2.3.3
C. 2.3.9
D. 3.4.0

B. 2.3.3
C. 2.3.9

Option A is incorrect because 2.4.1 doesn’t fall in range >= 2.3.0 to < 2.4.0

Option B is correct because 2.3.3 falls in range >= 2.3.0 to < 2.4.0

Option C is correct because 2.3.9 falls in range >= 2.3.0 to < 2.4.0

Option D is incorrect because 3.4.0 doesn’t fall in range >= 2.3.0 to < 2.4.0

~> 2.3.0 will match version of the provider between >= 2.3.0 to < 2.4.0

The ~> operator is a convenient shorthand for allowing only patch releases within a specific minor release.

https://www.terraform.io/docs/configuration/provider-requirements.html#version-constraints

18

Is it mandatory to have Go runtime to run terraform?

A. Yes
B. No

B. No

Terraform Core is a statically-compiled binary written in the Go programming language. The compiled binary is the command line tool (CLI) terraform, the entrypoint for anyone using Terraform.

The code is open source and hosted at github.com/hashicorp/terraform.

It is not compulsory to have Go runtime to run terraform.

https://www.terraform.io/docs/extend/how-terraform-works.html

https://www.terraform.io/downloads.html

19

How HashiCorp distributed plugins are installed (Select Two)

A. During initializing working directory using terraform init
B. During terraform apply stage
C. During terraform plan stage
D. Plugins can also be manually installed in the user plugins directory

A. During initializing working directory using terraform init
D. Plugins can also be manually installed in the user plugins directory

Option A is CORRECT because during initialization plugins get installed

Option B is INCORRECT because apply will not install plugins it performs provisioning of resources

Option C is INCORRECT because plan cannot install plugins.

Option D is CORRECT because Plugins can be manually installed in the user plugins directory, located at ~/.terraform.d/plugins on mostoperating systems and %APPDATA%\terraform.d\plugins on Windows.

During initialization Terraform searches the configuration for both direct and indirect references to providers and attempts to load the required plugins.
For providers distributed by HashiCorp, init will automatically download and install plugins if necessary.
Plugins can also be manually installed in the user plugins directory, located at ~/.terraform.d/plugins on most operating systems and%APPDATA%\terraform.d\plugins on Windows.

https://www.terraform.io/docs/commands/init.html#plugin-installation

https://www.terraform.io/docs/configuration/provider-requirements.html#provider-installation

20

Below mentioned provisioner gets executed on destroy. What happens if provisioner fails to execute?

resource "aws_instance" "web" {
provisioner "local-exec" {
when = destroy
command = "echo 'Destroy-time provisioner'"
}
}

A. Resources get destroyed even though provisioner fails
B. A new resource gets created and that provisioner gets executed during its destroy
C. Terraform blocks this resource and should be deleted manually from cloud provider console.
D. Terraform will error and rerun the provisioners again on the next terraform apply.

D. Terraform will error and rerun the provisioners again on the next terraform apply.

Option A is INCORRECT because resource will not get destroyed if provisioner fails.

Option B is INCORRECT because new resource will not be created if provisioner fails.

Option C is INCORRECT because terraform has no option of blocking a resource.

Option D is CORRECT because once provisioner errors out it will get tainted and will try to destroy in next apply.

Destroy provisioners are run before the resource is destroyed. If they fail, Terraform will error and rerun the provisioners again on the next terraform apply.

Due to this behavior, care should be taken for destroy provisioners to be safe to run multiple times.

https://www.terraform.io/docs/provisioners/#destroy-time-provisioners

21

A new Intern has joined your team - how can you check whether the terraform code he has written is in canonical format and style without modifying terraform configuration files?

A. terraform fmt
B. terraform fmt -check
C. terraform fmt -diff
D. terraform fmt –list=false

B. terraform fmt -check

Option A is INCORRECT because terraform fmt writes the configuration files to a canonical format and style so it alters the configuration files.

Option B is CORRECT because this command checks if the input is formatted. Exit status will be 0 if all input is properly formatted and non-zero otherwise.

Option C is INCORRECT because –diff option modifies source configuration and display diffs of formatting changes.

Option D is INCORRECT because this option will not list the files containing formatting inconsistencies.

If we want to just check if the configuration files is not in canonical format and style without altering the configuration files , then we can use the option –check along with terraform fmt

https://www.terraform.io/docs/commands/fmt.html

22

A new hire is allocated to a project- he has been given task of configuring application on servers. All the servers are created using terraform. While doing configuration he succeeds in all servers, but one server is messed due to application configuration, so he wants to destroy this server and launch a new one.

How can this be achieved using terraform?

A. terraform destroy –target=resource_name.variable_name
B. terraform plan -target=resource_name.variable_name then terraform apply
C. terraform taint resource_name.variable_name then terraform apply
D. terraform state rm resource_name.variable_name then terraform apply

C. terraform taint resource_name.variable_name then terraform apply

Option A is INCORRECT because this will destroy resource but will not recreate.

Option B is INCORRECT because this command will not destroy anything or recreate resource as it only plans what has to be changed.

Option C is CORRECT because taint manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.

Option D is INCORRECT because this option will destroy the resource but will not recreate it.

If we want to just recreate a resource which is managed by terraform then, we can use taint command, this will mark the resource as tainted and will destroy and recreate a similar resource in next apply. Once taint is applied It only changes the state file. It marks the resource status as tainted.

https://www.terraform.io/docs/commands/taint.html

23

What happens when terraform taint is applied on a resource?

A. terraform will destroy the resource
B. terraform will modify the state file with resource status marked as tainted.
C. terraform will destroy and recreate a new resource with same configuration.
D. terraform destroys and recreate all resources in the state file.

B. terraform will modify the state file with resource status marked as tainted.

Option A is INCORRECT because taint will not destroy resources but marks the resource for recreation in next apply.

Option B is CORRECT because taint marks the resource for recreation in state file. It marks the status as tainted in state file.

Option C is INCORRECT because taint command alone can’t destroy and recreate a file.

Option D is INCORRECT because taint only recreates a resource mentioned in command. It will not recreate all resources in state file.

The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply. It command is applied it only marks the status as tainted in state file. To recreate a resource terraform apply should be executed.

https://www.terraform.io/docs/commands/taint.html

24

The cloud team manager has asked team members to create all resources using Terraform going forward, and has also asked to maintain existing resources using Terraform.

How can this be done?

A. Resources that are created manually cannot be handled by terraform as terraform didn’t create those resources
B. Using terraform import resources can be imported and can be handled going forward.
C. Take a down time and delete the existing resources and create a new resources with same configuration.
D. Use the cloud provider native IaC tool to obtain that state and add that state in terraform state file.

B. Using terraform import resources can be imported and can be handled going forward.

Option A is INCORRECT because terraform can import existing resources using terraform import command.

Option B is CORRECT because terraform import can be used to import existing resources state and can handle going forward.

Option C is INCORRECT because import command can import existing infra state without deleting and recreating it

Option D is INCORRECT because many cloud native IaC tool don’t use state file. And if they use also they don’t expose it.

The terraform import command is used to import existing resources into Terraform. Any resources which is created manually by using cloud provider console or by any other means can be imported using terraform import command.

Currently till terraform version 0.13 , it only imports the state of the resource. It will not import and write configuration.

https://www.terraform.io/docs/commands/import.html

25

Does terraform import automatically creates the configuration file in version 0.13?

A. Yes
B. No

B. No

Terraform import will only update the state file, it will not generate the configuration file.

So we need to manually write the configuration block for the resource we are importing. And then we run the import command by passing the created resource block as argument, so that imported resource gets mapped to this written resource block.

To import an aws instance which is manually created which has instance-id
i-abcd1234, before running terraform import, we must manually write a configuration block and then run import to map to this resource block.

resource "aws_instance" "web" {
ami = ami-0123456789
instance_type = "t3.micro"
}

terraform import aws_instance.web i-abcd1234

https://www.terraform.io/docs/commands/import.html

26

An organization has different environment like dev, UAT and prod. They want to use same configuration across all environments with different state files.

How can this be efficiently achieved using terraform local backend?

A. Create an individual folder for each region and place the same configuration.
B. Use the concept of terraform workspace to achieve this.
C. Create 3 remote repositories and place same configuration file in each repositories.
D. Use terraform apply -backup=path to backup the state file for each environment, so that we will have different state files for each region.

B. Use the concept of terraform workspace to achieve this.

Option A is INCORRECT because maintaining an individual folder for each environment is not an optimal solution

Option B is CORRECT because we can use same configuration to apply for different environments with different state files.

Option C is INCORRECT because maintaining an individual repository for each environment is not an optimal solution

Option D is INCORRECT because –backup option will take previous state file backup , but its cumbersome to maintain different environments state files.

Terraform workspace for local backend can handle different environments with same configuration efficiently using workspace concepts.

For local state, Terraform stores the workspace states in a directory called terraform.tfstate.d. This directory should be treated similarly tolocal-only terraform.tfstate

https://www.terraform.io/docs/state/workspaces.html

27

A user has created 3 different workspace which maps to each different regions like dev, staging and prod environments. Currently he is in default workspace - how can he change his workspace to prod?

A. terraform workspace select prod
B. terraform workspace switch prod
C. terraform workspace select terraform.tfstate.d/prod
D. terraform workspace switch terraform.tfstate.d/prod

A. terraform workspace select prod

Option A is CORRECT because to switch to workspace we use select option.

Option B is INCORRECT because there is no option called switch under workspace command.

Option C is INCORRECT because this the wrong usage of option select.

Option D is INCORRECT because there is no option called switch under workspace command.

The terraform workspace select command is used to choose a different workspace to use for further operations. The named workspace must already exist.

https://www.terraform.io/docs/commands/workspace/select.html

28

A user wants to rename the resource variable from web to webapp - how can this be achieved in terraform efficiently?
(Note that the new name should also get reflected in configuration file)

resource "aws_instance" "web" {
ami = ami-a123456789b
instance_type = "t3.micro"
}

A. Manually change the variable to webapp and then run terraform apply
B. terraform state mv aws_instance.web aws_instance.webapp
C. terraform state mv aws_instance.web aws_instance.webapp and then run terraform apply
D. terraform state mv aws_instance.web aws_instance.webapp and changing variable name in configuration file

D. terraform state mv aws_instance.web aws_instance.webapp and changing variable name in configuration file

Option A is INCORRECT because this will destroy the resource and then creates a new resource with variable name webapp

Option B is INCORRECT because this will only change in state file, but will not get reflected in configuration file

Option C is INCORRECT because this will change in state file, but when terraform apply is applied it will recreate a resource with resource variable web

Option D is CORRECT this option will change in state file and if we want the change to be applied in configuration file then we need to manually do it.

The terraform state mv command is used to move items in a Terraform state. This command can move single resources, single instances of a resource, entire modules, and more.
This command can also move items to a completely different state file, enabling efficient refactoring.

https://www.terraform.io/docs/commands/state/mv.html

29

A user wants to list all resources which are deployed using terraform, how can this be done?

A. terraform state show
B. terraform state list
C. terraform show
D. terraform show list

B. terraform state list

Option A is INCORRECT because this command shows the attributes of a single resource in the Terraform state file

Option B is CORRECT because the terraform state list command is used to list resources within a Terraform state.

Option C is INCORRECT because this command will outputs all resources and attributes in human readable format.

Option D is INCORRECT because this option will try to display all resources and attributes in list file. This command takes list as an input file for show command.

The command will list all resources in the state file matching the given addresses (if any). If no addresses are given, all resources are listed.
The resources listed are sorted according to module depth order followed by alphabetical.
This means that resources that are in your immediate configuration are listed first, and resources that are more deeply nested within modules are listed last.

For complex infrastructures, the state can contain thousands of resources it can filtered using id option.

https://www.terraform.io/docs/commands/state/list.html

30

Which among the following log command should be set to get Maximum verbosity of terraform logs?

A. set the TF_LOG=DEBUG in environment variable
B. set the TF_LOG=INFO in environment variable
C. set the TF_LOG=TRACE in environment variable
D. set the TF_LOG=WARN in environment variable

C. set the TF_LOG=TRACE in environment variable

Option A is INCORRECT because this command will not give detailed verbose information compared to trace

Option B is INCORRECT because this command will just give info but will output detailed information.

Option C is CORRECT because this command will output more verbose information compared all other options.

Option D is INCORRECT because this option will only print warn messages.

Terraform has detailed logs which can be enabled by setting the TF_LOG environment variable to any value. This will cause detailed logs to appear on stderr.

To persist logged output you can set TF_LOG_PATH in order to force the log to always be appended to a specific file when logging is enabled.
Note that even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled.

https://www.terraform.io/docs/internals/debugging.html