How to Ace the TERRAFORM: HashiCorp Certified: Terraform Associate

Question 1 · Infrastructure as Code (IaC) with Terraform

Your organization needs to deploy identical infrastructure across AWS, Azure, and GCP without rewriting code for each cloud provider. Which Terraform approach best enables this multi-cloud strategy?

• Use provider aliases and variables to abstract cloud-specific differences, allowing the same module to work across multiple cloud providers
• Create separate Terraform configurations for each cloud provider and manually synchronize changes across all three
• Use cloud-specific CLI tools for each provider instead of Terraform to maintain provider-native configurations
• Store infrastructure definitions in JSON format rather than HCL to ensure cloud compatibility

Correct answer: Use provider aliases and variables to abstract cloud-specific differences, allowing the same module to work across multiple cloud providers

Terraform's provider abstraction layer and variable system allow you to write cloud-agnostic modules that can deploy to multiple providers by simply changing variable values or provider configurations. Option B is inefficient and error-prone, while C and D contradict Terraform's core design principles of using HCL and provider plugins.

Question 2 · Terraform Basics

You need to provision resources across AWS, Azure, and Google Cloud in a single Terraform configuration. What is the primary mechanism that enables this capability?

• Using multiple provider blocks configured with different cloud credentials
• Creating separate Terraform projects for each cloud provider
• Using remote state backends to synchronize across cloud providers
• Defining all resources in a single module without provider specification

Correct answer: Using multiple provider blocks configured with different cloud credentials

Terraform providers are plugins that enable interaction with specific platforms. Multiple provider blocks allow you to authenticate and manage resources across different cloud platforms in a single configuration. Option B is inefficient, Option C manages state but doesn't enable multi-cloud provisioning, and Option D won't work because resources must be associated with providers.

Question 3 · Core Terraform Workflow

You are initializing a new Terraform project in a directory that will be shared across your team. Which command should you run first to set up the working directory with necessary plugins and backend configuration?

• terraform init
• terraform plan
• terraform validate
• terraform apply

Correct answer: terraform init

terraform init is the first step in the Terraform workflow and initializes the working directory by downloading provider plugins, setting up the backend, and preparing the environment. While terraform validate checks syntax, it cannot run until init has completed and providers are available.

Question 4 · Terraform Configuration

You need to reference the IP address of an AWS EC2 instance created in your configuration from another resource. The instance resource is named 'web_server'. Which syntax correctly retrieves this attribute?

• aws_instance.web_server.private_ip
• resource.aws_instance.web_server.private_ip
• aws_instance[web_server].private_ip
• data.aws_instance.web_server.private_ip

Correct answer: aws_instance.web_server.private_ip

Resource attributes in Terraform are referenced using the syntax resource_type.resource_name.attribute. Option B is incorrect because 'resource' is not part of the reference syntax. Option D refers to data sources, not resources. Option C uses incorrect bracket syntax for referencing resource attributes.

Question 5 · Terraform Modules

You need to use a module stored in a Git repository with a specific version tag. Which source syntax should you use in your module block?

• source = "git::https://github.com/example/repo.git//modules/vpc?ref=v1.0.0"
• source = "[email protected]:example/repo.git//modules/vpc" version = "v1.0.0"
• source = "github.com/example/repo/modules/vpc" version = "1.0.0"
• source = "git::https://github.com/example/repo.git" tag = "v1.0.0"

Correct answer: source = "git::https://github.com/example/repo.git//modules/vpc?ref=v1.0.0"

The correct syntax for Git sources uses the git:: prefix with the repository URL, a double slash (//) to specify the subdirectory path, and the ref parameter for version control. Option B incorrectly uses a separate version argument outside the source string, and option C omits the git:: prefix which is required for Git-based sources.

Question 6 · Infrastructure as Code (IaC) with Terraform

You are explaining the benefits of Infrastructure as Code to your team. Which statement best describes a key advantage of IaC patterns?

• Infrastructure definitions are version-controlled, auditable, and reproducible across environments, reducing manual errors and drift
• IaC eliminates the need for monitoring and logging in production environments
• IaC allows infrastructure to be managed without any security controls or compliance requirements
• IaC removes the requirement for testing infrastructure changes before deployment

Correct answer: Infrastructure definitions are version-controlled, auditable, and reproducible across environments, reducing manual errors and drift

IaC provides version control, auditability, and reproducibility, which are fundamental advantages that reduce human error and configuration drift. Options B, C, and D misrepresent IaC by suggesting it eliminates necessary operational practices like monitoring, security, and testing.

Question 7 · Infrastructure as Code (IaC) with Terraform

Your team wants to manage a hybrid cloud environment with on-premises Kubernetes clusters and AWS EKS clusters using a single Terraform workflow. What is the primary advantage of using Terraform for this scenario?

• Terraform's provider ecosystem allows you to manage both on-premises and cloud resources through a unified configuration language and state management
• Terraform automatically migrates workloads between on-premises and cloud environments without configuration changes
• Terraform eliminates the need for separate networking configurations between on-premises and cloud resources
• Terraform removes the requirement to maintain separate credentials for on-premises and cloud infrastructure

Correct answer: Terraform's provider ecosystem allows you to manage both on-premises and cloud resources through a unified configuration language and state management

Terraform's extensive provider ecosystem (Kubernetes provider, AWS provider, etc.) enables unified management of heterogeneous infrastructure through a single HCL configuration and state backend. Options B and C are incorrect because Terraform doesn't automatically handle migrations or eliminate networking complexity, and option D misrepresents credential management.

Question 8 · Infrastructure as Code (IaC) with Terraform

You need to deploy a database that works across multiple cloud providers but requires different instance types and configurations for each. How should you structure your Terraform code?

• Use a module with variables that accept cloud provider as input, then use conditional expressions and locals to set provider-specific values
• Create completely separate modules for each cloud provider and import them based on manual selection
• Hard-code all cloud-specific values directly in the resource blocks and duplicate resources for each provider
• Use Terraform workspaces to store different configurations for each cloud provider

Correct answer: Use a module with variables that accept cloud provider as input, then use conditional expressions and locals to set provider-specific values

Using variables, conditional logic, and locals within a single module enables cloud-agnostic, reusable code that adapts to different providers. Option B violates DRY principles, C is unmaintainable, and D misuses workspaces which are designed for managing state, not storing configuration logic.

Question 9 · Infrastructure as Code (IaC) with Terraform

What is the primary way Terraform manages infrastructure drift in a multi-cloud environment?

• By maintaining a state file that tracks the desired configuration and comparing it against actual cloud resources during plan and apply operations
• By continuously monitoring cloud resources and automatically reverting any manual changes made outside of Terraform
• By preventing users from accessing cloud provider consoles to make manual changes
• By using cloud provider APIs to detect changes and notify administrators via email

Correct answer: By maintaining a state file that tracks the desired configuration and comparing it against actual cloud resources during plan and apply operations

Terraform's state file is the source of truth that tracks desired infrastructure state, and terraform plan compares it against actual resources to detect drift. Option B is incorrect because Terraform doesn't automatically revert changes; option C is impractical, and option D describes monitoring rather than drift management.

Question 10 · Infrastructure as Code (IaC) with Terraform

You are designing an IaC strategy for a service-agnostic workflow that must support AWS, Azure, GCP, and custom on-premises APIs. Which Terraform feature is most critical for this approach?

• The provider plugin architecture, which allows Terraform to interact with any service that has a provider implementation
• Terraform Cloud's version control integration, which stores all infrastructure code in a central repository
• The terraform import command, which automatically converts existing resources into Terraform code
• Terraform modules, which eliminate the need for writing any custom resource configurations

Correct answer: The provider plugin architecture, which allows Terraform to interact with any service that has a provider implementation

The provider plugin architecture is fundamental to Terraform's service-agnostic design, allowing it to manage any infrastructure or service with a compatible provider. Option B addresses version control, not service abstraction; C handles migration, not design; and D is incorrect because modules still require resource definitions.