Terraform Fundamental Questions – 50 Questions with Answers

In recent times, there has been a rise in the adoption of cloud computing which has opened doors to many new opportunities. The sheer diversity and volume of jobs in cloud computing have made it favorable for many aspirants.

Why is Terraform so popular? This is because every aspect of the cloud computing landscape is significant to all IT professional jobs. The emergence of DevOps is responsible for the popularity of tools like Terraform. To go ahead in your career, you will have to face terraform interview questions. We have compiled a list of most frequently asked terraform multiple choice questions, and these questions cover all type of levels:

Question 1: What happens when a terraform plan is executed?

A. Applies the changes required in the target infrastructure in order to reach the desired configuration
B. Reconciles the state Terraform knows about with the real-world infrastructure
C. Creates an execution plan and determines what changes are required to achieve the desired state in the configuration files.
D. The backend is initialized and the working directory is prepped

Answer: C

Question 2: You’ve been given requirements to create a security group for a new application. Since your organization standardizes on Terraform, you want to add this new security group with the fewest number of lines of code. What feature could you use to iterate over a list of required tcp ports to add to the new security group?

A. Dynamic block
B. Dynamic backend
C. Terraform import
D. Splat expression

Answer: A

Question 3: Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward. What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?

A. Using terraform import, import the existing infrastructure into your Terraform state
B. Resources that are manually deployed in the AWS console cannot be imported by Terraform
C. Submit a ticket to AWS and ask them to export the state of all existing resources and use terraform Import to import them into the state file
D. Delete the existing resources and recreate them using new a Terraform configuration so Terraform can manage them moving forward

Answer: A

Question 4: What is the best and easiest way for Terraform to read and write secrets from HashiCorp Vault?

A. Integration with a tool like Jenkins
B. CLI access from the same machine running Terraform
C. Vault provider
D. API access using the AppRole auth method

Answer: C

Question 5: What are some of the features of Terraform state? (Select three)

A. Inspection of cloud resources
B. Determining the correct order to destroy resources
C. Mapping configuration to real-world resources
D. Increased performance

Answer: B, C, D

Question 6: In regards to Terraform state file, select all the statements below which are correct: (select four)

A. When using local state, the state file is stored in plain-text
B. The Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access
C. The state file is always encrypted at rest
D. Storing state remotely can provide better security
E. Using the mask feature, you can instruct Terraform to mask sensitive data in the state file
F. Terraform Cloud always encrypts state at rest

Answer: A, B, D, F

Question 7: True or False: You can migrate the Terraform backend but only if there are no resources currently being managed.

A. False
B. True

Answer: FALSE

Question 8: When configuring a remote backend in Terraform, it might be a good idea to purposely omit some of the required arguments to ensure secrets and other important data aren’t inadvertently shared with others. What are the ways the remaining configuration can be added to Terraform so it can initialize and communicate with the backend? (Select three)

A. Interactively on the command line
B. Directly querying HashiCorp Vault for the secrets
C. Use the -backend-config = PATH to specify a separate config file
D. Command-line key/value pairs

Answer: A, C, D

Question 9: In order to make a Terraform configuration file dynamic and/or reusable, static values should be converted to use what?

A. Regular expressions
B. Module
C. Input parameters
D. Output value

Answer: C

Question 10: Which of the following represents a feature of Terraform Cloud that is NOT free to customers?

A. Workspace management
B. VCS integration
C. Private module registry
D. Roles and team management

Answer: D

Question 11: Select the feature below that best completes the sentence: The following list represents the different types of ___________ available in Terraform.
Max
Min
Join
Replace
List
Length
Range

A. Data sources
B. Backends
C. Named values
D. Functions

Answer: D

Question 12: What is the purpose of using the local-exec provisioner? (Select two)

A. To invoke a local executable
B. Executes a command on the resource to invoke an update to the Terraform state
C. Ensures that the resource is only executed in the local infrastructure where Terraform is deployed
D. To execute one or more commands on the machine running Terraform

Answer: A, D

Question 13: Terraform-specific settings and behaviors are declared in which configuration block type?

A. Terraform
B. Data
C. Provider
D. Resource

Answer: A

Question 14: After executing a terraform apply, you notice that a resource has a tilde (~) next to it. What does this infer?

A. Terraform can’t determine how to proceed due to a problem with the state file
B. The resource will be created
C. The resource will be destroyed and recreated
D. The resource will be updated in place

Answer: D

Question 15: Given the Terraform configuration below, in which order will the resources be created?

resource “aws_instance” “web_server” {
ami = “i-abdce12345”
instance_type = “t2.micro”
}
resource ““aws_eip” ““web_server_ip” {
Vpc = true
instance = aws_instance.web_server.id
}

A. resources will be created simultaneously
B. aws_eip will be created first, aws_instance will be created second
C. aws_instance will be created first, aws_eip will be created second

Answer: C

Question 16: Select the answer below that completes the following statement: Terraform Cloud can be managed from the CLI but requires __________?

A. a TOTP token
B. authentication using MFA
C. a username and password
D. an API token

Answer: D

Question 17: True or False: Provisioners should only be used as a last resort.

A. True
B. False

Answer: TRUE

Question 18: Which of the following Terraform files should be ignored by Git when committing code to a repo? (Select two)

A. variables.tf
B. terraform.tfvars
C. terraform.tfstate
D. output-tf

Answer: B, C

Question 19: Using multi-cloud and provider-agnostic tools provides which of the following benefits? (Select two)

A. Slower provisioning speed allows the operations team to catch mistakes before they are applied
B. Can be used across major cloud providers and VM hypervisors
C. Increased risk due to all infrastructure relying on a single tool for management
D. Operations teams only need to learn and manage a single tool to manage infrastructure, regardless of Where the infrastructure is deployed

Answer: B, D

Question 20: Which of the following is considered a Terraform plugin?

A. Terraform language
B. Terraform logic
C. Terraform provider
D. Terraform tooling

Answer: C

Question 21: What are the benefits of using Infrastructure as Code? (Select five)

A. Infrastructure as Code easily replaces development languages such as Go and .Net for application development
B. Infrastructure as Code is relatively simple to learn and write, regardless of a user’s prior experience with developing code
C. Infrastructure as Code allows a user to turn a manual task into a simple, automated deployment
D. Infrastructure as Code gives the user the ability to recreate an application’s infrastructure for disaster recovery scenarios
E. Infrastructure as Code is easily repeatable, allowing the user to reuse code to deploy similar, yet different resources
F. Infrastructure as Code provides configuration consistency and standardization among deployments

Answer: B, C, D, E, F

Question 22: When using parent/child modules to deploy infrastructure, how would you export a value from one module to import into another module. For example, a module dynamically deploys an application instance or virtual machine, and you need the IP address in another module to configure a related DNS record in order to reach the newly deployed application.

A. Configure an output value in the application module in order to use that value for the DNS module
B. Preconfigure the IP address as a parameter in the DNS module
C. Configure the pertinent provider’s configuration with a list of possible IP addresses to use
D. Export the value using terraform export and input the value using terraform input

Answer: A

Question 23: After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?

A. WARN
B. INFO
C. TRACE
D. ERROR
E. DEBUG

Answer: C

Question 24: What Terraform command can be used to inspect the current state file?
Example:
#aws-instance.example:
resource “aws_instance” “example” {
ami = “ami-2757f631″
arn = “arn: aws:ec2:us-east-1: 130490850807 : instance/i-0
associate_public_ip address = true
availability_zone = “us-east-1c”
cpu_core_count = 1
cpu_threads_per_core = 1
disable_api_termination = false
ebs_optimized = false
get_password data data = false
id = “i-0bbf06244e44211d1”
instance_state = “running”
instance_type = t2.micro”

A. Terraform show (Correct)
B. Terraform read
C. Terraform inspect
D. Terraform state

Answer: A

Question 25: What are some of the problems of how infrastructure was traditionally managed before Infrastructure as Code? (Select three)

A. Traditionally managed infrastructure can’t keep up with cyclic or elastic applications
B. Requests for infrastructure or hardware required a ticket, increasing the time required to deploy applications
C. Pointing and clicking in a management console is a scalable approach and reduces human error as businesses are moving to a multi-cloud deployment model
D. Traditional deployment methods are not able to meet the demands of the modern business where resources tend to live days to weeks, rather than months to years

Answer: A, B, D

Question 26: What is a downside to using the Vault provider to read secrets from Vault?

A. Terraform and Vault must be running on the same version
B. Terraform and Vault must be running on the same physical host
C. secrets are persisted to the state file and plans
D. Terraform requires a unique auth method to work with Vault

Answer: C

Question 27: Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?

A. required-provider
B. required_providers
C. required_versions
D. required-version

Answer: B

Question 28: Which of the following actions are performed during a terraform init? (Select three)

A. provisions the declared resources in your configuration
B. initializes downloaded and/or installed providers
C. initializes the backend configuration
D. download the declared providers which are supported by HashiCorp

Answer: B, C, D

Question 29: Which of the following connection types are supported by the remote-exec provisioner? (Select two)

A. rdp
B. ssh
C. smb
D. winrm

Answer: B, D

Question 30: Which of the following best describes a Terraform provider?

A. a container for multiple resources that are used together
B. describes an infrastructure object, such as a virtual network, compute instance, or other components
C. serves as a parameter for a Terraform module that allows a module to be customized
D. a plugin that Terraform uses to translate the API interactions with the service or provider

Answer: D

Question 31: In the example below, where is the value of the DNS record’s IP address originating from?
resource “aws_route53_record” “www” {
zone_id = aws_route53_zone.primary.zone_id
name = “www.helloworld.com”
type = “A”
ttl = “300”
records = [module.web_server.instance_ip_ addr]
}

A. value of the web_server parameter from the variables.tf file
B. the regular expression named module.web_server
C. by querying the AWS EC2 API to retrieve the IP address
D. the output of a module named web_server

Answer: D

Question 32: What happens when a terraform apply command is executed?

A. applies the changes required in the target infrastructure in order to reach the desired configuration
B. the backend is initialized and the working directory is prepped
C. reconciles the state Terraform knows about with the real-world infrastructure
D. creates the execution plan for the deployment of resources

Answer: A

Question 33: In regards to deploying resources in multi-cloud environments, what are some of the benefits of using Terraform rather than a provider’s native tooling? (Select three)

A. Terraform can help businesses deploy applications on multiple clouds and on-premises infrastructure
B. Terraform is not cloud-agnostic and can be used to deploy resources across a single public cloud
C. Terraform simplifies management and orchestration, helping operators build large-scale, multi-cloud infrastructure
D. Terraform can manage cross-cloud dependencies

Answer: A, C, D

Question 34: HashiCorp offers multiple versions of Terraform, including Terraform open-source, Terraform Cloud, and Terraform Enterprise. Which of the following Terraform features are only available in the Enterprise edition? (Select four)

A. Audit Logs
B. Sentinel
C. SAML/SSO
D. Private Network Connectivity
E. Private Module Registry
F. Clustering

Answer: A, C, D, F

Question 35: What does the command terraform fmt do?

A. updates the font of the configuration file to the official font supported by HashiCorp
B. deletes the existing configuration file
C. rewrite Terraform configuration files to a canonical format and style
D. formats the state file in order to ensure the latest state of resources can be obtained

Answer: C

Question 36: Why is it a good idea to declare the required version of a provider in a Terraform configuration file?
terraform {
required _providers {
aws = “ ~ > 1.0”
}
}

A. providers are released on a separate schedule from Terraform itself; therefore a newer version could introduce breaking changes
B. to match the version number of your application being deployed via Terraform
C. to remove older versions of the provider
D. to ensure that the provider version matches the version of Terraform you are using

Answer: A

Question 37: What Terraform feature is shown in the example below?
resource “aws_security_group” “example” {
mame = “sg-app-web-01″
dynamic “ingress” {
for_each = var.service_ports
content {
from_port = ingress.value
to_port = ingress.value
protocol = “tcp”
}
}
}

A. local values
B. conditional expression
C. dynamic block
D. data source

Answer: C

Question 38: You want to use terraform import to start managing infrastructure that was not originally provisioned through infrastructure as code. Before you can import the resource’s current state, what must you do in order to prepare to manage these resources using Terraform?

A. update the configuration file to include the new resources
B. shut down or stop using the resources being imported so no changes are inadvertently missed
C. modify the Terraform state file to add the new resources
D. run terraform refresh to ensure that the state file has the latest information for existing resources.

Answer: A

Question 39: Which Terraform command will force a marked resource to be destroyed and recreated on the next apply?

A. terraform taint
B. terrform fmt
C. terraform destroy
D. terraform refresh

Answer: A

Question 40:
True or False: A list (…) may contain a number of values of the same type while an object (…) can contain a number of values of different types.

A. True
B. False

Answer: TRUE

Question 41: Which of the following allows Terraform users to apply policy as code to enforce standardized configurations for resources being deployed via infrastructure as code?

A. functions
B. sentinel
C. module registry
D. workspaces

Answer: B

Question 42:
In Terraform Enterprise, a workspace can be mapped to how many VCS repos?

A. 1
B. 5
C. 3
D. 2

Answer: A

Question 43: True or False: Multiple providers can be declared within a single Terraform configuration file.

A. False
B. True

Answer: TRUE

Question 44: By default, where does Terraform store its state file? ffffffff

A. Amazon S3 bucket
B. shared directory
C. current working directory
D. remotely using Terraform Cloud

Answer: C

Question 45: True or False: State is a requirement for Terraform to function.

A. False
B. True

Answer: TRUE

Question 46: When multiple engineers start deploying infrastructure using the same state file, what is a feature of remote state storage that is critical to ensure the state doesn’t become corrupt?

A. object storage
B. encryption
C. state locking
D. workspaces

Answer: C

Question 47: Select two answers to complete the following sentence: Before a new provider can be used, it must be __________ and __________.

A. declared in the configuration
B. uploaded to source control
C. approved by HashiCorp
D. initialized

Answer: A, D

Question 48: True or False: Workspaces provide identical functionality in the open-source, Terraform Cloud, and Enterprise versions of Terraform.

A. False
B. True

Answer: FALSE

Question 49: Which of the following best describes the default local backend?

A. The local backend is where Terraform Enterprise stores logs to be processed by an log collector
B. The local backend is how Terraform connects to public cloud services, such as AWS, Azure, or GCP.
C. The local backend is the directory where resources deployed by Terraform have direct access to in order to update their current state
D. The local backend stores state on the local filesystem, locks the state using system APIs, and performs operations locally.

Answer: D

Question 50: From the answers below, select the advantages of using Infrastructure as Code. (Select four)

A. Provide reusable modules for easy sharing and collaboration
B. Easily integrate with application workflows (GitLab Actions, Azure DevOps, Cl/CD tools)
C. provide a codified workflow to develop customer-facing applications
D. Easily change and update existing infrastructure
E. Safely test modifications using a “dry run” before applying any actual changes

Answer: A, B, D, E

You may also read:

Leave a Reply