--- shuffleAnswers: true shuffleQuestions: true nQuestions: 25 introduction: >
The test contains a set of questions and there is no time limit. The test is not official, it's just one of the most efficient ways to see how much you know, or don't know, about the subject.

Count your score

You will get 1 point for each correct answer. At the end of the Quiz, your total score will be displayed.

Reflect on you answers

Please conduct a self review of your answers once you complete the quiz test. Being an active participant in your own evaluation, honestly assess your strengths and also areas you need to improve. Good luck!

---

--- # How can you delete the default workspace? > You can’t delete the default workspace. 1. [ ] terraform workspace delete default 1. [ ] terraform delete workspace default 1. [ ] terraform workspace -rm default 1. [x] None of the options # you are a Senior DevOps Engineer and you want to provision your infrastructure Terraform code in different environments having your Terraform configuration DRY. What is the best way to do it? You also want to minimize the number of changes in your code (Choose the best answer regarding best practices in Terraform and DevOps) 1. [x] Have a different var file per environment and apply those files to your Terraform Configuration 1. [ ] Have different branches in your Git repository with different var files 1. [ ] Move out from Terraform and use Terragrunt 1. [ ] Both A and B are correct # How can you view the value of a particular output using the CLI? The output you want to query was declared like output "ips” { value = aws_instance.frontend.*.public_ip } 1. [ ] terraform output show 1. [ ] terraform output show ips 1. [ ] terraform output 1. [x] terraform output ips # You want to assign the default value "No description set up” to a variable in your Terraform code just if a value has not been assigned on the variables.tf. If this value has content, you can assign the value to the variabl1. [ ] How can you perform this in your Terraform code? 1. [A] description = var.description == "null” ? "No description set up” : var.description 1. [ ] description = if var.description == "null” then "No description set up” else var.description 1. [ ] description = if (var.description == "null”) then { "No description set up” } else { var.description } 1. [ ] description = var.description == "null” : "No description set up” ? var.description # An EC2 instance must have its instance type changed to "t3.large" while maintaining its preset settings. What modifications do you make to achieve this objective? 1. [ ] Issue `terraform plan instance.type.t2.large` so it deploys the instance. > Incorrect as the above the syntax is incorrect. 1. [ ] Modify the `tf.variables` with the instance type and issue `terraform apply` > Incorrect because it is recommended that instead of modifying the default values, you modify the `terraform.tfvars` variables, as there are no `tf.variables` in terraform. 1. [ ] Create a new file `my.tfvars` and add the type of the instance and issue `terraform plan` and `terraform apply` > Incorrect because the suggested file type for Terraform is `terraform.tfvars`. 1. [x] Modify the `terraform.tfvars` with the instance type and issue `terraform plan` and then terraform apply to deploy the instances > Correct, since it checks the values after altering the terraform.tfvars and then issues terraform apply. > https://www.terraform.io/docs/commands/environment-variables.html https://www.terraform.io/docs/commands/plan.html # You're moving your company's infrastructure to Azure and want to use Terraform to develop and migrate existing resources. Your job is to plan and implement this process while ensuring the correct transfer of old infrastructure. However, you encountered issues with the "terraform import" command. What factors should you consider when using this command to import resources? 1. [ ] Ensure the existing resources are in a shutdown state so that during import there are no issues. 1. [x] Ensure the resources of the existing infrastructure are updated in the configuration file. > Terraform has the capability to import a resource into a state file, but not directly into a configuration file. To ensure a successful import, it's recommended to manually add the resource configuration before running the "terraform import" command. 1. [ ] Add all the resource details to state files. 1. [ ] Run terraform show and refresh to see updated state files and then terraform import. https://www.terraform.io/docs/cli/import/index.html # Select the best option to make the terraform code more user-configurable. 1. [ ] Variables 1. [ ] Local values 1. [ ] Modules 1. [x] Input Variable > Input variables are used as parameters in Terraform modules, allowing them to be customised without modifying the module's source code and allowing modules to be shared across configurations.
You can set the values of variables declared in the root module of your configuration using CLI options and environment variables.
The calling module should pass values to the module block when declaring them in child modules.
Comparing Terraform modules to function definitions can be useful if you're familiar with traditional programming languages:
Function arguments are analogous to input variables.
Function return values are analogous to output values.

Local values are similar to the temporary local variables in a function. > https://www.terraform.io/docs/language/values/variables.html # Which of the following is a meta-argument that is specified in Terraform configuration files? 1. [ ] tfvar > Incorrect option, tfvars refers to the file extension rather than a meta-argument for configurations within the files. 1. [ ] instance_aws > incorrect: instance aws is the resource type that Terraform uses to create VMs in AWS. It's an AWS predefined resource type, not a file-based configuration. 1. [ ] var1 > incorrect: var1 is a word used to define a variable, not a meta-argument, so it is incorrect. 1. [x] depends_on > depends_on is the meta-argument defined in the configuration files of Terraform. https://www.terraform.io/docs/language/metaarguments/depends_on.html # Which option will you use to run provisioners that are not associated with any resources? 1. [ ] local-exec 1. [ ] salt-masterless 1. [ ] remote-exec 1. [x] null_resource > You can associate provisioners that aren't directly associated with a resource with a null resource if you need to run them.
Explanation can be found at the following link:
https://www.terraform.io/docs/language/resources/provisioners/null_resource.html # You have an AWS provider that you can expand with various resource chunks. Three new resource blocks have been added: an EC2 resource block, a load balancer resource block, and a GCP (Google cloud service) resource block. [ ] Will this arrangement be successful? 1. [ ] True 1. [x] False > Multiple resources can be created for the same supplier. However, we won't be able to create numerous resources for various providers without the alias command. >Reference: https://www.terraform.io/docs/language/providers/configuration.html # Dynamic blocks allow for the creation of multiple nested blocks within a resource. 1. [ ] False 1. [x] True > Dynamic blocks allow for numerous nested blocks. Long code is avoided with its help, and administration is made easier.
Similar to a for expression, a dynamic block generates nested blocks rather than a complicated typed value. Iterating over a complex number produces nested blocks for each of its components.
> Reference: https://www.terraform.io/docs/language/expressions/dynamicblocks.html # Can modifications to existing instances, such as adding tools and configurations, be done using remote provisioner? 1. [ ] True > Provisioners are of two types: - Creation Time Provisioner - Destroy time provisioner 1. [x] False > When a resource is generated or destroyed, not updated, provisioners are called. Previously created machines must either be tainted or recreated with the updated provisioner code integrated into the same code in order to run tools on them. > Reference: https://www.terraform.io/docs/language/resources/provisioners/syntax.html # You unintentionally removed an Amazon Web Services (AWS) EC2 instance from your cloud resources. You've included the terraform code for the same resource in the configuration as it is now. If I use Terraform Apply, will the EC2 resource be created with the same configuration? 1. [ ] False 1. [x] True > Yes, the resource will be created and updated in the terraform state file. # You are the Terraform lead, and you wrote all of the Terraform code.If a member of your team wants to apply the Terraform configuration to real infrastructure, they must approach you and ask you to apply the code or run the terraform apply command. Is it true or false? 1. [ ] True 1. [x] False > It doesn't matter if you created the terraform plan; others can still apply to it. When code is written in the real world, it is pushed to a version control system (Example: Git). Any member of the team can then take the code and apply it or make changes to it. There's no need to rely on a single person for anything. # null-exec is the provisioner that is applied on machine where terraform is running locally with null variable. 1. [ ] True 1. [x] False > local-exec is the provisioner to be used whenever you want to run locally # A newbie has been assigned to the project and has been tasked with configuring the application on the servers. Terraform is used to create all of the servers. He succeeded in configuring all servers except one, which is messed up due to application configuration. As a result, he intends to deactivate this server and replace it with a new one. How can terraform be used to accomplish this? 1. [ ] `terraform destroy –target=resource_name.variable_name` > because it destroys but does not recreate the resource. 1. [ ] `terraform plan -target=resource_name.variable_name` and then `terraform apply` > because this command does not destroy or recreate resources; instead, it only plans the changes that need to be made. 1. [x] `terraform taint resource_name.variable_name` and then `terraform apply` > because taint marks a Terraformmanaged resource as tainted, requiring it to be destroyed and recreated on the next apply. 1. [ ] `terraform state rm resource_name.variable_name` and then `terraform apply` > because it destroys the resource rather than regenerating it. If we just want to recreate a terraform-managed resource, we can use the `taint` command, which will mark the resource as tainted and destroy and recreate a similar resource in the next apply. It only changes the state file once taint is applied. It marks the resource status as tainted. > For more information: https://www.terraform.io/docs/commands/taint.html # What happens when terraform taint is applied on a resource? 1. [ ] terraform will destroy the resource > because taint does not destroy resources; instead, it marks them for recreation in a subsequent application. 1. [x] terraform will modify the state file with resource status marked as tainted. > because the resource is marked for recreation in the state file by taint. In the state file, it marks the status as tainted. 1. [ ] terraform will destroy and recreate a new resource with same configuration. > because the taint command cannot delete and recreate a file on its own. 1. [ ] terraform destroys and recreate all resources in the state file. > because taint only recreates a resource that has been mentioned in the command. All resources in the state file will not be recreated. The terraform taint command taints a Terraform-managed resource, causing it to be destroyed and recreated on the next apply. When this command is used, the status is only marked as tainted in the state file. Terraform apply should be used to recreate a resource. > For more information: https://www.terraform.io/docs/commands/taint.html # Bob has created 2 servers using the following block for terraform configuration. He wants to destroy only the second server as he is not using, without user interaction. How we can achieve this? Select an option: ```terraform resource "aws_instance" "web" { ami = ami-0123456789 instance_type = "t3.micro" count = 2 } ``` 1. [ ] terraform destroy –target=aws_instance.web[2] > because if the user wants to delete two servers, the index will be one because the index starts at zero. 1. [x] terraform destroy –target=aws_instance.web[1] –auto-approve > because this command is used to destroy the target without requiring the user's involvement. 1. [ ] terraform destroy –resource=aws_instance.web[1] > because the destroy command does not have a resource option. 1. [ ] terraform destroy –resource=aws_instance.web[2] –auto-approve > because the destroy command does not have a resource option. > https://www.terraform.io/docs/commands/destroy.html > http://man.hubwiz.com/docset/Terraform.docset/Contents/Resources/Documents/docs/commands/plan.html#resource-targeting > http://man.hubwiz.com/docset/Terraform.docset/Contents/Resources/Documents/docs/internals/resource-addressing.html # Terraform was used by Bob to launch a server. He wanted to increase the size of the server from 2GB to 4G1. [ ] He modifies the configuration and applies the Terraform plan before taking a break. However, another team member manually changes the size to 4GB from the cloud provider console. What happens when Bob applies terraform? 1. [ ] Terraform will destroy and create a new server with 4G1. `Apply complete! Resources: 1 added, 0 changed, 1 destroyed.` > Because the size of terraform is already 4 GB, so it will not create, destroy, or create. 1. [ ] Terraform will create a new server with 4G1. `Apply complete! Resources: 1 added, 0 changed, 0 destroyed.` > INACCURATE because terraform will not create a new resource if one already exists. 1. [x] Terraform will not do any changes as already server is of size 4Gd. `Apply complete! Resources: 0 added, 0 changed, 0 destroyed.` > Because the server has already reached the desired state and Terraform will not make any changes. 1. [ ] Terraform will try to change the server size again to 4G1. `Apply complete! Resources: 0 added, 1 changed, 0 destroyed.` > Because terraform will not make any changes. It refreshes the state whenever it tries to make any changes to see what the current state is. The current state is then compared to the desired state specified in the configuration file. Then it decides what because the server has already reached the desired state. Terraform makes use of the terms "desired state" and "current state." modifications to make. # You are making changes to terraform configuration. In which of the below cases do you need to execute terraform init everytime? - [x] on any new environment that configures a backend - [x] on removing backend configuration completely - [ ] when there is no change of backend configuration - [ ] Every time you add some configs, you run init so that it makes sure everything is up to date > https://www.terraform.io/docs/cli/commands/init.html > https://www.terraform.io/docs/backends/init.html # You are new to terraform and have been asked to find that what is created/target resource name for the below code? ```terraform resource "azurerm_resource_group" "rg" { name = "testrg" location = "eastus2" } ``` 1. [ ] rg 1. [x] testrg > The name of the created resource group would be "testrg" 1. [ ] azurerm_resource_group.rg 1. [ ] resource # What is the use of local-exec in Terraform? Select all that apply. - [ ] to invoke commands locally on remote host - [x] usually to run commands on the machine where terraform is running > After a resource is created, the local-exec provisioner calls a local executable. This starts a process on the Terraform-running machine, not on the resource. - [x] use to invoke scripts locally > After a resource is created, the local-exec provisioner calls a local executable. This starts a process on the Terraform-running machine, not on the resource. - [ ] locally create variables and run interrafrom > https://www.terraform.io/docs/language/resources/provisioners/localexec.html # Does terraform import automatically creates the configuration file as well in version 0.13? 1. [ ] True 1. [x] False > Terraform import updates the state file but does not create the configuration file. As a result, we'll have to write the configuration block for the resource we're importing by hand. Then we run the import command with the created resource block as an argument, which maps the imported resource to the written resource block. To import a manually created AWS instance with the `instance-id iabcd1234`, follow these steps. We manually write a configuration block before running `terraform import`, and then we run import to map to this resource block. ```terraform resource "aws_instance" "web" { ami = ami-0123456789 instance_type = "t3.micro" } terraform import aws_instance.web i-abcd1234 ``` > For more information: https://www.terraform.io/docs/commands/import.html # Is terraform destroy the only method to delete a resource provisioned by terraform? 1. [ ] True 1. [x] False > Terraform destroy was the only command to destroy infrastructure until Terraform version 0.15, but in Terraform 0.15.2 and later versions, terraform apply -destroy is also used to destroy infrastructure. > For more information: > https://www.terraform.io/docs/cli/commands/destroy.html > https://www.terraform.io/docs/cli/commands/apply.html # On terraform plan/terraform apply logs, what is the meaning of tilde(~) sign? Please choose from below: 1. [ ] The resource will be created. > because it does not imply the creation of resources. 1. [ ] resource will be destroyed > because the +/- symbol creates and destroys resources. 1. [x] resource will be updated in place. > because it indicates that the resource will be updated in place. 1. [ ] Due to error in provisioner this execution this symbol is placed. Resource will be recreated. > INACCURATE if the provisioner resource is tainted by an error. > For more information: https://learn.hashicorp.com/tutorials/terraform/aws-change # When the below configuration is applied using terraform apply, it outputs in format db_password=. Will the output value be saved as sensitive in state file as well? ```terraform output "db_password" { value = aws_db_instance.db.password description = "The password for logging in to the database." sensitive = true } ``` 1. [ ] Yes 1. [x] No (right) > Sensitive output values are still recorded in the state, and anyone with access to the state data will be able to see them. Remotely storing state can improve security. Terraform does not save state to the local disc when using remote state as of Terraform 0.9, and some backends can be configured to encrypt state data at rest. > For more information: https://www.terraform.io/docs/configuration/outputs.html#sensitivesuppressing-values-in-cli-output > https://www.terraform.io/docs/state/sensitive-data.html # In the following configuration snippet, depends_on argument signifies which dependency? ```terraform resource "aws_instance" "web" { ami = ami-a123456789b instance_type = "t3.micro" depends_on = [aws_s3_bucket.web_bucket] } ``` 1. [x] explicit dependency (right) > because a data block's source can be local. 1. [ ] direct dependency > because data sources can come from anywhere. We also have the option of having our own source. 1. [ ] implicit dependency > because the data source can make use of data from another configuration 1. [ ] internal dependency > allows filters on the INCORRECT data block. > https://www.terraform.io/docs/language/resources/syntax.html > https://learn.hashicorp.com/tutorials/terraform/dependencies # Terraform block is used to configure terraform configurations and settings 1. [ ] False 1. [x] True > Terraform block is used to configure the terraform-related configurations and settings. > Reference: https://www.terraform.io/docs/language/settings/index.html # You configured a variable but failed to assign a value to it. Is there an input value required when you run 'terraform plan'? 1. [x] True > When a variable is used but no value is configured during terraform plan or terraform apply, the command line interface will prompt for the variable value. 1. [ ] False # You can scale the resources by incrementing the number using the count meta-argument. 1. [ ] False 1. [x] True > One of the reserved words is count. Instead of repeating the resources, count can be used to scale. The count meta-argument takes a single number and creates that many copies of the resource or module. > Reference: https://www.terraform.io/docs/language/meta-arguments/count.html # Can alias be used to define multiple configurations for using the same provider for different resources? 1. [ ] False 1. [x] True > When the same provider with different configurations and resources is to be used, alias is used. The main reason for this is to allow a cloud platform to support multiple regions; other examples include targeting multiple Docker hosts, multiple Consul hosts, and so on.Include multiple provider blocks with the same provider name to create multiple configurations for a given provider. >Reference: https://www.terraform.io/docs/language/providers/configuration.html # The following is a code output from a Terraform configuration file: ```terraform provider "azure" { region = "us-east" } provider "azure" { region = "us-west" } ``` which, when validated, results in the following error: - ``` Error: Duplicate provider configuration on main.tf line 5: 5: provider "azure" { A default provider configuration for "azure" was already given at main.tf:1,1-15 ``` What meta-argument when added to the code, can be the solution for this error? 1. [ ] multi 1. [ ] input variables 1. [ ] resources 1. [x] alias > An alias is a terraform meta-argument that is used when the same provider is configured with different configurations in order to avoid errors. > Reference: https://www.terraform.io/docs/language/providers/configuration.html#alias-multiple-provider-configurations # Your colleague has created a resource group in azure manually. What will happen once you execute the terraform plan command? Select the correct answer. 1. [ ] Terrafrom plan will throw errors in the resources 1. [ ] Terraform plan shows ~ and updates everything 1. [ ] Terraform plan will show output to remove the manually created one 1. [x] Terrafrom plan will only show what is going to be configured but not anything manually configured > Terraform plan just creates a plan about the resource to be configured. In case, we execute terraform apply command, then terraform throws an error. # You have created an ec2 instance on AWS console with the name my-ec2 and instance id as i-123w8766. You are asked to import this instance. Which command would you choose to import? 1. [ ] `terraform import aws_instance i-123w8766` 1. [ ] `terraform import-my-ec2 i-123w8766` 1. [ ] `terraform import i-123w8766 my-ec2` 1. [x] `terrafom import aws_instance.my-ec2 i-123w8766` > Currently, the command can only import one resource at a time. This means that you can't yet use Terraform import to import an entire collection of resources, such as an AWS VPC. > https://www.terraform.io/docs/cli/commands/import.html # You have been asked to manually taint a resource using terraform command. Which command from below you will use? 1. [ ] `terraform taint -resource-name` 1. [x] `terraform taint type.name` > name of the terraform taint [options] The name argument specifies the name of the tainted resource. This argument has the format TYPE.NAME, such as aws instance.foo. terraform taint command is deprecated now in terraform version 0.15.2 and higher. 1. [ ] `terraform taint = resource.id` 1. [ ] `terraform taint resource.id – name` > http://man.hubwiz.com/docset/Terraform.docset/Contents/Resources/Documents/docs/commands/taint.html # After deploying an instance, your colleague wants to deploy some configurations. What are the steps he needs to take to install the configurations? 1. [ ] Use terraform remote provisoners to install. 1. [ ] Logon to instance and manually install as it is one time install. 1. [x] Take the data backup, taint/replace the resource, add the provisioner code and create the resource again. > We'll have to recreate the resource as provisioners, which can only run during the create or destroy phases and not in the middle. It is not possible to create a resource with the same name; doing so will result in the resource's destruction. As a result, we must make a backup of the resource and then recreate it. 1. [ ] Create an new instance with bootstrap configurations and clone it. > https://www.terraform.io/docs/cli/state/taint.html > https://www.terraform.io/docs/language/resources/provisioners/syntax.html # In the below-given code, what is the local name of the block? ```terraform resource "aws_instance" "test" { ami = "ami-test" instance_type = "t2.nano" vpc.id = "vpc-test1234" } ``` 1. [ ] aws_instance 1. [ ] Demo 1. [ ] resource 1. [x] test > We need a unique identifier for the resource block, which is resource type + local name. 'test' is the block's local name in this case. > https://www.terraform.io/docs/language/resources/index.html > https://www.terraform.io/docs/language/resources/syntax.html # The remote-exec provisioner supports SMB (Server Message Block) and RDP (Remote Desktop) connection types. Is it true or false? 1. [ ] True 1. [x] False > Ssh and winrm are the only connection types supported by remoteexec provisioner; SMB and RDP are not. > Reference: https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html # The tilde(~) sign appears in the logs after running the terraform plan command. The sign indicates whether the resource it refers to will be deleted when Terraform is applied. Is it true or false? 1. [ ] True 1. [x] False > Tilde symbol means resources will be updated. For example, if you have an ec2 instance as t2.micro and have ~t2.nano that means on the next terraform apply it will be t2.nano. # Please choose from the below command, which doesn’t destroy an instance, instead recreates? 1. [ ] `terraform refresh` 1. [x] `terraform taint` > `Terraform taint` Terraform receives notification from the terraform taint command that a specific object has been degraded or damaged 1. [ ] `terraform state mv` 1. [ ] `terraform plan -options` > https://www.terraform.io/docs/cli/commands/taint.html # Terraform dynamic blocks allow to have multiple nested blocks inside a resource. 1. [ ] False 1. [x] True > We can have multiple nested blocks using dynamic blocks. It aids in the avoidance of long code and facilitates management. A dynamic block is similar to a for expression, but instead of producing a complex typed value, it produces nested blocks. It generates a nested block for each element of a given complex value after iterating over it. > https://www.terraform.io/docs/language/expressions/dynamicblocks.html # If you apply a sensitive flag for database password while executing terraform plan & apply commands on the console, will the password be shown as plain text in logs? 1. [ ] True 1. [x] False > The output cannot be visible if the sensitive flag is used with terraform apply and plan. If you have access to state files, however, you can see the output as plaintext. # Having the following code. How you can define the arn of the instance as an output variable? ```terraform resource "aws_instance" "whizlabs" { instance_type = "t3.micro" } ``` 1. [x] output "arn" { value = aws_instance.whizlabs.arn } > The RESOURCE format is used to define an output variable. 1. [ ] output "arn" { value = aws_instance.arn } > because it lacks the RESOURCE NAME 1. [ ] variable output "arn" { value = aws_instance.whizlabs.arn } > because the output is not part of a block variable. 1. [ ] variable output "arn" { value = aws_instance.arn } > because the output is not part of a block variable. > References: > https://learn.hashicorp.com/tutorials/terraform/aws-outputs # What of the following code is a map variable? 1. [x] `amis = { "eu-west-1" = "ami-123" "eu-central-1" = "ami-456" }` > A map is a key-value formatted collection of different values. This is how Terraform represents a map variable. 1. [ ] `amis = [ "eu-west-1" = "ami-123" "eu-central-1" = "ami-456" ]` > because it is attempting to represent a list [] in an unsupported format. 1. [ ] `amis = [{ "eu-west-1" = "ami-123" "eu-central-1" = "ami-456" }]` > Because it represents a list of maps 1. [ ] `amis = ["eu-west-1" = "ami-123" , "eu-central-1" = "ami-456 ]` > because it is identical to B but is written in one line. > References: > https://www.terraform.io/docs/language/expressions/typeconstraints.html#map>
> https://www.terraform.io/docs/cli/commands/force-unlock.html#usage # You're a DevOps Engineer who needs to configure a few resources that require the subnet. Instead of IaC, the networking infrastructure was already built using the Cloud Provider Console. How can you get the subnet id values in Terraform if they weren't created with Terraform? 1. [x] Make use of datasources to Query resources that you need to retrieve. (It depends on the provider that you are using) > With Terraform, you can fetch data and make queries over resources that were already created in Terraform or even, outside of Terraform. An example using AWS could be: ```terraform data "aws_subnet" "selected" { id = var.subnet_id } ``` 1. [ ] You can’t Query resources already created in Terraform > because you can do this in Terraform with datasources and, depending on the provider, you can also apply filters to different resources that other members can access and read. 1. [ ] Use terraform import > because terraform import only adds infrastructure to the Terraform management system; instead, we should write our code directly into the Terraform code. 1. [ ] A & C > References:
> https://www.terraform.io/docs/language/data-sources/index.html
> https://www.terraform.io/docs/cli/import/index.html # What is the output of using the following function? ```terraform split(",", "we,love,terraform") ``` 1. [x] tolist([ "we", "love", "terraform", ]) > The correct answer is A. split is a function that returns a list of elements. 1. [ ] tomap({ "we", "love", "terraform", }) > because it does not return a map 1. [ ] tolist([ "we", ]) > because "," is not used as a separator in the output. 1. [ ] tolist([ "terraform", ]) > because "," is not used as a separator in the output. > Reference: https://www.terraform.io/docs/language/functions/split.html # Which kind of dependency you have in the following code? ```terraform data "aws_ami" "ubuntu" { most_recent = true filter { name = "name" values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["099720109477"] } resource "aws_instance" "whizlabs" { ami = data.aws_ami.ubuntu.id instance_type = "t3.micro" tags = { Name = "HelloWorld" } } ``` 1. [x] Implicit > Because the instance is requesting information from the datasource to be applied to the instance resource creation, A is the correct answer. Because the instance is awaiting this information, the execution order would be: - Get the data and information you're looking for. - Create the resource for the instance - By default, Terraform uses this dependency to determine the correct order in which to create resources. 1. [ ] Explicit > because our terraform code lacks an explicit depends on argument. 1. [ ] 0 1. [ ] None of the above > Reference: https://learn.hashicorp.com/tutorials/terraform/dependencies # You're new to Terraform and have been tasked with determining the name of the created/target resource for the following code. ```terraform resource "azurerm_resource_group" "rg" { name = "testrg" location = "eastus2" } ``` 1. [ ] rg 1. [ ] azurerm_resource_group.rg 1. [ ] resource 1. [x] testrg > The name of the created resource group would be "testrg" # Hashicorp suggests using local-exec provisioner to run scripts on local machines. 1. [ ] False 1. [x] True > The local-exec provisioner invokes a local executable after a resource is created. > References: https://www.terraform.io/docs/language/resources/provisioners/localexec.html # What is the use of local-exec in Terraform? Select all that apply. - [ ] to invoke commands locally on remote host - [x] usually to run commands on the machine where terraform is running > After a resource is created, the local-exec provisioner calls a local executable. This starts a process on the Terraform-running machine, not on the resource. - [x] use to invoke scripts locally > After a resource is created, the local-exec provisioner calls a local executable. This starts a process on the Terraform-running machine, not on the resource. - [ ] locally create variables and run interrafrom > https://www.terraform.io/docs/language/resources/provisioners/localexec.html # You are making changes to terraform configuration. In which of the below cases do you need to execute terraform init everytime? - [x] on any new environment that configures a backend - [x] on removing backend configuration completely - [ ] when there is no change of backend configuration - [ ] Every time you add some configs, you run init so that it makes sure everything is up to date > https://www.terraform.io/docs/cli/commands/init.html > https://www.terraform.io/docs/backends/init.html # You have the following configuration and have received an error message stating that the 'provider' configuration is duplicate. Which of the following commands will you use to ensure that multiple configurations are permitted? ```terraform provider "aws" { Region = us-west-2" } provider "aws" { Region = "eu-central-1" } provider "aws" { Region = ap-north-2" } ``` 1. [x] Alias > We can use the alias command to create multiple configurations for the same provider, each pointing to a different resource. 1. [ ] Label 1. [ ] Module 1. [ ] Resource for each provider > https://www.terraform.io/docs/configuration/providers.html # Do terraform workspaces help in adding/allowing multiple state files for a single configuration? 1. [ ] False 1. [x] True > Terraform workspaces allow configuring multiple state files and associating with a single configuration file > https://www.terraform.io/docs/state/workspaces.html_ # Where is saved the terraform state if a backend block definition has not been declared into the Terraform Code 1. [ ] Is saved in the $HOME directory as local.tfstate 1. [x] Is saved on the root path of the module as terraform.tfstate > Terraform will be used as the local backend by default if no backend definition has been declared, and will be saved on the relative root path of the module as terraform. Because the default state is not the name assigned by default when you don't specify a backend configuration, tfstate other options are incorrect. Also, if you execute your terraform outside of $HOME, $HOME is not completely accurate. 1. [ ] Is saved on the root path of the module as local.tfstate 1. [ ] Is saved in the $HOME directory as state.tfstate > Reference: https://www.terraform.io/docs/language/settings/backends/local.html#configuration-variables # You work as an AWS DevOps Engineer. What is the best way to avoid inconsistent states when multiple engineers are making changes to the infrastructure using the same Terraform Code and running it locally on their computers? 1. [ ] There is no need to do anything else. Terraform automatically will merge all the changes into the common state > because this option is not available by default in Terraform. 1. [x] You have to configure the State Locking in your backend configuration > You can use S3 to store the terraform state and DynamoDB to lock the state and prevent others from executing in parallel over the same state if you use AWS as a Cloud Provider. This will prevent a state of inconsistency. 1. [ ] Execute `terraform apply --lock=false` > because terraform should be used if locking is enabled in your backend configuration. —lock=true is an option to use. 1. [ ] Execute `terraform force-unlock LockId` > because it is used when the lock is acquired incorrectly and the State needs to be unlocked. This is not a good choice. You can use S3 to store the terraform state and DynamoDB to lock the state and prevent others from executing in parallel over the same state if you use AWS as a Cloud Provider. This will prevent a state of inconsistency. > References:
> https://www.terraform.io/docs/language/settings/backends/s3.html
> https://www.terraform.io/docs/cli/commands/force-unlock.html#usage # What is the best place to store the State to improve the collaboration between teams bearing in mind always the security? 1. [ ] Store the terraform state into your Source Code Control Version > because it may result in Terraform State Merge conflicts. 1. [ ] Store the terraform state into an NFS shared between the members > because sensitive information can be stored in plain text on an NFS server, which other members can access and read. 1. [x] Store the terraform state into a remote Backend such as s3, artifactory, etc > Using a remote Backend is the best way to collaborate between teams while keeping the Terraform State safe and storing secret information away from local instances. > Reference: https://learn.hashicorp.com/tutorials/terraform/aws-remote # You're a Lead DevOps Engineer, and you've noticed that engineers from your company have made manual changes to the Terraform resources. What is the best way to consolidate the Terraform State if those changes aren't consolidated in your state? 1. [x] terraform refresh > Terraform refresh will write into the terraform state to consolidate the real-world infrastructure with the state. 1. [ ] terraform plan. Look at the changes, and rewrite the code, and then execute terraform apply > because it does not integrate the state with real-world infrastructure and instead modifies the code with manually applied changes. 1. [ ] terraform reload > Because terraform reload does not exist 1. [ ] terraform init > because terraform init is used to set up the working directory with plugins, backends, and providers, but not to consolidate any possible drifts between the real world and the state file. > Reference: https://www.terraform.io/docs/cli/commands/refresh.html # You have the following code: ```terraform resource "aws_db_instance" "example" { engine = "mysql" engine_version = "5.7" instance_class = "db.t3.micro" name = "whizlabs" username = mylab password = my_course_password } ``` How the terraform state will be stored? - [ ] Sensitive values are encrypted by default for Terraform using AES-256 > because Terraform is unable to distinguish between sensitive and non-sensitive data. - [X] Terraform Cloud stored the terraform state encrypted at rest and using TLS in transit - [X] Terraform will store the values as plain text in a JSON file. > Reference: https://www.terraform.io/docs/language/state/sensitive-data.html