Free HashiCorp Terraform-Associate-003 Practice Exam with Questions & Answers | Set: 4

Detailed Explanation:

Rationale for Correct Answer (C):Credentials should not be hardcoded in Terraform files. Best practice is to configure them via environment variables or secret managers.

Analysis of Incorrect Options:

A: Shared servers introduce risk and drift.

B: Storing secrets in config/version control is insecure.

D: Incorrect since option C is valid.

Key Concept:Separation of credentials from code is a Terraform security best practice.

This is how Terraform chooses which version of the provider to use, when you add a new resource to an existing Terraform configuration, but do not update the version constraint in the configuration. The lock file records the exact version of each provider that was installed in your working directory, and ensures that Terraform will always use the same provider versions until you run terraform init -upgrade to update them.

Detailed Explanation:

Rationale for Correct Answer (A):Providers only interact with one specific platform or API. Terraform itself can work with multiple providers in one configuration, but a single provider is not responsible for provisioning across multiple cloud providers.

Analysis of Incorrect Options:

B. Managing actions to take based on resource differences: This is a provider responsibility (through the resource schema).

C. Managing resources and data sources based on an API: Correct — providers define resources/data sources and map them to API calls.

D. Understanding API interactions with a hosted service: Correct — providers encapsulate API logic to allow Terraform to manage resources.

Key Concept:Providers are API adapters. They handle CRUD operations for resources in their own ecosystem but do not span across multiple cloud platforms.

Detailed Explanation:

Rationale for Correct Answer (B):Provider version constraints in Terraform are specified using the version argument in the required_providers block, e.g.:

terraform {

required_providers {

aws = {

source = "hashicorp/aws"

version = "3.1"

}

}

}

This ensures Terraform always uses a specific provider version (or constraint expression).

Analysis of Incorrect Options:

A. version: Incomplete, no value specified.

C. version: 3.1: Incorrect syntax, Terraform uses = not :.

D. version - 3.1: Incorrect syntax, - is invalid here.

Key Concept:Defining provider version constraints ensures consistent provider behavior across environments and avoids breaking changes.

Detailed Explanation:

Rationale for Correct Answer:While HashiCorp publishes and maintains some official modules, many modules on the Terraform Registry are community-maintained. HashiCorp does not test or maintain all published modules. The Registry clearly distinguishes between official, partner, and community modules.

Analysis of Incorrect Options (Distractors):

A. True: Incorrect because not all Registry modules are maintained or tested by HashiCorp.

Key Concept:Understanding the difference between official, partner, and community modules in the Terraform Registry.

C (✅Correct)– If changes require aresource replacement(e.g., changing an immutable attribute like instance type), Terraform willdestroy and recreate the resource.

E (✅Correct)– Terraform only appliesthe configuration in the current directory or workspace.

Terraformdownloads modules and providersinto the .terraform directory inside the working directory.

A (/tmp/)– Incorrect; modules arenot stored temporarily.

C (In memory)– Incorrect; modules persist on disk.

D (Not cached)– Incorrect; Terraformdoes cache modulesfor efficiency.

Official Terraform Documentation Reference:

Terraform Module Caching

Terraform configuration can import modules from various sources, not only from the public registry. Modules can be sourced from local file paths, Git repositories, HTTP URLs, Mercurial repositories, S3 buckets, and GCS buckets. Terraform supports a number of common conventions and syntaxes for specifying module sources, as documented in the [Module Sources] page. References = [Module Sources]

The provider for theaws_vpcresource isaws, as the resource type begins withaws_, which denotes that it is managed by the AWS provider.

Destroy Command Options: Theterraform destroycommand is the correct method to destroy resources, and it requires either manual approval or the -auto-approve flag.

Unsupported Triggering Method: The--destroy flagis not a recognized option for plan or apply commands, making B the correct answer as it isnota valid way to initiate resource destruction.

For more on destroying resources, refer to theterraform destroy command documentationin the Terraform CLI reference.