Terraform-Associate-003 HashiCorp Certified: Terraform Associate (003) (HCTA0-003) Free Practice Exam Questions (2025 Updated)

A Terraformbackenddetermineswhere and how Terraform state is stored.

Bothterraform applyandterraform destroyinteract with state, so Terraform needs access to the backend for state storage and updates.

D (Neither are correct)is incorrect becauseTerraform state is required for both apply and destroy operations.

Official Terraform Documentation Reference:

Terraform Backends

The key principle of infrastructure as code that is not listed among the options is golden images. Golden images are pre-configured, ready-to-use virtual machine images that contain a specific set of software and configuration. They are often used to create multiple identical instances of the same environment, such as for testing or production. However, golden images are not a principle of infrastructure as code, but rather a technique that can be used with or without infrastructure as code. The other options are all key principles of infrastructure as code, as explained below:

Self-describing infrastructure: This means that the infrastructure is defined in code that describes its desired state, rather than in scripts that describe the steps to create it. This makes the infrastructure easier to understand, maintain, and reproduce.

Idempotence: This means that applying the same infrastructure code multiple times will always result in the same state, regardless of the initial state. This makes the infrastructure consistent and predictable, and avoids errors or conflicts caused by repeated actions.

Versioned infrastructure: This means that the infrastructure code is stored in a version control system, such as Git, that tracks the changes and history of the code. This makes the infrastructure code reusable, auditable, and collaborative, and enables practices such as branching, merging, and rollback. References = [Introduction to Infrastructure as Code with Terraform], [Infrastructure as Code in a Private or Public Cloud]

You should run terraform init after you start coding a new Terraform project and before you run terraform plan for the first time. This command will initialize the working directory by downloading the required providers and modules, creating the initial state file, and performing other necessary tasks. References = : Initialize a Terraform Project

From the official Terraform Type Constraints Documentation:

The object({ name = string, age = number }) type expects:

name to be aquoted string, e.g. "John"

age to be anumber, e.g. 52

Option Bsatisfies both:

{

name = "John" #✅Valid string

age = 52 #✅Valid number

}

Let's analyze the incorrect ones:

❌Option A: "fifty two" is not a valid number.

❌Option C: John is unquoted (invalid string), and "fifty two" is not a number.

❌Option D: name = John is not quoted, making it an invalid string in HCL.

Terraform is strict about type and formatting. Stringsmust be quoted, and numbersmust be numeric literals.

A (✅Correct)– Providers allow Terraform tointeract with APIsof cloud/on-premises services.

B (✅Correct)– Some Terraform providers can provisionon-premises infrastructure, such as VMware, OpenStack, etc.

C (❌Incorrect)– This describesTerraform Workspaces, not providers.

D (✅Correct)– Terraform providers allow provisioning ofpublic cloud resources(AWS, Azure, GCP, etc.).

E (❌Incorrect)– Enforcing security and compliance policies isnot a direct provider function, but it can be done using Sentinel or other policy-as-code tools.

Official Terraform Documentation Reference:

Terraform Providers

The terraform plan command does not update the state file. Instead, it reads the current state and the configuration files to determine what changes would be made to bring the real-world infrastructure into the desired state defined in the configuration. The plan operation is a read-only operation and does not modify the state or the infrastructure. It is the terraform apply command that actually applies changes and updates the state file.References = Terraform's official guidelines and documentation clarify the purpose of the terraform plan command, highlighting its role in preparing and showing an execution plan without making any changes to the actual state or infrastructure .

You must initialize your working directory before running terraform validate, as it will ensure that all the required plugins and modules are installed and configured properly. If you skip this step, you may encounter errors or inconsistencies when validating your configuration files.

The terraform init command is required before using a new backend or integrating with HCP Terraform/Terraform Cloud.

terraform init initializes the working directory and sets up the backend, downloading necessary provider plugins and modules.

If the backend configuration changes, Terraform willrequirere-initialization to apply those changes.

Without running terraform init, Terraform willfailto use a new backend or remote Terraform Cloud workspace.

Official Terraform Documentation Reference:

terraform init - HashiCorp Documentation

To import the contents of a local file as a string in Terraform, you can use the built-in file function. By specifying file("id_rsa.pub"), Terraform reads the contents of the id_rsa.pub file and uses it as a string within your Terraform configuration. This function is particularly useful for scenarios where you need to include file data directly into your configuration, such as including an SSH public key for provisioning cloud instances.References = This information is a standard part of Terraform's functionality with built-in functions, as outlined in Terraform's official documentation and commonly used in various Terraform configurations.

The two steps that are required to provision new infrastructure in the Terraform workflow are init and apply. The terraform init command initializes a working directory containing Terraform configuration files. It downloads and installs the provider plugins that are needed for the configuration, and prepares the backend for storing the state. The terraform apply command applies the changes required to reach the desired state of the configuration, as described by the resource definitions in the configuration files. It shows a plan of the proposed changes and asks for confirmation before making any changes to the infrastructure. References = [The Core Terraform Workflow], [Initialize a Terraform working directory with init], [Apply Terraform Configuration with apply]

The terraform import command is used to import existing infrastructure into Terraform’s state. This allows Terraform to manage and destroy the imported infrastructure as part of the configuration. The terraform import command does not modify the configuration, so the imported resources must be manually added to the configuration after the import. References = [Importing Infrastructure]

Terraform can manage resource dependencies implicitly or explicitly. Implicit dependencies are created when a resource references another resource or data source in its arguments. Terraform can infer the dependency from the reference and create or destroy the resources in the correct order. Explicit dependencies are created when you use the depends_on argument to specify that a resource depends on another resource or module. This is useful when Terraform cannot infer the dependency from the configuration or when you need to create a dependency for some reason outside of Terraform’s scope. References = : Create resource dependencies : Terraform Resource Dependencies Explained

To import existing resources into Terraform, you need to do two things1:

Write a resource configuration block for each resource, matching the type and name used in your state file.

Run terraform import for each resource, specifying its address and ID. There is no such command as terraform Import-gcp, and provisioning new VMs with the same names will not import them into Terraform.

The terraform import command is used to import existing infrastructure into your Terraform state. This command takes the existing resource and associates it with a resource defined in your Terraform configuration, updating the state file accordingly. It does not generate configuration for the resource, only the state.

The Terraform binary version and provider versions do not have to match each other in a single configuration. Terraform allows you to specify provider version constraints in the configuration’s terraform block, which can be different from the Terraform binary version1. Terraform will use the newest version of the provider that meets the configuration’s version constraints2. You can also use the dependency lock file to ensure Terraform is using the correct provider version3. References =

•1: Providers - Configuration Language | Terraform | HashiCorp Developer

•2: Multiple provider versions with Terraform - Stack Overflow

•3: Lock and upgrade provider versions | Terraform - HashiCorp Developer

B (terraform init)–Must be run firstto initialize the Terraform working directory, download providers, and configure the backend.

A (terraform apply)– Requires initialization first, so itcannotbe run before terraform init.

C (terraform plan)– Also requires terraform init first to generate a plan.

D (terraform show)– Displays the state,not relevantfor first-time deployment.

Official Terraform Documentation Reference:

terraform init - HashiCorp Documentation

Terraforminstalls providers during the terraform init phase.

Providers aredownloaded and installedwhen running terraform init.

A (terraform plan)is incorrect because terraform plan only calculates changes but does not install providers.

C (terraform refresh)is incorrect because terraform refresh only updates the state but does not install providers.

Official Terraform Documentation Reference:

Provider Installation - HashiCorp Documentation

This is what will happen if you run terraform destroy without any flags, as it will attempt to delete all the resources that are associated with your current working directory or workspace. You can use the -target flag to specify a particular resource that you want to destroy.

Terraform allows usingprivate module sourceshosted in:

C (Internally hosted VCS platforms, e.g., GitLab, Bitbucket, GitHub Enterprise)✅

D (Private GitHub repositories)✅

A (Public GitHub repository)❌–GitHubis supported, but apublic repo is not "private".

B (Public Terraform Registry)❌–The public registryis not a private source.

Official Terraform Documentation Reference:

Terraform Module Sources